after updating to WP Staging 3.1.1 and creating a new staging site on a WP installation where the NinjaFirewall plugin (with no recent updates or changes in the settings) is also installed, Ninja repeatedly sent the following alert after every single change on the staging site: “Someone accessed a script that was modified or created less than 10 hour(s) ago.”
Is that something that should be addressed from your side (WP Staging) or NinjaFirewall as it is clearly a false alarm? Creating/changes to a new staging site never caused this alert before and clearly should not cause an alert at all. Maybe you can clarify directly with NinjaFirewall, as it is very widely used?
Thx!
]]>There are no problems receiving Alert emails like login notifications or log stats, but File Guard detection emails can’t be delivered.
I noticed that the log stats send email address is different than the File Guard one, and I believe that’s the reason. The log stats emails are sent with the email address [email protected].
The File Guard email address won’t pass the DMARC test. It looks like this: [email protected] (without the extension).
I’m getting this message:
Reporting-MTA: DNS; scanner02.mail.supportedns.com
Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.26 Unauthenticated email from mydomainname.com is not accepted due to
550-5.7.26 domain's DMARC policy. Please contact the administrator of
550-5.7.26 mydomain.com domain if this was a legitimate mail. Please visit
550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the
550 5.7.26 DMARC initiative. b188-20020a0219c5000000b00374fc138a68si529328jab.152 - gsmtpSubject:
[NinjaFirewall] Alert: File Guard detection
From:
"NinjaFirewall" <[email protected]>
Date:
24/11/2022, 17:39
To:
[email protected]Someone accessed a script that was modified or created less than 10 hour(s) ago:
SERVER_NAME: www.mydomain.com
USER IP: xxx.xxx.xxx.xxx
SCRIPT_FILENAME: /home/server/public_html/mydomain.com/wp-admin/admin-ajax.php
REQUEST_URI: /wp-admin/admin-ajax.php
Last changed on: November 24, 2022 @ 03:05:23 (UTC -0500)I cannot configure the DMARC, dkim, and spf for [email protected]. Is it possible to send the File Guard detection emails also with the same email address as the other Alerts?
Cheers
]]>i have a problem with one of the firewall policies of Ninja Firewall.
If starting a backup with duplicator pro it will render 5% and than nothing happens.
In the Firewall log the following message appears:
[04/Aug/22:07:39:34 +0000] - XXXXXXXXXX "GET /wp-admin/admin-ajax.php?action=duplicator_pro_process_worker&now=1659598774" "https://www.xxxxxx.xx/wp-admin/admin-ajax.php?action=duplicator_pro_process_worker&now=1659598774" "WordPress/6.0.1; xxxx"
When i switch off the policy for “WordPress Ajax” everything is fine and duplicator creates a backup. But i don’t want to leave this setting switched off for longer.
I’ve tried some settings in duplicator, but nothing worked.
Is this a known issue or does anyone have a simple fix?
Thanks in advance
Martin
I’m using the “standard” docker image of wordpress and I tried to run the troubleshooting that says the following (not very helpful):
NinjaFirewall (WP edition) troubleshooter
HTTP server : Apache/2.4.51 (Debian)
PHP version : 7.4.27
PHP SAPI : APACHE2HANDLER
auto_prepend_file : /var/www/html/wp-content/nfwlog/ninjafirewall.php
Loader's path to firewall : /var/www/html/wp-content/plugins/ninjafirewall/lib/firewall.php
wp-config.php : found in /var/www/html/wp-config.php
NinjaFirewall detection : NinjaFirewall is loaded but returned error code #3
Loaded INI file : none
user_ini.filename : .user.ini
user_ini.cache_ttl : 300 seconds
User PHP INI : none found
DOCUMENT_ROOT : /var/www/html
ABSPATH : /var/www/html/
WordPress version : 5.8.2
WP_CONTENT_DIR : /var/www/html/wp-content
Plugins directory : /var/www/html/wp-content/plugins
User Role : Administrator
User Capabilities : manage_options: OK - unfiltered_html: OK
Log dir permissions : /var/www/html/wp-content/nfwlog dir is writable
Cache dir permissions : /var/www/html/wp-content/nfwlog/cache dir is writable
NinjaFirewall (WP edition) troubleshooter v1.9.4
Another troubleshooter said
Version: 2.0.2
Found /var/www/html/wp-config.php.
