need help on the function HMWP IDS Log

[vikento]

bonjour,

je viens de mettre à jour votre application Hide My WP, celle-ci fait un super travail.
Mais j’ai remarqué une nouvelle fonction “HMWP IDS Log”.
Celle-ci m’a indiqué ces messages?

REQUEST.<?xml_version
\”1.0\”?>more
/xmlrpc.php
18 / 36 70.32.88.243
Guest 6 February 2015 8 h 39 min

POST.<?xml_version
\”1.0\”?>more
/xmlrpc.php
18 / 36 70.32.88.243
Guest 6 February 2015 8 h 39 min

REQUEST.<?xml_version
\”1.0\”?>more
/xmlrpc.php
18 / 36 198.12.156.123
Guest 6 February 2015 4 h 48 min

POST.<?xml_version
\”1.0\”?>more
/xmlrpc.php
18 / 36 198.12.156.123
Guest 6 February 2015 4 h 48 min

De quoi s’agit-il? et que dois-je faire?
Pouvez donc m’expliquer de quoi il s’agit? mais aussi me dire, comment je peux résoudre les problèmes? ou ce que je dois faire ?

J’ai également reçu ces mails:
1)
The following potential attack has been detected by HMWP IDS

. If it’s done by you please Exclude it from Intrusions Log page or increase Notify Threshold from IDS settings.

IP: 198.12.156.123
User ID: 0
Date: 2015-02-06T03:48:09+00:00
Total Impact: 36
Affected tags: xss csrf id rfe lfi sqli

Affected parameters: REQUEST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eunbelievable%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E, POST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eunbelievable%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E,

Request URI: /xmlrpc.php
Origin: 10.0.97.3

2)
The following potential attack has been detected by HMWP IDS

. If it’s done by you please Exclude it from Intrusions Log page or increase Notify Threshold from IDS settings.

IP: 70.32.88.243
User ID: 0
Date: 2015-02-06T07:39:52+00:00
Total Impact: 36
Affected tags: xss csrf id rfe lfi sqli

Affected parameters: REQUEST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eavalon%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E, POST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eavalon%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E,

Request URI: /xmlrpc.php
Origin: 10.0.97.3

Pouvez donc m’expliquer de quoi il s’agit? mais aussi me dire, comment je peux résoudre les problèmes? ou ce que je dois faire pour les 2 ?
Est-ce que la fonction HMWP IDS Log, nous indique les intrusions qui ont été faites( ou réussi) ou les tentatives d’intrusions? merci de m’aider sur ce sujet.

Je vous remercie d’avancement cordialement Vincent

Pardonnez moi de la longueur du texte merci

in english

hello,
I have to update your application Hide My WP, it did a great job.
But I noticed a new “HMWP IDS Log”.
It told me these messages?

REQUEST. <? Xml_version
\ “1.0 \”?> More
/xmlrpc.php
18/36 70.32.88.243
Guest 6 February 2015 8 h 39 min

POST. <? Xml_version
\ “1.0 \”?> More
/xmlrpc.php
18/36 70.32.88.243
Guest 6 February 2015 8 h 39 min

REQUEST. <? Xml_version
\ “1.0 \”?> More
/xmlrpc.php
18/36 198.12.156.123
Guest 6 February 2015 4 h 48 min

POST. <? Xml_version
\ “1.0 \”?> More
/xmlrpc.php
18/36 198.12.156.123
Guest 6 February 2015 4 h 48 min

What is it? and what should I do?
So can explain to me what it is? but tell me, how can I solve problems? or what should I do?

I also received these emails:
1)

The following potential attack has been detected by HMWP IDS

. If it’s done by you please Exclude it from Intrusions Log page or increase Notify Threshold from IDS settings.

IP: 198.12.156.123
User ID: 0
Date: 2015-02-06T03:48:09+00:00
Total Impact: 36
Affected tags: xss csrf id rfe lfi sqli

Affected parameters: REQUEST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eunbelievable%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E, POST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eunbelievable%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E,

Request URI: /xmlrpc.php
Origin: 10.0.97.3

2)

The following potential attack has been detected by HMWP IDS

. If it’s done by you please Exclude it from Intrusions Log page or increase Notify Threshold from IDS settings.

IP: 70.32.88.243
User ID: 0
Date: 2015-02-06T07:39:52+00:00
Total Impact: 36
Affected tags: xss csrf id rfe lfi sqli

Affected parameters: REQUEST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eavalon%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E, POST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eavalon%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E,

Request URI: /xmlrpc.php
Origin: 10.0.97.3

So can explain to me what it is? but tell me, how can I solve problems? or what I have to do for the 2?
Does the IDS HMWP Log function, indicates intrusions that have been made (or successful) or intrusion attempts? thank you for helping me on this.

Thank you kindly for advancement Vincent

Forgive me thank you for the length of text

• This topic was modified 9 years, 11 months ago by vikento.

[vikento]

partie 2

j’ai également reçu ceci actualement, lorsque j’écrivez votre message? voir photo

pouvez-vous m’aider ou me dire ce qui ne va pas? ou est ce juste un message pour me dire qu’il y a eu un essaie et que ça n’a pas marcher. ( ps: je commence mon site je veux être sur que tout va bien, avant de le lancer 🙂 )

dois-je m’inquièter concernant ces chose ou pas?
Merci encore de votre aide

in english

part 2

I also received this actualement when I write your message? see photo

can you help me or tell me what’s wrong? or is this just a message to say that there has been a trying and it did not work. (Ps: I started my website I want to be sure all is well, before launching :))

should I worry about these things or not?
Thank you again for your help

• This reply was modified 9 years, 11 months ago by vikento.

Attachments:

You must be logged in to view attached files.

[Suman M.]

Hi, in HMWP PHP IDS settings page you can see following options:
Log Threshold, Block Threshold, Notify Threshold

If the intrusion’s (potential dangerous request) impact is more than or equal to “Log threshold” value, then such requests will be logged.

If the intrusion’s (potential dangerous request) impact is more than or equal to “Block threshold” value, then such requests will be blocked.

If the intrusion’s (potential dangerous request) impact is more than or equal to “Notify threshold” value, then email will be sent to you about such requests.

You need not worry much, as the requests detected as intrusions are of lesser impact. Even if such requests are of more impact HMWP IDS will take care of them automatically.

[Author]

Posts