WordPress.org

Forums

[closed] ZB Block and official WordPress Android app (3 posts)

  1. DJDB
    Member
    Posted 8 months ago #

    Hello.

    I'm trying to use the official WordPress Android app, for managing my WordPress site.

    The thing is that i'm using a script for blocking malicious connections to my site. The script is ZB Block and it's doing what is supposed to do (so, it's working great). But, it also blocks WordPress app. It gives me a log entry that looks like this:

    #: 48230 @: Wed, 20 Aug 2014 12:23:44 +0300 Running: 0.4.10a3 / 76e
    Host: myip.dsl.dyn.forthnet.gr
    IP: myip
    Score: 2
    Violation count:
    Why blocked: POST EX POST-21. POST EX POST-22.
    Query:
    Referer:
    User Agent: wp-android/3.0.2 (Android 4.4.4; en_US; LGE Nexus 5/hammerhead)
    Reconstructed URL: http:// http://www.mysitedomain /xmlrpc.php

    When asking for help on the official support forum of that script, ZB Block's creator told me this:

    The 2 reasons it was stopped was these:

    $ax += inmatch($rawpost,'<? ','POST EX (POST-021). '); //71a split
    $ax += inmatch($rawpost,'<?php','POST EX (POST-022). '); //71a changed

    Why would that app be sending PHP code to the site, unless it was expecting to execute it?

    If the app, under user control, or a fake app can execute php code, your site WILL be taken down just as soon as someone finds this is possible. Please ask the authors why the app is trying to send the php preamble "<?php" to your site. I would like to know this before I write any bypass. It seems an exploit of unprecedented proportions!

    So, i'd like to have an explanation on why this is happening and why the app is trying to send the php preamble "<?php" to my site, in order to find the optimal solution.

    Thanks!

  2. I recommend asking at http://android.forums.wordpress.org/forum/troubleshooting so the app's developers and support community can help you with this.

  3. DJDB
    Member
    Posted 7 months ago #

    Done, you may lock this topic.

Topic Closed

This topic has been closed to new replies.

About this Topic