XSS

  • Resolved CamZL1

    (@danishhaidri)


    5 years, 3 months ago

    BEST PRACTICE:

    What should we do if we see this in live traffic:

    was blocked by firewall for XSS: Cross Site Scripting in POST body: rcsp_headline=%3Cscript%20async%3Dtrue%20type%3Dtext%2Fjavascript%20language%3Djavascript%3Evar%20nt%20%3D%20Strin…

    Does this mean someone is trying to hack? Should we just block the IP completely for all such alerts?

Viewing 1 replies (of 1 total)

  • Hey @danishhaidri,

    There’s isn’t anything for you to do. Wordfence is blocking the attack. I know it can be alarming to see these attacks, but they’re normal. There’s only so much we can do to prevent an attack; it’s more about making sure they aren[t successful, which it looks like Wordfence is doing.

    As for blocking the IP, the attackers can use legitimate IPs, so there are risks in blocking. Typically, I’d suggest just letting Wordfence handle this. The article below has more information about the risks and benefits of blocking IPs.

    https://www.wordfence.com/blog/2017/11/should-permantly-block-ips/

    Thanks,

    Gerroald

Viewing 1 replies (of 1 total)
  • The topic ‘XSS’ is closed to new replies.

Tags