Ninja FW installation accesses .user.ini and get 403 error

  • Resolved ziegel

    (@ziegel)


    2 years, 11 months ago

    Hi,

    On my server log file, I can see NFW accessed .user.ini file using <server-ip>, and it received a 403 error.

    May I ask, was the access in order to get the auto_prepend_file as on:

    
auto_prepend_file = "/var/www/vhosts/example.com/httpdocs/wp-content/nfwlog/ninjafirewall.php"

    And, also, can you say why did access the file, and how can a 403 error be fixed?

    
2021-12-19 23:34:48	Error	<server-ip>	403	GET /.user.ini HTTP/1.0		Mozilla/5.0 (compatible; NinjaFirewall/4.4.3; WordPress/5.8.2)	146	nginx SSL/TLS access
Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter ziegel

    (@ziegel)

    wp-check.php results are (missing wp-config.php):

    
2021-12-19 21:59:56	Access	<server-ip>	200	POST /wp-cron.php?doing_wp_cron=1639943996.6477580070495605468750 HTTP/1.0	https://example.com/wp-cron.php?doing_wp_cron=1639943996.6477580070495605468750	WordPress/5.8.2; https://example.com	935	Apache SSL/TLS access
2021-12-19 21:59:58	Access	<client-ip>	200	POST /wp-login.php HTTP/1.0	https://plesk.example.com:8443/	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 OPR/82.0.4227.33	3.38 K	Apache SSL/TLS access
2021-12-19 22:00:10	Access	<client-ip>	302	POST /wp-login.php HTTP/1.0	https://example.com/wp-login.php	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 OPR/82.0.4227.33	1.83 K	Apache SSL/TLS access
2021-12-19 22:00:11	Error	<server-ip>	403	POST /wp-admin/admin-ajax.php HTTP/1.0	https://example.com/wp-admin/admin-ajax.php	WordPress/5.8.2; https://example.com	1.04 K	Apache SSL/TLS access

    `

    • This reply was modified 2 years, 11 months ago by ziegel.
    Thread Starter ziegel

    (@ziegel)

    Hi,

    To my understanding the wp-check file you provide is broken for the situation where wp-config is NOT found by the check tool, and instead of reporting it was not found, the report gets broken with a 500 error on the code component where wp-config should be reported:

    https://nintechnet.com/share/wp-check.txt

    The end of this code could be found to be broken for the situation where wp-config is not in the IF and not in the ELSE IF:

    
<tr class="tdb">
	<th width="30%">wp-config.php</th>
	<td>:</td>
	<td>
	<?php
	if ( file_exists( __DIR__ . '/wp-config.php' ) ) {
		$wp_config = __DIR__ . '/wp-config.php';
		echo 'found in '. $wp_config;
	} elseif ( file_exists( dirname( __DIR__ ) . '/wp-config.php' ) ) {
		$wp_config = dirname( __DIR__ ) . '/wp-config.php';
		echo 'found in '. $wp_config;
	} else {
		echo '<font color="red">Error: cannot find your wp-config.php file</font>';
		echo '</td></tr></table></body></html>';
		exit;
	}
	?>
	</td>
</tr>
<?php
if ($wp_config) {
	@include($wp_config);
}
?>
<tr>
    Plugin Author nintechnet

    (@nintechnet)

    The firewall checks if the .user.ini is protected. If it isn’t, it will warn you.

    I don’t see any error in the wp-check.php script: If the wp-config.php file is missing, it throws a “Error: cannot find your wp-config.php file” message and quit.

    Thread Starter ziegel

    (@ziegel)

    is the firewall testing itself?…

    Plugin Author nintechnet

    (@nintechnet)

    It checks if it’s loaded, but that doesn’t require any HTTP request.

    Thread Starter ziegel

    (@ziegel)

    Hi,

    1) If it doesn’t require http request, how come it accessed it? I don’t think it was part of wp-check.php.

    2) wp-config is in place, and no error is shown. the wp-check.php stops in the middle with a 500 error, most likely on the first Include line of the code.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Ninja FW installation accesses .user.ini and get 403 error’ is closed to new replies.