Hi, i using this plugin since from 2013 till now, i have 5500 pages list of intrusion. so, i worried such data in DB.
May i Delete all Intrusion from wordpress ? any problems occur to wordpress or trackback ? i am using chartbeat plugin.
let me known if any one done this.
]]>HI I have installed mute screamer and it is logging intrusion attempts but it also is logging and blocking me when I do certain things in the admin.
basically I don’t know what it is doing. is there any docs that will tell me how to set it up and what the alerts are that are boing logged.
Cheers
]]>Does anyone have any thoughts on why this plug might not activate? I’m trying to install, and I can successfully install, but when I go to activate I get a server configuration error (500).
]]>Hello,
The new version of Formidable (plugin) is incompatible with the current Mute Screamer version (admin page issue).
I already approached the Formidable author and they are not interested in addressing this issue.
Would you be interested in addressing and fixing this bug?
If not, I will uninstall Mute Screamer as I require Formidable for my site.
Thank you.
]]>I have version 1.0.7 installed and the plugin is broken. I am getting a fatal error:
Warning: require_once(mscr/Utils.php) [function.require-once]: failed to open stream: No such file or directory in /wp-content/plugins/mute-screamer/mute-screamer.php on line 42
Fatal error: require_once() [function.require]: Failed opening required ‘mscr/Utils.php’ (include_path=’.:/usr/php4/lib/php:/usr/local/php4/lib/php:/usr/lib/php:/usr/local/lib/php:’) in /public_html/wp-content/plugins/mute-screamer/mute-screamer.php on line 42
I tried uninstalling the and reinstalling Mute Screamer but it wouldn’t activate, I got the same error.
]]>I managed to block myself – I was inserting some stats tracking code and got locked out with Impact: 218 LOL!
So as instructed by me, Mute Screamer blocked and logged me out.
But the string is legitimate, I need it for tracking. Since I’m locked out I can’t access the dashboard and “allow” this particular string through the filters.
I moved the mute-screamer folder from the plugins folder and can now log in again. I visited my plugins page in my back end and mute screamer was deactivated because the files are missing but as soon as I move the plugin back I can’t access my site again.
Am I overlooking something ehre?
]]>hi
i am getting emails from plugin that the ip address (195.195.4.161)
is attacking on my site https://www.filmylinks4u.net/
i am pasting email as it as i received from plugin:
The following attack has been detected by PHPIDS
IP: 209.140.18.46 (195.195.4.161)
Date: 2012-12-14T11:07:22+00:00
Impact: 7
Affected tags: xss csrf id rfe lfi
Affected parameters: COOKIE.TBANKVISITOR=MC4yMy4yMzA3OTQyOTMxNDY0NTIuMTM1NTQ4MzIwMDQ3MS42ZmIxZGQzZg__%2A,
Request URI: /assets/core/img/layout/transparent.png
Origin: 209.140.18.46
and i received this email simultaneously with different ip addresses,
please inspect it what kind of attack is that???
i am worrieed
I have thousands of intrusions because mute screamer flagged updates to tables I created. Can I mass delete them other than 20 at a time????? I looked at FTP and do not see them via FTP.
Thanks
]]>WordPress database error Data too long for column ‘page’ at row 1 for query INSERT INTO `wp_mscr_intrusions
Not sure how to correct this, any help would be appreciated.
]]>Is it possible to show the user name who tried to login in email alert?
]]>Thanks for sharing this plugin (Mute Screamer).
I have some questions that I hope that someone can help answer.
On my site I have two fields that are not standard; they generate intrusion warnings up to level 19. Should I exclude these fields?
What does exclude do? As I understand “exclude” prevents PHPIDS from checking input fields, but then the whole idea behind it (to check all fields for possible attacks would be lost… Or maybe I misunderstand the concept?
I have used PHPIDS before (on a forum) and can’t remember that I ever excluded any form fields.
]]>Please consider the ability to block / unblock from the intrusion list (i.e. manual block and manual unblock).
Thank you.
