Forum Replies Created

Viewing 15 replies - 1 through 15 (of 45 total)
  • Thanks @yuvalsabar !!
    That script did exactly what I needed!

    Thread Starter Howard Harkness

    (@chltx)

    Thank you for your reply.

    A bit of searching turned up several folks who use both BB and NF, so I concluded that NF was unlikely to be the problem. I disabled some other plugins, and was able to get BB to work. However I’m now having other difficulties with BB, which I am investigation with iThemes.

    Sorry to bother you!

    Thread Starter Howard Harkness

    (@chltx)

    The site is nearly 10 years old, and has been indexed by Google for a very long time.

    I installed a different search widget, which *did* work.

    My site is nequals1health.com, in case you are curious, but as far as I’m concerned, the problem is solved. At least as long as the current search plugin continues to work.

    Thread Starter Howard Harkness

    (@chltx)

    Hmmm… I got a twitter message from Louis Reingold telling me this plugin is dead, and to use Pretty Link Lite instead. I’m really disappointed, since I moved from Pretty Link Lite to WP Dynamic links because it was a bit easier to use.

    There is a newer plugin that looks like it might work, called Easy Affiliate Links, which will import an XML list of links — but it doesn’t appear that WP Dynamic Links has any built-in export facility. I have several hundred active links in WP Dynamic Links, so this is a major bummer.

    Forum: Plugins
    In reply to: [Postie] Postie

    I have a similar problem with connecting with Gmail. After search through this section, I turned off all of the other plugins and switched to the 2016 theme. Still no joy.

    I tried the debug button, and the result is below. I don’t really understand that log, but I hope that it shed some light on the problem.

    [Moderator note:

    1. Massive paste deleted. If you have a lot to paste, please use pastebin.com and paste a link here.

    2. Please start a new topic for your issue. Please do not jump on an existing post for “similar” isses.

    Thanks.
    ]

    I had the same problem, and the “NinjaFirewall > Updates > Check for Updates Now!” fixed it. I’m guessing there was a glitch in the last plugin update.

    Thread Starter Howard Harkness

    (@chltx)

    Still one unresolved question, though: How do I use your contact form?

    Thread Starter Howard Harkness

    (@chltx)

    Before I took the time to write the script, it was taking up my entire Saturday 🙂

    One complication is that 4 of these sites are “guest” blogs with several dozen authors (but only 3 admins), so locking to an IP for logins would be problematic.

    My host (http://h2ha.com/d9hosting) has been *very* supportive in regard to security issues. They are small enough to be unattractive to the Borg (EIG), but large enough to have a 24/7 help staff. Every once in a while, though, I have to have help getting into my own sites because the DDos or Brute-force attacks get really large.

    I will follow up on your site management suggestions as the time becomes available. I’m training up a VA to help me with that, but you probably already know that training a new hire is also time-consuming (even though she’s extremely intelligent and hard-working!). Also, it means that all of my sites will have at least 3 admins.

    I’ve used Stealth Login Page for a client, and it seemed to work well. Thanks for reminding me! I even had the 2nd auth code in the login prompt, and the bots missed it!

    Thread Starter Howard Harkness

    (@chltx)

    I run the monthly script on my home Linux box. It’s a bash script using cut, uniq, egrep, and a short app I wrote in Python. I suppose I could write a plugin, but I don’t much care for PHP coding (PHP is a really bastardized language, and I fail to see how it got to be so popular), and I would still have to combine information from all of my sites.

    I download the logs from NWPFW (from all of my sites), run the script on all the logs, and then upload the new deny list section to .htaccess for each site. Takes me about two hours to do (and double-check, because I’ve managed to screw up .htaccess more than once) for my 50 sites.

    I will check out your recommendation for WordFence. Anything that gets me closer to set-and-forget without losing effectiveness is good.

    Thread Starter Howard Harkness

    (@chltx)

    Thank you for your prompt response. I have installed WP-SpamShield on one of my lesser-trafficked sites for testing. Assuming that it works well enough, I will install it on all of my sites.

