Home Forums WordPress Plugins Hide My WP need help on the function HMWP IDS Log

This topic is: not resolved
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #1766
    vikento
    Post count: 5

    bonjour,

    je viens de mettre à jour votre application Hide My WP, celle-ci fait un super travail.
    Mais j’ai remarqué une nouvelle fonction “HMWP IDS Log”.
    Celle-ci m’a indiqué ces messages?

    REQUEST.<?xml_version
    \”1.0\”?>more
    /xmlrpc.php
    18 / 36 70.32.88.243
    Guest 6 February 2015 8 h 39 min

    POST.<?xml_version
    \”1.0\”?>more
    /xmlrpc.php
    18 / 36 70.32.88.243
    Guest 6 February 2015 8 h 39 min

    REQUEST.<?xml_version
    \”1.0\”?>more
    /xmlrpc.php
    18 / 36 198.12.156.123
    Guest 6 February 2015 4 h 48 min

    POST.<?xml_version
    \”1.0\”?>more
    /xmlrpc.php
    18 / 36 198.12.156.123
    Guest 6 February 2015 4 h 48 min

    De quoi s’agit-il? et que dois-je faire?
    Pouvez donc m’expliquer de quoi il s’agit? mais aussi me dire, comment je peux résoudre les problèmes? ou ce que je dois faire ?

    J’ai également reçu ces mails:
    1)

    The following potential attack has been detected by HMWP IDS

    . If it’s done by you please Exclude it from Intrusions Log page or increase Notify Threshold from IDS settings.

    IP: 198.12.156.123
    User ID: 0
    Date: 2015-02-06T03:48:09+00:00
    Total Impact: 36
    Affected tags: xss csrf id rfe lfi sqli

    Affected parameters: REQUEST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eunbelievable%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E, POST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eunbelievable%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E,

    Request URI: /xmlrpc.php
    Origin: 10.0.97.3

    2)
    The following potential attack has been detected by HMWP IDS

    . If it’s done by you please Exclude it from Intrusions Log page or increase Notify Threshold from IDS settings.

    IP: 70.32.88.243
    User ID: 0
    Date: 2015-02-06T07:39:52+00:00
    Total Impact: 36
    Affected tags: xss csrf id rfe lfi sqli

    Affected parameters: REQUEST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eavalon%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E, POST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eavalon%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E,

    Request URI: /xmlrpc.php
    Origin: 10.0.97.3

    Pouvez donc m’expliquer de quoi il s’agit? mais aussi me dire, comment je peux résoudre les problèmes? ou ce que je dois faire pour les 2 ?
    Est-ce que la fonction HMWP IDS Log, nous indique les intrusions qui ont été faites( ou réussi) ou les tentatives d’intrusions? merci de m’aider sur ce sujet.

    Je vous remercie d’avancement cordialement Vincent

    Pardonnez moi de la longueur du texte merci

    in english

    hello,
    I have to update your application Hide My WP, it did a great job.
    But I noticed a new “HMWP IDS Log”.
    It told me these messages?

    REQUEST. <? Xml_version
    \ “1.0 \”?> More
    /xmlrpc.php
    18/36 70.32.88.243
    Guest 6 February 2015 8 h 39 min

    POST. <? Xml_version
    \ “1.0 \”?> More
    /xmlrpc.php
    18/36 70.32.88.243
    Guest 6 February 2015 8 h 39 min

    REQUEST. <? Xml_version
    \ “1.0 \”?> More
    /xmlrpc.php
    18/36 198.12.156.123
    Guest 6 February 2015 4 h 48 min

    POST. <? Xml_version
    \ “1.0 \”?> More
    /xmlrpc.php
    18/36 198.12.156.123
    Guest 6 February 2015 4 h 48 min

    What is it? and what should I do?
    So can explain to me what it is? but tell me, how can I solve problems? or what should I do?

    I also received these emails:
    1)

    The following potential attack has been detected by HMWP IDS

    . If it’s done by you please Exclude it from Intrusions Log page or increase Notify Threshold from IDS settings.

    IP: 198.12.156.123
    User ID: 0
    Date: 2015-02-06T03:48:09+00:00
    Total Impact: 36
    Affected tags: xss csrf id rfe lfi sqli

    Affected parameters: REQUEST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eunbelievable%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E, POST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eunbelievable%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E,

    Request URI: /xmlrpc.php
    Origin: 10.0.97.3

    2)

    The following potential attack has been detected by HMWP IDS

    . If it’s done by you please Exclude it from Intrusions Log page or increase Notify Threshold from IDS settings.

    IP: 70.32.88.243
    User ID: 0
    Date: 2015-02-06T07:39:52+00:00
    Total Impact: 36
    Affected tags: xss csrf id rfe lfi sqli

    Affected parameters: REQUEST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eavalon%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E, POST.<?xml_version=%5C%5C%5C%221.0%5C%5C%5C%22%3F%3E%3CmethodCall%3E%3CmethodName%3Ewp.getUsersBlogs%3C%2FmethodName%3E%3Cparams%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eadmin%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3Cparam%3E%3Cvalue%3E%3Cstring%3Eavalon%3C%2Fstring%3E%3C%2Fvalue%3E%3C%2Fparam%3E%3C%2Fparams%3E%3C%2FmethodCall%3E,

    Request URI: /xmlrpc.php
    Origin: 10.0.97.3

    So can explain to me what it is? but tell me, how can I solve problems? or what I have to do for the 2?
    Does the IDS HMWP Log function, indicates intrusions that have been made (or successful) or intrusion attempts? thank you for helping me on this.

    Thank you kindly for advancement Vincent

    Forgive me thank you for the length of text

    • This topic was modified 9 years, 1 month ago by vikento.
    #1768
    vikento
    Post count: 5

    partie 2

    j’ai également reçu ceci actualement, lorsque j’écrivez votre message? voir photo

    pouvez-vous m’aider ou me dire ce qui ne va pas? ou est ce juste un message pour me dire qu’il y a eu un essaie et que ça n’a pas marcher. ( ps: je commence mon site je veux être sur que tout va bien, avant de le lancer 🙂 )

    dois-je m’inquièter concernant ces chose ou pas?
    Merci encore de votre aide

    in english

    part 2

    I also received this actualement when I write your message? see photo

    can you help me or tell me what’s wrong? or is this just a message to say that there has been a trying and it did not work. (Ps: I started my website I want to be sure all is well, before launching :))

    should I worry about these things or not?
    Thank you again for your help

    • This reply was modified 9 years, 1 month ago by vikento.
    Attachments:
    You must be logged in to view attached files.
    #1778
    Suman M.
    Post count: 12478

    Hi, in HMWP PHP IDS settings page you can see following options:
    Log Threshold, Block Threshold, Notify Threshold

    If the intrusion’s (potential dangerous request) impact is more than or equal to “Log threshold” value, then such requests will be logged.

    If the intrusion’s (potential dangerous request) impact is more than or equal to “Block threshold” value, then such requests will be blocked.

    If the intrusion’s (potential dangerous request) impact is more than or equal to “Notify threshold” value, then email will be sent to you about such requests.

    You need not worry much, as the requests detected as intrusions are of lesser impact. Even if such requests are of more impact HMWP IDS will take care of them automatically.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.