CrowdSec - lightweight and collaborative security engine
Forum Replies Created
-
Forum: Plugins
In reply to: [CrowdSec] Stream Mode ErrorOk!
So it seems to work as expected now.
For information, the cURL call does not depend on any WordPress plugin or cache settings, so it’s weird that it works now (returns null if there is no decision for the tested IP) and wasn’t before (returns nothing).
I let this issue open if you find something new π
I will close it later.
ThanksForum: Plugins
In reply to: [CrowdSec] Test buttons do nothingI close this one π
Forum: Plugins
In reply to: [CrowdSec] Stream Mode ErrorHi,
I think we should try to make the Live mode work first (Stream Mode off).
The cURL test is a good start :
1) Create a fake decision for some IP :cscli decisions add --ip 1.2.3.4 --duration 2h --type ban2) This cURL call should retrieve a result:
curl -H "X-Api-Key: ***" http://localhost:8080/v1/decisions?ip=1.2.3.4You should have a result like:
[{"duration":"1h59m17.846736476s","id":1,"origin":"cscli","scenario":"manual 'ban' ","scope":"Ip","type":"ban","value":"1.2.3.4"}]
If not, there is something wrong with the crowdsec agent.
If you have a result, we will have to find what is going wrong with the plugin.
Please try the “Test Connection” button (Stream Mode OFF) and see if you have a result or some error in logs. If there is no logs in the plugin log directory, maybe you could find something interestion in the apache logs or nginx logs (depending on what you are using).Thanks
Forum: Plugins
In reply to: [CrowdSec] Does Crowdsec works in WordPress Multiste Subdomains?Hi,
Thanks for your message.
As far as I understand, it should work with the same key for all your wordpress sites. (We already have some users using the same key for multiple WorpPress sites)
Do you have more details on the error “Thereβs been a critical error on this website.” . May be there is some useful log somewhere that will tell us what is wrong on the sub domain site.
You can also try to generate a key with another bouncer name (the bouncer name is not important for the plugin):
cscli bouncers add wordpress-bouncer-2 or cscli bouncers add the-name-you-want
ThanksForum: Plugins
In reply to: [CrowdSec] Test buttons do nothingHi,
Thanks for you message.
Yes, you should see a message saying if bouncing has been executed succesfully or not.
I guess (as in your Stream Mode Error issue ), that something goes wrong with your request.
As in the Stream Mode Error issue, I suggest you to try with Curl and also to enable the debug log (Advanced -> Enable debug mode)
ThanksForum: Plugins
In reply to: [CrowdSec] Stream Mode ErrorHi,
Thanks for you rmessage.
It seems that something goes wrong while executing the request with FileGetContents but I will need more information.
Does the plugin work if Stream Mode is not enabled ?Are you using the last 2.0.1 version of the plugin ?
Can you try with to enable the “Use cURL to call Local API” option ? (if you have curl installed on your server it won’t use the FileGetContents anymore)
Can you enable the debug mde ( (Advanced -> Enable debug mode) and see if there is more useful message in the wp-content/plugins/crowdsec/logs folder ?
Thanks- This reply was modified 3 years, 4 months ago by CrowdSec - lightweight and collaborative security engine.
Forum: Plugins
In reply to: [CrowdSec] Not working for me (using cloudflare)Hi,
I guess I can close this issue.
ThanksForum: Plugins
In reply to: [CrowdSec] Not working for me (using cloudflare)Hi,
the WordPress plugin only applies decisions retrieved from LAPI (CrowdSec Local API).
If there is no decision, nothing happens : this is a bypass.Trying multiple failed login will NOT add decision. (decisions are retrieved from CAPI (community decisions from Central API) or can be add manually in LAPI)
You can try to add manually a “ban” decision for an IP with command :cscli decisions add --scope ip --value a.b.c.d --duration 4h --type ban
wherea.b.c.dis the IP you want to ban. (it should be188.75.5.3in your case).