    I was pleasantly surprized to see that the setup is fairly minimal, and I installed it with only the defaults to evaluate it.

    One thing I have not yet figured out is how to use your contact form.

    I’m guessing from your response that I will need to continue my labor-intensive maintenance of my .htaccess file (unless you have a suggestion for that). I see that you have produced some other plugins that are of interest to me.

    One that I am still looking for is a way to manage the plugins for all of my sites from one location. I have see a few that claimed to do that, but I was not impressed with things like lack of security. I’m also looking for an easy way to delete existing splog registrations, since the plugin I was using for that has become non-functional.

    Thanks again. I will be revisiting with a review once I have completed my evaluation.

    Thread Starter Howard Harkness

    (@chltx)

    Well, that’s interesting…

    I may have triggered the file upload block when I was testing some settings while logged in as a contributor. I dimly recall my guest authors having problems with image uploads, which I managed to fix.

    As for the tinymce problem, I also dimly recall having some problems with that, but only while logged in as a contributor.

    So, I’m guessing this is a false alarm. I will be monitoring the logs a bit more closely in the future.

    Thread Starter Howard Harkness

    (@chltx)

    The log file is too big to cut and paste here. I ran a script to excerpt just the severity [1-3] attacks coming from my own IP address (presumably spoofed). I sanitized the excerpt to remove my site name and IP address. This is from just one of my sites. I have seen similar attacks on all of them.

    Is this sufficient? If not, I can email you a complete logfile.

