Logging blocked enumeration attempts with a different status code
-
I have installed your plugin on one of my WordPress websites, and it has been working wonderfully. However, I’ve encountered a minor issue that I wanted to bring to your attention.
I monitor my server’s status using Grafana, and recently, I noticed a significant increase in 500 Internal Server Errors on the server hosting my WordPress site. After investigating the Apache logs, I discovered that there wasn’t actually a problem with the server itself. Instead, a bot was repeatedly trying to perform user enumeration by sending requests with
?author=ID
.While Stop User Enumeration successfully blocked these attempts, it logged them as internal server errors, which is somewhat misleading. I believe this behavior might be related to the following function:
public function check_request() {
/*
* Validate incoming request
*
*/
/* phpcs:ignore WordPress.Security.NonceVerification -- not saved just checking the request */
if ( ! is_user_logged_in() && isset( $_REQUEST['author'] ) ) {
/* phpcs:ignore WordPress.Security.NonceVerification -- not saved just checking the request */
$author = sanitize_text_field( wp_unslash( $_REQUEST['author'] ) );
/* phpcs:ignore WordPress.Security.NonceVerification -- not saved just checking the request */
if ( $this->ContainsNumbers( $author ) ) {
$this->sue_log();
/* phpcs:ignore WordPress.Security.NonceVerification -- not saved just logging the request, not form input so no unslash*/
wp_die( esc_html__( 'forbidden - number in author name not allowed = ', 'stop-user-enumeration' ) . esc_html( $author ) );
}
}
}The function wp_die by default returns a 500 error. Do you think it would be more appropriate if it instead returned a 403 forbidden status? Something like:
wp_die(
esc_html__( 'forbidden - number in author name not allowed = ', 'stop-user-enumeration' ) . esc_html( $author ),
esc_html__( 'Forbidden', 'stop-user-enumeration' ),
array( 'response' => 403 )
);
- The topic ‘Logging blocked enumeration attempts with a different status code’ is closed to new replies.