Attack?

  • Resolved wpprup

    (@wppraesenz)


    6 years, 7 months ago

    Hello,
    me again, obviously I am in a bad luck now. Having installed NF I had two registrations as users in my admin! Never before in all these years.
    One after another, in between them I changed the password (a really secure one). Despite that – and despite NF, they got into my account!

    There was an email adress as username but no user roll set (admin, author etc.).
    What do you suggest, this “Brute Force Attack” setting or even “Always On”? What are the disadvantages of this?
    And what do I write into “User” and “Password”, a second, totally new one and is this the one I have to use for my regular login? Or only when I cannot login myself?
    Sorry for all these questions, but this alien attack is not so funny…
    Thanks for help!

    • This topic was modified 6 years, 7 months ago by wpprup.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi

    There was an email adress as username but no user roll set (admin, author etc.).

    Did you receive an alert from NF? Do you see anything in the firewall log (search for “Blocked privilege escalation”)?

    To protect the admin:
    1. Set the Login Protection to “Always on.
    2. Create a username and password. DONT USE your admin login/password, create a NEW ONE, just for the login protection.

    When you will want to log in, you will get the brute-force protection page first:

    Enter you brute-force protection login/password, and then you will be redirected to the WP login page where you can enter your WP admin name and password.

    Thread Starter wpprup

    (@wppraesenz)

    Thank you very much again. A member of a WP forum had the brilliant idea that it could be the newsletter pop up plugin! The email address a subscriber inserted was transformed into a user account in the admin!! ?? (I am using the plugin for months and this did not happen.)
    How this can happen I really do not know and I will contact the plugin support.
    Yes, NF informed me per mail that the entries happened. But shouldn′t it stop such a process?

    Plugin Author nintechnet

    (@nintechnet)

    NinjaFirewall blocks privilege escalation attempts (that’s why your user has no role, it was blocked), but it does not block account creation because many plugins must be able to create account. But because the account has no role, it cannot do anything, it is harmless.

    How this can happen I really do not know

    It looks like you may have a vulnerability, and you see it now because NF blocked the attempt.

    NF informed me per mail that the entries happened.

    Can you post the notification here?

    Thread Starter wpprup

    (@wppraesenz)

    I have contact with the support of the plugin. The settings of the silders in question were: Set user role for subscriber: “none”.

    The NF notification (anonym.): (engl. New user registration on your website)

    “Neue Benutzerregistrierung auf deiner Website PraeSenZ:

    Benutzername: [email protected]

    E-Mail: [email protected]

    That I see the vulnerability above all is much more caused by seeing the new users in my account… ??
    Thanks.

    Plugin Author nintechnet

    (@nintechnet)

    Indeed, the notification you received is not related to NF privilege escalation protection, that’s a good news.

    Thread Starter wpprup

    (@wppraesenz)

    Thanks for your support. There is/was obviously a bug in this convertplus plugin.
    pooh… ??

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Attack?’ is closed to new replies.

Tags