Blocked Entries – XSS: Cross Site Scripting

  • Resolved ma3ry

    (@ma3ry)


    5 years, 5 months ago

    I am seeing many blocked entries from an IP that I recognize as another of my websites. The error is

    Montreal, Canada?was?blocked by firewall for XSS: Cross Site Scripting in POST body: headers=HTTP%2F2%20200%20%0D%0Aset-cookie%3A%20fr%3D1c0642CpTEEcyBaA7..Bdmmix.Ul.AAA.0.0.Bdmmix.AWWO7fGc%3B%…?at?https://resources.christiangays.com/wp-admin/admin-ajax.php?wplnst_crawler=11&wplnst_nonce=a864da9c76&wpl…
    10/6/2019 6:20:33 PM (7 minutes ago)??
    IP:?142.44.176.145?Hostname:?ip145.ip-142-44-176.net
    Human/Bot:?Bot
    Browser:?undefined
    WPLNST HTTP Requests script

    Can you tell me please how I fix this. Thank you.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @ma3ry,

    Are you by any chance using the plugin WP Broken Link Status Checker on another website?

    This plugin scans all the links on a website ( based on your scan settings, https://i.imgur.com/ZnxQzE2.png ), and reports if any links are broken.

    There’s two ways you could unblock traffic:

    1. Unblock any traffic coming from WP Broken Link Status Checker.

    This method would allow any website (not just the ones you own), to use WP Broken Link Status Checker to see if your site is online or not.

    To do this:

    A) Go into Wordfence -> All Options -> Whitelisted URLs
    B) Put / for the URL
    C) Select Param Type: POST Body for the dropdown
    D) Put headers for the Param Name
    E) Add, and Save Changes

    Example: https://i.imgur.com/4nVcjcQ.png

    2. Unblock only your other site

    This method would whitelist your other site’s IP address entirely, so your other site will never show up blocked within Live Traffic / Firewall.

    To do this:

    A) Go to Wordfence -> All Options -> Advanced Firewall Options
    B) Put 142.44.176.145 within `Whitelisted IP addresses that bypass all rules
    C) Save Changes

    Example: https://i.imgur.com/R4HZTBj.png

    You could also apply both options, allowing WP Broken Link Status Checker and your other site to connect.

    Dave

    Thread Starter ma3ry

    (@ma3ry)

    Many thanks! That is exactly what I needed. I had already whitelisted the IP so also added option #1. It is perfect!

    Much appreciated!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Blocked Entries – XSS: Cross Site Scripting’ is closed to new replies.