Home Forums WordPress Plugins Hide My WP Intrusion alert from local ip?

This topic is: not resolved
Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • January 23, 2017 at 4:51 pm #14245
    Hoochie
    Active
    Post count: 11

    Hello,

    My site seems to be getting quite a few IDS alerts and they all have a local loopback ip:

    Today I just got this email which reads:
    The following potential attack has been detected by HMWP IDS.

    If it’s you please Exclude that parameter or increase Notify Threshold from IDS settings.
    In most cases you don’t need to do anything. Hide My WP protects you!

    IP: 127.0.0.1 (91.223.89.100, 127.0.0.1)
    User ID:
    Date: 2017-01-23T16:20:18+00:00
    Total Impact: 42
    Affected tags: xss csrf id rfe sqli lfi

    Affected parameters: REQUEST.qf73356=eval%28%26quot%3Becho+10000000000-245205634%3B%26quot%3B%29%3B, POST.qf73356=eval%28%26quot%3Becho+10000000000-245205634%3B%26quot%3B%29%3B,

    Request URI: /wp-content/plugins/akismets/views/stats.php
    Origin: 127.0.0.1

    Is there something I need to do?

    Attachments:
    You must be logged in to view attached files.
    January 24, 2017 at 3:56 am #14251
    Suman M.
    Post count: 12480

    Hi, check the requests (under ‘page’ column) and see if they are valid requests or not. If they are valid then you can hover over that request and click on “exclude” link to add it to exception list.

    January 24, 2017 at 1:39 pm #14257
    Hoochie
    Active
    Post count: 11

    Hi Suman,

    Tried to get back in to look at IDS logs and for some reason I cannot login into wordpress.

    Getting page not found.

    ??

    January 24, 2017 at 1:46 pm #14258
    Hoochie
    Active
    Post count: 11

    Hi Suman – I disabled login via FTP.

    Not sure how to fix HMWP with the plugin renamed now. Was thinking I may remove the plugin completely and start over.

    Can you advise how to reset it?

    January 24, 2017 at 2:52 pm #14260
    Suman M.
    Post count: 12480

    Did you make any changes in HMWP settings, like renaming wp-admin path? Are you able to login if you rename hide_my_wp Plugin folder name under /wp-content/plugins/ directory?

    January 24, 2017 at 4:07 pm #14265
    Hoochie
    Active
    Post count: 11

    Was able to login by renaming the plugin folder.

    Notice it took a few tries to login to wp….

    Today when I tried it gave me a page not found. Which is why I disabled.

    January 25, 2017 at 5:38 am #14269
    Suman M.
    Post count: 12480

    In “wp_options” table in your database, delete the rows with following “option_name”:
    – hide_my_wp
    – hide_my_wp_undo
    – hmwp_ids_installed
    – hmw_all_plugins
    – external_updates-hide_my_wp
    – hmwp_spam_counter
    – hmwp_temp_admin_path

    Then you can rename back hide_my_wp plugin folder name back to original, login to backend, and apply the settings again. Let us know.

    January 25, 2017 at 1:33 pm #14273
    Hoochie
    Active
    Post count: 11

    Hi Suman,

    I checked that table and non of those entries exist.

    Should I just delete the renamed HMWP plugin and reinstall?

    January 25, 2017 at 2:21 pm #14274
    Hoochie
    Active
    Post count: 11

    Hi Suman,
    Found the following entries: and deleted them X
    – hide_my_wp X
    – hide_my_wp_undo X
    – hmwp_ids_installed X
    – external_updates-hide_my_wp X

    Did not find these entries:
    – hmw_all_plugins
    – hmwp_spam_counter
    – hmwp_temp_admin_path

    Should I be good to rename back and start over?

    January 25, 2017 at 4:55 pm #14278
    Suman M.
    Post count: 12480

    Yes, you can.

  • Author
    Posts
Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.