Opening it for reading.
Looking for DB_NAME, DB_USER, DB_PASSWORD, DB_HOST and $table_prefix:
cannot read DB_NAME
cannot read DB_USER
cannot read DB_PASSWORD
cannot read DB_HOST
cannot read table_prefix
Notice: Undefined index: DB_HOST in /var/www/html/wg-db.php on line 193 Attempting to connect to the DB: Notice: Undefined index: DB_HOST in /var/www/html/wg-db.php on line 125 Notice: Undefined index: DB_USER in /var/www/html/wg-db.php on line 125 Notice: Undefined index: DB_PASSWORD in /var/www/html/wg-db.php on line 125 Notice: Undefined index: DB_NAME in /var/www/html/wg-db.php on line 125 Warning: mysqli_real_connect(): (HY000/2002): No such file or directory in /var/www/html/wg-db.php on line 125 Connection Error: No such file or directory
Exiting.
but wp-config contains:
root@ca88017b661f:/var/www/html# grep DB_ wp-config.php
define( 'DB_NAME', getenv_docker('WORDPRESS_DB_NAME', 'wordpress') );
define( 'DB_USER', getenv_docker('WORDPRESS_DB_USER', 'example username') );
define( 'DB_PASSWORD', getenv_docker('WORDPRESS_DB_PASSWORD', 'example password') );
define( 'DB_HOST', getenv_docker('WORDPRESS_DB_HOST', 'mysql') );
define( 'DB_CHARSET', getenv_docker('WORDPRESS_DB_CHARSET', 'utf8') );
define( 'DB_COLLATE', getenv_docker('WORDPRESS_DB_COLLATE', '') );Previously I was using htaccess password protection for wp-login.php. Thats OK if you are the only one person handling the website. If there are other users / woocommerce customers, then htaccess password lock doesn’t work. If you keep it on, it asks for ht password for a customer who is trying to signout. That was annoying. This plugin is more than a Firewall. Its a two factor auth too, You also get some wp hardening features.
Moreover, this plugin has almost negligible impact on resources. They also have a scanner which can be integrated with Firewall Plugin. Firewall Signatures are received almost real-time unlike other plugins. Thanks to the Authors of this most underrated plugin. If you are reading this, if satisfied with this, consider supporting the author. ]]>
I have Ninja Firewall installed and also Wordfence. If I enable File Guard in NFW I keep getting alerts from NFW warning me that
`== NinjaFirewall File Check (diff)
== https://www.chomage-et-monnaie.org
== Fév 11, 2021 @ 14:18:42 +0100
[+] = Nouveau fichier [!] = Fichier modifié [-] = Fichier supprimé
[!] /home/chomagee/www/wp-content/wflogs/config-synced.php
[!] /home/chomagee/www/wp-content/wflogs/rules.php
[!] /home/chomagee/www/wp-content/wflogs/config-transient.php
[!] /home/chomagee/www/wp-content/wflogs/config-livewaf.php
[!] /home/chomagee/www/wp-content/wflogs/ips.php
I inserted the following line in the “Excluded files” field
/home/chomagee/www/wp-content/wflogs/
But it does not change anything. The alerts go on.
What is wrong in my settings ?
gabier
I am using Ninja Firewall combined with All in one wordpress security.
Help me out this.
Thanks in Advance!!!
Version Info:
Ninja Firewall lastest version,
Wordpress – 5.2.2
Just received a “weird” notification from Ninja Firewall claiming that one or more administrator accounts were modified in the database. After having a look at the email it was pointing at my very own ip address and no modifications were made on the two admins of the site. Both can login with own credentials, no emails or anything were changed.
What i have done is that i logged in to the server for about two to five minutes before the alert email. Any ideas what could have caused it?
Thanks.
]]>