Cloudflare blocks a request from this plugin almost every second

  • Resolved towytowy

    (@towytowy)


    2 years, 9 months ago

    Hi, I’ve been using this plugin for a little while now, and I love it. Thanks a lot for creating it!

    I have though been experiencing one issue, I see that it pings the site every second, which I assume isn’t normal and is causing fatigue for the site.

    See attached image: https://ibb.co/TTrnskn

    This is the Cloudflare firewall which seems to be blocking it, now this could be an issue in itself and please let me know if I should whitelist this path. But I assume it isn’t and that pinging itself every second isn’t good for performance.

    I’m pretty lost here, I hope you can guide me in the right direction. Thanks!

    The page I need help with: [log in to see the link]

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Author alx359

    (@alx359)

    Hello @towytowy ,

    Thanks for your report.

    hicitypods.com has nothing to do with Gateway for Wise on WooCommerce. Our plugin is completely passive and doesn’t ping nor use any site whatsoever. Essentially, it just publishes a list of Wise accounts for your customer to pay their checkout amount to. Nothing more, nothing less. No API’s, no connection to 3rd-parties. As simple as that.

    That said, the screenshot seems to be from activity originating from https://hicitypods.com and trying to “feel” a path in your website that happens to be from our plugin. To confirm, please look at similar activity to other parts of your website. Cloudflare’s firewall should be filtering all such kind of stuff automatically anyway.

    If you haven’t already, would suggest to also setup an established security plugin like Sucuri, Wordfence, etc. I personally like a less-known one named Pareto Security for being less resource-intensive, but don’t take my word for it and do your due diligence.

    Additionally, from time to time would suggest to scan your site for malware with something like gotmls.

    HTH.

    Thread Starter towytowy

    (@towytowy)

    Thanks for your quick answer.

    That is odd, Cloudflare only filters the one with the path for the Wise plugin. The only other thing I can find is my cron job that get’s filtered as well, but that is far less frequent as with the Wise plugin. I’ll try to run a malware scan, thanks for the tip!

    I used to use Wordfence but deleted it cause it ate too much CPU ?? I might check out Pareto Security out.

    Thread Starter towytowy

    (@towytowy)

    So I temporarily deleted the Wise gateway today and the pinging stopped. I believe you when you say that the plugin itself isn’t doing the pinging. But I’d really like to know what is then, and if it’s critical or not.

    Thanks,
    Towy

    Plugin Author alx359

    (@alx359)

    Hi Towy,

    If you hit Cloudflare > [yourdomain.com] > Firewall > Firewall Rules

    It says:

    Firewall Rules
    Control incoming traffic to your zone by filtering requests based on location, IP address, user agent, URI, and more.

    That means the traffic you’re seeing is originating from outside your website. So you’re being specifically targeted by intruders/bots for whatever reason. I don’t know why hicitypods.com would be interested in specifically targeting the Wise plugin though.

    Anyway, I’ve this rule enabled to protect the plugins directory against foreign attacks:

    
(http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains "/wp-admin/theme-editor.php")

    Action = Block

    If you also keep your origin’s security tight enough with something like Pareto Security, and from time to time check for other malicious intrusions with something like gotmls, I wouldn’t sweat for this issue anymore.

    HTH.

    Thread Starter towytowy

    (@towytowy)

    Okay makes sense, the only thing I still find eerie is that the server that the requests are coming from is Hetzner, which is the provider I use, and every time I disable the plugin it stops.

    Thanks for the firewall rule, I will use that.

    Plugin Author alx359

    (@alx359)

    It probably stops because it isn’t a valid path anymore (404)

    Hi there, great plugin! I’m having this same issue. So many requests in my access log like this:
    GET /wp-content/plugins/wc-wise-gateway/ HTTP/1.0 403

    I have no cloudflare and the source IP is my own server. It means requests are going out from my own wordpress app, maybe jetpack maybe something else I don’t know but when I turn the plugin off, it just stops.

    Hope you can help, this topic seems resolved so maybe I open a new one?

    Thread Starter towytowy

    (@towytowy)

    I’m still having the issue, I’d love to see an official fix sometime.
    Alyabee’s comment confirmed my suspicion, it is coming from the origin server itself.

    Plugin Author alx359

    (@alx359)

    Hello guys, thanks for reporting!

    I reviewed the code and think found the culprit of such behavior. I’ve just pushed v2.1.3 that should address the issue you’re having. Please report back how it goes.

    It seems resolved to me, thanks. I hope we did not rush and break some functionality.

    Thread Starter towytowy

    (@towytowy)

    Awesome! Thank you for the quick fix ??

    Plugin Author alx359

    (@alx359)

    Glad to hear. I’m closing this ticket for now. Please report back if you may find any other issues.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Cloudflare blocks a request from this plugin almost every second’ is closed to new replies.