    <br />
    ./SubDirBB/firewall_2015-09.php:[1442691706] [0.00034] [<MY WP SITE>] [#6537287] [0] [3] [<MY IP ADDR>] [401] [GET] [/wp-login.php] [Brute-force attack detected on wp-login.php] [enabling HTTP authentication for 10mn]<br />
    ./SubDirBB/firewall_2015-09.php:[1442695459] [0.00036] [<MY WP SITE>] [#3246905] [0] [3] [<MY IP ADDR>] [401] [GET] [/wp-login.php] [Brute-force attack detected on wp-login.php] [enabling HTTP authentication for 10mn]<br />
    ./SubDirBB/firewall_2015-09.php:[1443140739] [0.00033] [<MY WP SITE>] [#2410739] [0] [3] [<MY IP ADDR>] [401] [GET] [/wp-login.php] [Brute-force attack detected on wp-login.php] [enabling HTTP authentication for 10mn]<br />
    ./SubDirBB/firewall_2015-09.php:[1443280651] [0.00033] [<MY WP SITE>] [#4487426] [0] [3] [<MY IP ADDR>] [401] [GET] [/wp-login.php] [Brute-force attack detected on wp-login.php] [enabling HTTP authentication for 10mn]<br />
    ./SubDirBB/firewall_2015-09.php:[1443363104] [0.00032] [<MY WP SITE>] [#2865134] [0] [3] [<MY IP ADDR>] [401] [GET] [/wp-login.php] [Brute-force attack detected on wp-login.php] [enabling HTTP authentication for 10mn]<br />
    ./SubDirBB/firewall_2015-10.php:[1443663493] [0.0003] [<MY WP SITE>] [#3407022] [0] [3] [<MY IP ADDR>] [401] [POST] [/wp-login.php] [Brute-force attack detected on wp-login.php] [enabling HTTP authentication for 10mn]<br />
    ./SubDirBB/firewall_2015-10.php:[1443663796] [0.17417] [<MY WP SITE>] [#3487408] [0] [2] [<MY IP ADDR>] [403] [GET] [/wp-includes/js/tinymce/wp-tinymce.php] [Forbidden direct access to PHP script] [/wp-includes/js/tinymce/wp-tinymce.php]<br />
    ./SubDirBB/firewall_2015-10.php:[1443663796] [0.00194] [<MY WP SITE>] [#5299576] [0] [2] [<MY IP ADDR>] [403] [GET] [/wp-includes/js/tinymce/wp-tinymce.php] [Forbidden direct access to PHP script] [/wp-includes/js/tinymce/wp-tinymce.php]<br />
    ./SubDirBB/firewall_2015-10.php:[1444002569] [0.68417] [<MY WP SITE>] [#5342692] [0] [3] [<MY IP ADDR>] [403] [POST] [/wp-admin/async-upload.php] [Blocked file upload attempt] [follow-846171_640.jpg, 13,714 bytes]<br />
    ./SubDirBB/firewall_2015-10.php:[1444002580] [0.00202] [<MY WP SITE>] [#6030739] [0] [3] [<MY IP ADDR>] [403] [POST] [/wp-admin/async-upload.php] [Blocked file upload attempt] [follow-846171_640.jpg, 13,714 bytes]<br />
    ./SubDirBB/firewall_2015-10.php:[1444002587] [0.00198] [<MY WP SITE>] [#2866876] [0] [3] [<MY IP ADDR>] [403] [POST] [/wp-admin/async-upload.php] [Blocked file upload attempt] [follow-846171_640.png, 43,540 bytes]<br />
    ./SubDirBB/firewall_2015-10.php:[1444002629] [0.00195] [<MY WP SITE>] [#4387677] [0] [3] [<MY IP ADDR>] [403] [POST] [/wp-admin/async-upload.php] [Blocked file upload attempt] [follow-846171_640.jpg, 13,714 bytes]<br />
    ./SubDirBB/firewall_2015-10.php:[1444002699] [0.00192] [<MY WP SITE>] [#4237533] [0] [3] [<MY IP ADDR>] [403] [POST] [/wp-admin/async-upload.php] [Blocked file upload attempt] [follow-846171_640.jpg, 13,714 bytes]<br />
    ./SubDirBB/firewall_2015-10.php:[1444002729] [0.00191] [<MY WP SITE>] [#7302174] [0] [3] [<MY IP ADDR>] [403] [POST] [/wp-admin/async-upload.php] [Blocked file upload attempt] [Follow.jpg, 13,714 bytes]<br />
    ./SubDirBB/firewall_2015-10.php:[1444002767] [0.00197] [<MY WP SITE>] [#5486425] [0] [3] [<MY IP ADDR>] [403] [POST] [/wp-admin/async-upload.php] [Blocked file upload attempt] [Follow.jpg, 13,714 bytes]<br />
    ./SubDirBB/firewall_2015-10.php:[1444002803] [0.00296] [<MY WP SITE>] [#4979701] [0] [3] [<MY IP ADDR>] [403] [POST] [/wp-admin/async-upload.php] [Blocked file upload attempt] [Follow.jpg, 13,714 bytes]<br />
    ./SubDirBB/firewall_2015-10.php:[1444002930] [0.00187] [<MY WP SITE>] [#1874878] [0] [3] [<MY IP ADDR>] [403] [POST] [/wp-admin/async-upload.php] [Blocked file upload attempt] [Follow.jpg, 13,714 bytes]<br />
    ./SubDirBB/firewall_2015-10.php:[1444002938] [0.00036] [<MY WP SITE>] [#5335372] [0] [3] [<MY IP ADDR>] [401] [GET] [/wp-login.php] [Brute-force attack detected on wp-login.php] [enabling HTTP authentication for 10mn]<br />
    Thread Starter Howard Harkness

    (@chltx)

    Actually, I was able to most of what I wanted by downloading all of the php files, and processing them in a bash script. That was slightly complicated by the fact that NFW uses the same file names on each site, but I was able to get around that, too.

    However, I ran into a really puzzling thing when I examined the logs — there were dozens of attacks (of severities 1-3) in all of the scripts from all of my sites FROM MY OWN IP ADDRESS!!!

    O. M. G.

    Is this a new thing? Are the scriptkiddies now able to spoof arbitrary IP addresses without even using a proxy? Or is there a proxy that can do that for them? Or is this evidence of something even worse?

    I’m not understanding how this is possible. Please enlighten me if possible.

    If my own schedule allows, I will take a look. Thanks!

    I would pay money for that feature. What would you consider to be a fair fee? I can be reached at instructor@chl-tx.com

Viewing 15 replies - 1 through 15 (of 45 total)