Security Attack error – Bad configuration – Excluding groups

  • Resolved arcantide

    (@arcantide)


    2 years, 11 months ago

    Hi there,

    First of all, apologies for my english (I’m french)

    In order to gain some performances on the website, I asked to my host provider to install Redis (A Docker in Plesk)

    Also, as I’m on WordPress, I’ve install Redis Object Cache.

    I try to maximize the loading performances for the plugin WooCommerce Bookings which always search in the database for available slots for example. This is a huge waste of time/ressources and I guess Redis could helps to optimize that.

    But, when I activated the redis cache, everything started to be very slow (back-end and also the bookable product calendars – which was the goal of my installation of redis)

    My shot provider told me error found in his logs:

    Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.

    I don’t know why there is this security notice.

    Also, I guess it could be relevant to set in the ignored groups everything instead of the data relative to WooCommerce and WooCommerce Bookings.

    Here is the “diagnostique” of my installation:

    Status: Connecté
Client: PhpRedis (v5.3.7)
Drop-in: Valid
Disabled: No
Ping: 1
Errors: []
PhpRedis: 5.3.7
Relay: Not loaded
Predis: Not loaded
Credis: Not loaded
PHP Version: 8.0.28
Plugin Version: 2.3.0
Redis Version: 7.0.11
Multisite: No
Metrics: Enabled
Metrics recorded: 51
Filesystem: Working
Global Prefix: "wpstg0_"
Blog Prefix: "wpstg0_"
WP_REDIS_HOST: "127.0.0.1"
WP_REDIS_PORT: 6379
WP_REDIS_DATABASE: 0
WP_REDIS_TIMEOUT: 1
WP_REDIS_READ_TIMEOUT: 1
WP_REDIS_PREFIX: "test-henson"
WP_REDIS_PLUGIN_PATH: "/var/www/vhosts/henson.fr/httpdocs/temp-eeh/wp-content/plugins/redis-cache"
Global Groups: [
"blog-details",
"blog-id-cache",
"blog-lookup",
"global-posts",
"networks",
"rss",
"sites",
"site-details",
"site-lookup",
"site-options",
"site-transient",
"users",
"useremail",
"userlogins",
"usermeta",
"user_meta",
"userslugs",
"redis-cache",
"blog_meta"
]
Ignored Groups: [
"counts",
"plugins",
"themes",
"theme_json",
"wordfence",
"wordfence-ls",
"WPML_ST_Package_Factory",
"wpml-all-meta-product-variation"
]
Unflushable Groups: []
Groups Types: {
"blog-details": "global",
"blog-id-cache": "global",
"blog-lookup": "global",
"global-posts": "global",
"networks": "global",
"rss": "global",
"sites": "global",
"site-details": "global",
"site-lookup": "global",
"site-options": "global",
"site-transient": "global",
"users": "global",
"useremail": "global",
"userlogins": "global",
"usermeta": "global",
"user_meta": "global",
"userslugs": "global",
"redis-cache": "global",
"counts": "ignored",
"plugins": "ignored",
"themes": "ignored",
"blog_meta": "global",
"theme_json": "ignored",
"wordfence": "ignored",
"wordfence-ls": "ignored",
"WPML_ST_Package_Factory": "ignored",
"wpml-all-meta-product-variation": "ignored"
}
Drop-ins: [
"advanced-cache.php v by ",
"Query Monitor Database Class (Drop-in) v3.12.2 by John Blackbourn",
"maintenance.php v by ",
"Redis Object Cache Drop-In v2.3.0 by Till Krüss"
]

    I also do not see the list of the plugins at the bottom of this diagnostique.

    Is this normal? Because some of other tickets have it…

    Tell me if I can provide more informations to help to solve my issue.

    Kind regards
    Florent

    • This topic was modified 2 years, 11 months ago by arcantide.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Till Krüss

    (@tillkruess)

    2 years, 11 months ago

    Hey!

    Possible SECURITY ATTACK detected is unrelated to this plugin. Your hosting provider can help you with that.

    From your diagnostics, it looks like you’re connected. What’s the CPU usage of Redis Server, does it have enough resources?

    Thread Starter arcantide

    (@arcantide)

    2 years, 11 months ago

    Hi and thanks for your help 🙂

    Well, that’s my host provider who told me this message war worrying him ^^

    Concerning your second, I actually have no more informations than this:

    RAM is configured as unlimited for the tests and only 11Mb are used by the process on the 31Gb total space…

    Could you please tell me what kind of informations we need to understand the source of this incorrect functioning?

    Regards,
    Florent

    Plugin Author Till Krüss

    (@tillkruess)

    2 years, 11 months ago

    Well, that’s my host provider who told me this message war worrying him ^^

    It’s unrelated to the Redis Object Cache plugin for WordPress. Securing Redis it the hosts responsibility.

    RAM is configured as unlimited for the tests and only 11Mb are used by the process on the 31Gb total space…

    How large is your SQL database? Does Redis grow past 11MB?

    It may be the case that another plugin is constantly flushing the cache and it has to be rebuilt for every page load and that’s why your site is slow.

    Thread Starter arcantide

    (@arcantide)

    2 years, 11 months ago

    Hi and thanks for your reply!

    Database is around 1Gb but as we test the object cache on a staging site (and the prefix is correctly set in the options), let’s say we have around half of this weight.

    The host provider says it never grows over 11Mb…

    I’ll run some more tests but I don’t want to waste your time. If you have some ideas to where to search for answers, let me know 🙂

    Thanks again and have a nice day.
    Florent

    Plugin Author Till Krüss

    (@tillkruess)

    2 years, 11 months ago

    You may have a bad plugin that keep flushing the cache, so it’s always cold, check the FAQ:

    https://github.com/rhubarbgroup/redis-cache/blob/develop/FAQ.md

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Security Attack error – Bad configuration – Excluding groups’ is closed to new replies.