HMWP IDS – Exclude potential attack

This topic is: not resolved

This topic has 1 reply, 2 voices, and was last updated 4 years, 8 months ago by Suman M..

Viewing 2 posts - 1 through 2 (of 2 total)

Save

Author

Posts
May 2, 2020 at 9:46 pm #30370

knightz
Post count: 4

Hello –

I’m getting the following when enabled HMWP IDS and want to exclude/put as an exception. How would I do that?

—message
The following potential attack has been detected by HMWP IDS.
If it’s you please Exclude that parameter or increase Notify Threshold from IDS settings.
In most cases you don’t need to do anything. Hide My WP protects you!

IP: xxx.xxx.xxx.xxx
User ID:
Date: 2020-05-02
Total Impact: 66
Affected tags: sqli id lfi xss csrf rfe

Affected parameters: REQUEST.custom=%7B%26quot%3Border_id%26quot%3B%3A4171%2C%26quot%3Border_key%26quot%3B%3A%26quot%3Bwc_order_m3YxSR4lSKVgs%26quot%3B%2C%26quot%3Burl%26quot%3B%3A%26quot%3Bhttps%3A%5C%2F%5C%2Fmydomain.com%26quot%3B%7D, POST.custom=%7B%26quot%3Border_id%26quot%3B%3A4171%2C%26quot%3Border_key%26quot%3B%3A%26quot%3Bwc_order_m3YxSR4lSKVgs%26quot%3B%2C%26quot%3Burl%26quot%3B%3A%26quot%3Bhttps%3A%5C%2F%5C%2Fmydomain.com%26quot%3B%7D,

Request URI: /wc-api/yith_paypal_ec/
Origin: xxx.xxx.xxx.xxx

and 2. How do I remove this from my source codes: \/\/

Thanks

May 3, 2020 at 6:28 am #30377

Suman M.
Post count: 12478

Hi, HMWP IDS detects malicious requests coming to your site and notify you about it. But all these requests might not be harmful and you need not worry as HMWP IDS will take care of this and will block the malicious requests if Impact level is more than 20 (default value specified in HMWP IDS). You can stop receiving emails regarding this by setting “Notification Threshold” option to 0 in IDS Firewall tab.

Note: If in case, valid request is also listed as intrusion then hover over that request name and click on Exclude link to add it to exception list.
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

Save

You must be logged in to reply to this topic.