]]>Hi,
I excluded by mistake intrusion instead of delete them. Is there anyway I can recover?
thanks
Two related questions here. It would be nice to be able to use the search to only show impacts above a certain threshold. Are there any special tags to do this? With those results it’d be nice to be able to sort them somehow by impact, date, or one of the other columns. Can this be done or is this a planned feature? I know I can pretty much do all of the above using phpmyadmin but it would be nice to have it incorporated into the interface somehow.
But I’ve even run into roadblocks using phpmyadmin. Often times I receive an email for intrusions that have a value greater than 20 but when I go back to look in phpmyadmin I don’t see anything. Part of the reason that I can find it that often the impact values we receive by email are combined impacts from multiple detected attacks in one request. So while I get an email with a value of 24, I’d have to know to look for three alerts of with an impact of 8. Can these be grouped somehow or is there another way to address this?
]]>Just installed Mute Screamer yesterday. Previously, I had PHPIDS running directly but thought I’d try this plugin since it looks like things would be so much easier to manage.
Well as soon as I installed and configured it, I started receiving tons of XMLRPC alerts that seem to be caused by JetPack. The alerts all look something like the following:
Name: REQUEST.<?xml_version
Value Column (I swapped in some random values for things that might be sensitive – in brackets):
“1.0”?> <methodCall> <methodName>jetpack.getPosts</methodName> <params> <param><value><array><data> <value><array><data> <value><int>8155</int></value> </data></array></value> </data></array></value></param> </params></methodCall> /xmlrpc.php?for=jetpack&token=[arandomvaluelookingthinghere]×tamp=[sometimestampwashere]&nonce=[somerandomnonce]&body-hash=[thebodyhash]&signature=[andthesig]
Tags: xss, csrf, id, rfe, lfi
Impact: 8
I also get tons of similar alerts via POST requests as well. I tried turning off wp-admin alerts and that didn’t seem to help.
I know Icould probably just add exceptions for “REQUEST.<?xml_version” and “POST.<?xml_version” but was concerned because I never received these types of alerts in my old PHPIDS direct install.
Any thoughts or opinions on how to address this?
]]>Produces a stack of PHP warnings and shows characters as UTF-8 undecoded in a Finnish WP installation.
Instantly uninstalled.
]]>Hello,
Working with Mute Screamer ver. 1.0.5. I believe I left the default settings in place, but the plugin keeps kicking me off my dashboard any time I attempt to work on my site, edit theme options, etc. I then go to the database, find the intrusion log, copy the code that should go into the exception field, delete my intrusion from the database, wait to be allowed to log back on to my site, add the exception code. This cycle then starts over again any time I attempt to edit a new area of my theme. It’s really frustrating.
Is there a way to whitelist my IP address? Or allow my theme edits? (it’s a new theme, I don’t know what sort of exception codes to put in until I’ve already been kicked out.) Or can you let me know what settings I need to change to be able to work on my site? Is there info or a tutorial anywhere on what the different plugin configuration settings do?
Thank you for your help.
]]>I may be wrong, but I believe this will be the 3rd time I’m being asked by the program to update Converter.php and default_filter.xml to version 1486.
…And when I do, each always returns “These revisions are identical.”
How to enable these two to escape Groundhog Day?
]]>I’m not sure if this is much of a problem, but I noticed in the directory:
mute-screamer\libraries\IDS
There’s an .htaccess file with this in it:
# in case PHPIDS is placed in the web-root
deny from all
# silence is golden
php_flag display_errors offSome of the sites I host on, do not have mod_php as an Apache module. So the above reference of php_flag display_errors off would normally throw errors and possibly keep mute screamer from working correctly.
My suggestion for compatibility sake, is just to have the deny from all without the usage of the php_flag.
Thanks.
]]>Getting a 404 File not found when trying to download recent 1.0.4 version. Is this an issue with www.remarpro.com?
]]>I just started experimenting with this plugin, and I was wondering if it’s ok to manually update the filters from here:
https://dev.itratos.de/projects/php-ids/repository
Reason I ask, is I was having difficulty implementing the updates via the dashboard (probably theme/plugin related), so I decided to update them manually via SFTP. Is there any consequence from doing this manually? Does anything in the database need to be updated along with this as well, example: possibly to inform the plugin that it is up to date?
