REQUEST.fbclid GET.fbclid

[salhmwp]

Hello, 2 questions about REQUEST.fbclid and GET.fbclid

your plugin (installed version:5.5.1, on php 7.2, WP 5.2.3) shows some REQUEST.fbclid and GET.fbclid from different IPs (from the DB table) with following TAGS:

xss, csrf, id

xss, csrf, id, rfe, lfi

xss, csrf, id, sqli, lfi, rfe

the third one (sqli) worries me a little bit. These are URLs coming from Facebook posts or ads, and they should be good, but why are some REQUEST.fbclid and GET.fbclid showing tags like sqli, and the others xss, csrf, id, rfe, lfi?

Not sure to block these IPs or esclude them being from people linking inside the Facebook platform or they are new ways that hackers are implementing.

What is your suggestion?

• This topic was modified 5 years, 7 months ago by salhmwp.

[Suman M.]

Hi, thanks for reaching out to us. HMWP IDS detects malicious requests coming to your site and notify you about it. But all these requests might not be harmful and you need not worry as HMWP IDS will take care of this and will block the malicious requests if Impact level is more than 20 (default value specified in HMWP IDS). You can stop receiving emails regarding this by setting “Notification Threshold” option to 0 in IDS Firewall tab.

Regarding the various tags like xss, csrf, id, sqli, lfi, etc. it depends upon the type of requests.

Note: If in case, valid request is also listed as intrusion then hover over that request name and click on Exclude link to add it to exception list.

[Author]

Posts