yorman
Forum Replies Created
-
If there is no directory in front of the file name, I would check the document root, here is an example [1].
I have never seen a file with that name in a regular WordPress installation, but I don’t think it’s part of an attack. Maybe it’s a canary file to check modification times in the server, maybe it was placed there by your hosting provider. Of course, I am just speculating.
Let me know if you need more information.
[1]
/home/username/public_html/last-modThe SSL certificate in your website has an invalid chain.
You can check by yourself using these tools:
- https://www.ssllabs.com/ssltest/analyze.html?d=www.datacenterresearch.org
- https://www.sslshopper.com/ssl-checker.html#hostname=https://www.datacenterresearch.org
- https://sslanalyzer.comodoca.com/?url=https%3A%2F%2Fwww.datacenterresearch.org
- https://www.httpcs.com/en/test-ssl-certificate
- https://www.sslchecker.com/sslchecker
- https://www.geocerts.com/ssl-checker
Ask your hosting provider, or whoever issued this certificate, to fix the error.
You can use the web version of the Sucuri Scanner [1].
The scanner says that your website is returning a “403 Forbidden” HTTP status code when the User-Agent in the HTTP request is faked to pass as if it were one of Google’s Web Crawlers.
I already explained the issue with more details here [2].
[1] https://sitecheck.sucuri.net/
[2] https://wordpress.org/support/topic/unable-to-scan-the-page-403-forbidden/#post-10842679That payload means that, when Google’s Web Crawler is trying to scan your website, your website is returning a “403 Forbidden” HTTP status code instead of “200 OK”. If you want to test by yourself, you can execute this command:
curl -v \ -H "User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" \ "https://boomerbenefits.com/"
Apparently, you enabled an option on your Cloudflare dashboard that inserts a reCaptcha for suspicious HTTP requests. When Sucuri is trying to scan your website using Google’s User-Agent, Cloudflare inserts the reCaptcha because it —accurately— believes that the request is not really coming from Google but from an unknown service.
This is certainly a bug that Sucuri may or may not be possible to fix, it highly depends on how Cloudflares inserts the reCaptcha code. For now, just ignore the warning and hopefully —if Sucuri finds a fix— you will stop seeing it in future scans.
Share the address of at least one of the websites that’s returning a 404 and I will tell you why the scan is failing.
If your website is hosted in a shared server, the reverse IP address will point to the main domain of that server. Unless you have a dedicated server, the reverse IP address will not return the domain of your website.
Here’s an example:
$ host -t A sucuri.net. sucuri.net has address 192.124.249.16 $ host -t A 192.124.249.16 domain name pointer cloudproxy10016.sucuri.net.
In the example above, we are querying the DNS A record from a specific domain name, the DNS A record contains the IP address that the domain is pointing to. Then, we reverse the IP address to attempt to recover the original domain name, but as you can see the operation returns “cloudproxy10016.sucuri.net” instead of “sucuri.net”.
This is what may be happening in your case and there’s nothing wrong with that.
Let me know if you need more information.
Follow these steps:
- Click on the “Sucuri Security” icon on the sidebar,
- Click on the “Settings” menu,
- Click on the “Scanner” tab,
- Scroll to “Ignore Files And Folders During The Scans”,
- Copy and paste
/www/site1into the form, - Submit and wait for the next scan
This will force the plugin to skip the parent directory during the scans.
The error comes from “Sucuri Website Firewall” [1] not “Sucuri WordPress Plugin”.
Follow this tutorial [2] to know how to whitelist your IP address.
[1] https://sucuri.net/website-firewall/
[2] https://kb.sucuri.net/firewall/Whitelist+and+Blacklist/whitelisting-IPThe Sucuri WordPress plugin doesn’t have any incompatibility with SiteLock, you can use them both at the same time. For the traffic that is by-passing SiteLock, you’ll have to contact their support team.
Should I apply the “Website Firewall Protection” hardening
Think of a website like a physical store, hardening is like putting security locks in the doors. Malicious people can still try to break in through the windows, by stealing your keys, by impersonating an admin, etc. A firewall is like asking the police to keep an eye on the business 24 hours, 7 days a week.
If you think your website will be protected enough with just a few locks here and there, then you don’t need to apply the “Website Firewall Protection” hardening. However, if you need more protection, you can look into it and see if the features offered by the Sucuri Firewall are useful to you [1].
Should I apply the “Information Leakage” hardening
You can keep this option disabled. The plugin already prevents the website from leaking some information. This option is an extra step that is most of the time not necessary. We keep this option for backward compatibility purposes.
Should I apply the “Plugin and Theme Editor” hardening
Yes, please apply this hardening. Most of the time, there is no reason to have this WordPress tool enabled. People who want to modify their plugins and/or themes will often download the code, apply the changes in their computer, and then upload the new files to the servers. I cannot think of a good reason to make such changes live in the server.
@royalmicer thank you for your feedback.
The company will surely take your case as an example to improve.
Just a reminder that this forum is used to provide support only for the Sucuri WordPress plugin, which is a completely different product. People who have a paying subscription with Sucuri must contact the company through the ticket system here [1] or by sending an email to info@sucuri.net
It is also worth to say that every infection is different, and while your case couldn’t be handled in one day, there are several hundred cases that are handled in just a couple of minutes either by the automated system or through the remediation team. Your case is part of a small list of rare exceptions.
I apologize for not being able to help you on time.
Hello @odense3dprint
I already answered this question here [1].
Let me know if you need more information.
[1] https://wordpress.org/support/topic/hardening-question/#post-10697442
Go to the plugin Settings > API Service Communication.
Find the “Are you a developer?” text and read the instructions.
There you will find a command that you can execute to download all the logs associated to your API key. For the sake of simplicity, I will provide the URL that you can use to download all the logs [1] simply change the
API_KEYwith the real key that you currently have. The response is encoded in JSON to facilitate the integration with other log parsers.Let me know if you need more information.
[1] https://wordpress.sucuri.net/api/?k=API_KEY&a=get_logs&l=999999
I’ve contacted a different Security Analyst.
It’s already midnight where I am, I’ll take some rest now.
I hope one of the analysts with the night-shift can take your case.
I will follow in the morning when I wake up again.
Thank you for your patience.
Thank you, I will contact the correct person right now.
EDIT: I’ve contacted one of the Security Analysts in the Remediation Team. They will take care of the in the following minutes. Please don’t hesitate to contact me again if you need more assistance with your case. I hope it gets resolved soon.