Once your decision is added, you should get a ban wall when trying to acess tour site with thea.b.c.dIP. (it depends of the timelife of your cached item but it should be effective in less than a minute if you did not change default settings)
To delete a decision for some IP, runcscli decisions delete -i a.b.c.d
ThanksForum: Plugins
In reply to: [CrowdSec] Not working for me (using cloudflare)Hi,
It seems that with your configuration the IP that is in theX-Forwarded-Forheader and the IP that is in the$_SERVER['REMOTE_ADDR']are the same. That is why the log shows the same value fororiginal_ipandx_forwarded_for_ip.But this should not be an issue and if there is any active decision for the logged IP, it should work.
Can you check that there is an active decision for the logged IP ?
To check if there is an active decision for an IPa.b.c.dyou can runcscli decisions list -i a.b.c.d
For example, when your log says :{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"3.89.116.106","x_forwarded_for_ip":"3.89.116.106"}can you look at the result of
cscli decisions list -i3.89.116.106
If there is no active decision, then this normal that the result of log is “bypass”.
If there is an active decision, please let me know as we should not get a “bypass” then.Furthermore, in order to debug what could happen, you should find a log message starting with
"type":"BOUNCER_INIT"in the debug.log file (if you set the debug log setting to true).
This line contains your plugin settings : could you share it here ?Thanks
- This reply was modified 3 years, 6 months ago by CrowdSec - lightweight and collaborative security engine.
Forum: Plugins
In reply to: [CrowdSec] For me Just not work ?Hi,
I guess I can close this issue as another issue has been opened.
ThanksForum: Plugins
In reply to: [CrowdSec] Not working for me (using cloudflare)Hi,
Thanks for your message.
This log message :{"type":"NON_AUTHORIZED_X_FORWARDED_FOR_USAGE","original_ip":"188.75.5.3","x_forwarded_for_ip":"188.75.5.3"}makes me think that your proxy IP is188.75.5.3and that this IP has not been whitelisted as a trusted IP.
Thus, the bouncer is trying to bounce the188.75.5.3IP and, as there is no active decision for this specific IP, it is not blocked.
Please try to add this IP to the trusted IPs in the WordPress plugin setting :Advanced β Remediations β Trust these CDN IPs (or Load Balancer, HTTP Proxy)Thanks
Forum: Plugins
In reply to: [CrowdSec] Advance settingsHi,
You should find the most “up-to-date” information here : https://github.com/crowdsecurity/cs-wordpress-bouncer/blob/main/docs/USER_GUIDE.md#advanced-settingsThanks
Forum: Plugins
In reply to: [CrowdSec] For me Just not work ?Hi,
Thanks for your message.When I look your log message, I see that Ips that were trying to access your website were 46.54.xxx.xxx and 82.155.xxx.xxx.
Does those IPs has an active decisions on your CrowdSec LAPI ?
To know which decisions are active, you could run “cscli decisions list” on the server where your CrowdSec agent has been installed.
Thanks
Forum: Plugins
In reply to: [CrowdSec] Other security plugins recommandations ?Hi,
Thanks for your message.
I won’t be able to help you for that.
I would suggest you to look at the CrowdSec Discord for more information.
Thanks
Forum: Plugins
In reply to: [CrowdSec] Simple ErrorHi,
Thanks for your message.
This error is related to the “Trust these CDN IPs
(or Load Balancer, HTTP Proxy)” in the Advanced settings.I don’t know why but, for some reason, it seems that you have no value for this setting in your database.
I will work on a new release to correct this bug but, as a workaround for now, you can:
– set a value in the field and save (for example set1.2.3.4)
– remove the value and save againPlease let me know if it is ok after that.
Thanks
- This reply was modified 3 years, 9 months ago by CrowdSec - lightweight and collaborative security engine.
- This reply was modified 3 years, 9 months ago by CrowdSec - lightweight and collaborative security engine.