Thanks
]]>First, we want to say thanks for the great security plugin…amazed it hasn’t been found by more WordPress users.
Regarding the subject intrusion, the associated value is urltoken=CFID#=62777607&CFTOKEN#=80317543#lastvisit={ts ‘2011-08-26 06:41:04’}#timecreated={ts ‘2011-08-26 03:49:06’}#hitcount=4#cftoken=80317543#cfid=62777607#
From what we can tell this is likely a benign attempt to widgetize a newsfeedgadget.com page (/news/cities-news/seattle-wa/seattle-post-intelligencer-local-news/) in a ColdFusion app. But, the impact score was pretty high…32.
Any suggestions…should we go ahead and set an exclusion for this or does that open us up for other intrusions?
]]>Where can I find more info on the ban threshold parameters (default 70), I tried looking on phpids site but could not find anything.
I ask because some repeated attacks are getting through ( I’m assuming because they are under the threshold) and would like to know what exactly the threshold parameters are.
For example , with default threshold at 70 an xss like
/2011/04/poll_logs.php?qid=%27 is not limited by the Attack repeat limit setting.
Thanks!
]]>Hi,
the plugin is always displaying the message ‘How good is that, no intrusions.’, even when the sidebar is displaying ‘Intrusions (5)’.
Is there a problem with a german localization?
]]>We keep getting an update for Converter.php / Update to revision 1475.
& default_filter.xml / Update to revision 1475. Theses updates (r.1475) keep coming up about every 2 days. Anyway to stop this issue?
Any way to add a feature to enable IP based whitelist/exclusion/inclusion?
]]>The next time Mute Screamer checks for an update to the PHPIDS project you will get a fatal error in the WordPress admin
Fatal error: Call to a member function attributes() on a non-object in wp-content/plugins/mute-screamer/libraries/mscr/Update.phpA patch will be ready soon, with a bug fix release out, but in the meantime if you come accross this error you will have to disable Mute Screamer by moving it out of your wp-content plugins directory. Unfortunately that is the only way to remove the error.
The problem is that the external feed has changed which is why the error is now happening. To prevent this i’ve added extra validation of the feed before the update process runs.
This problem only affects the WordPress admin side, the frontend of your site will still continue to operate.
Apologies for any inconvience this may cause you, I hope to resolve the issue swiftly.
]]>Hey there. I installed this plugin a few hours ago, and so far I’ve had 142 intrusion attempts. Most of them have an impact of around “8”, have the field name “COOKIE.w3tc_referrer” and the tags “xss, csrf, id, rfe, lfi”.
I’m not too sure what this means, though. Are these hack attempts?
Also, about the Ban threshold, it’s set at 70 by default, but should I make it lower? I don’t want to cause any difficulty for normal users, but my site has been hacked a few times in the past, and I’m hoping this can help me prevent that from happening again.
Lastly, after logging into admin, I see that my ip is listed with an impact of 6, for the fields “REQUEST.pwd” and ” POST.pwd”. That’s not too big a deal, but I’m a little troubled that the “value” shows my password in plain text. Should that be happening?
]]>Hi,
Super neat idea to pull PHPIDS into a plugin. Just tried it with WP in multi-blog config and seems it doesn’t hook to WPMU 3.1.2 so well (at all, really).
Any plan to update for support in multi-blog mode?
]]>Amazing the ip ban feature, it was what i need. A question. is possible to ban (i don’t know if it was in already ) an ip that ex. arrive in my page, and after 5 seconds arrives another time, and another and another without referre, and open a lot of calls in my domain? (sometime happens that in my site arrive an ip, that goes in my home, and after 3 second the same ip, seems arrive newly…)
I think this is sometime like a DDOS attack, that someone want to put my site down…. throught customer that open a get to my site WITHOUT KNOWING..
Is this already implemented? Sorry my bad english….
Thanks in advance
]]>