Mark Maunder
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Zap scanner show sql injection in wp-login.phpIt’s quite difficult to find vulnerabilities in WordPress core these days. When the code base was younger, you may have had a chance of finding a vulnerability with an automated scanner. But these days it’s mature and the way we find vulnerabilities is by doing really close code analysis and coming up with hypotheses, and then testing them until we break something.
I’m not suggesting it’s impossible that you’d find something with an automated scanner – just not that likely – so I’m with @sterndata on this one.
I haven’t had a look at this specific issue, but based on some replies on the WP slack #forums channel, it looks like this is a false positive.
Mark.
Forum: Fixing WordPress
In reply to: WordPress admin panel times out@papaburke One of our guys can check if it’s compromised if you’re interested and will clean it for you. No charge. If you want to have us check if you’re compromised, email genbiz at wordfence dot com and let them know I sent you (I’m Mark Maunder).
We do site cleaning commercially, mostly for the forensic data it gets us which we build into Wordfence in the form of the Threat Defense Feed. I don’t want to spam the forums with a link because it’s a paid service, but you can google it for more info.
Mark.
Forum: Fixing WordPress
In reply to: WordPress admin panel times outThe web scan? That doesn’t check much and can’t examine site source code.
Forum: Fixing WordPress
In reply to: WordPress admin panel times outIs it possible your site has been compromised?
Forum: Fixing WordPress
In reply to: WordPress admin panel times outHi @papaburke,
I’m with Wordfence – which is why this thread came to my attention. I chatted about this briefly with other forum folks in the slack channel. I suspect it might be that your web servers child processes are all being occupied by something which makes them unable to respond.
The only way to resolve this kind of problem is to work with your hosting provider. Specifically have them enable error logging on your site. Then reproduce the problem. And then check the error logs to see what messages you’re seeing.
My guess is if you go through the above steps, you’ll diagnose it very quickly.
I don’t think it’s a security product blocking you because us security products tend to give you a very clear response immediately saying that you’ve been blocked. Timeouts are sometimes given as a response, but you generally see that at the operating system level where there’s a iptables rule that simply drops all packets for a time. I don’t think that’s what’s happening here – I think it’s a web server misconfiguration issue and all processes are being occupied until they timeout.
So work with your host and that should solve it.
Good luck!!
Mark.
Hi Jonathan,
Really great to see Hostgator helping out here. Thanks! Matt let me know you had replied here and I just want you to know we really appreciate you reaching out to our mutual customers. If you’d like to contact us directly please drop us an email at genbiz@wordfence.com and we’ll give your requests priority.
We’re always happy to work with hosting companies, especially if it gives us an opportunity to help lots of customers simultaneously.
We’re obviously very excited about the 6.1.1 release this week because the new firewall is a huge step up in securing WordPress customers. Because we’re so tightly integrated with WordPress we’re able to protect against more complex attacks like privilege escalation that other products might not. So we’ve been working hard to help our customers climb the learning curve and get set up with the firewall to make sure they benefit from that protection.
Thanks again and please reach out if you’d like to chat to us directly.
Mark Maunder (CEO)
PS: We’re busy chatting on Slack (Friday night and work never stops) and turns out our lead developer registered wfhostgator.com on your systems to do some testing and it got flagged – for obvious reasons in retrospect. So we’re having a bit of a LOL about that right now. If he isn’t unbanned already it’d be nice if you can unban him. 🙂Thanks Sue. That’s right. If you only have a single WordPress installation this does not affect you.
If you have WordPress installed in a base web directory like public_html/ and then have another WordPress installation in public_html/subsite/ we suggest you enable the firewall on the sub-site’s first.
Guys I also want to add that 6.1.1 was a BIG launch for us earlier this week. We’ve already done one point release with 6.1.2 to improve things and we’re putting out a release shortly which will improve messaging and this process. It will help explain it better and do a better job of guiding you through it. It
Mark.
Hi Steve,
Can you please share the first three digits of the IP address. There are two possibilities that come to mind:
1: Wordfence is not getting IP’s correctly which means it isn’t able to correctly throttle IP’s or prevent brute force attacks.
2: It’s an IP that is on your hosting providers internal network that is doing the attack which may mean it’s whitelisted if it’s using an IP that is in a private range.
Thanks,
Mark.
You’ve misunderstood how the option”Count failures over what time period” works. Please see:
https://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period
Your redirection question isn’t clear. It sounds like there’s a conflict with your redirection plugin. Also you have the limit on 404 errors set to unlimited and yet you seem to expect them to be caught.
My guess is that for the blacklisted URL (and possibly the redirect issue) you’re processing those outside of WordPress. Unless the request is handled by WordPress, Wordfence doesn’t get involved.
Regards,
Mark.
Hi,
I suspect WPML are breaking functionality in other plugins by adding their own query string parameter to what admin_url(‘admin-ajax.php’) returns.
We’ll take a look at this but have no ETA at this point.
Regards,
Mark.
We have been asked to do product comparisons on the past and as tempting as it is we prefer to spend our time making our own product even more awesome. If you’d like look at some of our more constructive work, visit https://www.wordfence.com/learn/ to learn about WordPress security, how to secure your site and how to write secure code. Our learning center is completely vendor neutral (we avoid any sales pitch or mention of Wordfence). Our goal really is to help secure the web.
Regards,
Mark Maunder.
Hi,
The short answer is: We won’t be providing this feature and no one else does.
The longer answer:
What you’re asking for is something called “static code analysis” which describes the process of a machine finding vulnerabilities in code written by a human. It is a very complex field and static code analysis is unreliable – it can’t find vulnerabilities with a high degree of certainty. We are not in the business of providing static code analysis tools and I don’t think any vendor can automate them as a kind of “scan” which is what you’re looking for.
Regards,
Mark.
Guys, the nice thing about being volunteers is that we can choose when and where to spend our time. Our team, specifically Tim, Matt, Brian and Colette (and me) freely donate their (and our company’s) time supporting these forums to the tune of thousands of hours. We’re happy to do it. We expect a modicum of common decency from the folks we spend our valuable time helping and we do our best to be polite and courteous ourselves.
When the level of sarcasm exceeds a threshold, I think it’s completely acceptable for us to simply withdraw and help others who want to focus on the issue rather than personal attacks and venom. So we’re done with this thread.
Yeah, we’ll probably change the way we handle the WP readme with regards to version hiding. But jeez, what a painful way to get there.
~Mark
Incorrect.
The information you reference above is stored in your own database, not ours.
We don’t send your visitor stats to our servers. We don’t send entry or exit points to our own servers. We don’t send which domain visitors come from to our servers. And we don’t send browser types to our servers. ALL of that is stored in your OWN mysql wordpress database.
What we do send to our servers is aggregated data that is anonymized to help block attacks. We also send checksums (technically hashes) of your files to facilitate scanning.
Our code is 100% open source, so please inspect it yourself to verify what I’m saying above.
Regards,
Mark Maunder – Wordfence Founder/CEO.
Hi,
These claims are false and the vendor is running an aggressive affiliate program promoting their product. We have a long track record of protecting our customers. We currently protect over 1 million sites and growing. We provide both excellent security and excellent customer service.
We have at least one customer who has bought this vendor’s product and is now very unhappy. So caveat emptor. (buyer beware)
Mark.