Missed file upload?

  • Hi,
    I was checking log and found few attempts to upload PHP files:

    POST /index.php - Blocked file upload attempt (MIME-type mismatch) - [kiri.php != image/png]
POST /index.php - Blocked file upload attempt (MIME-type mismatch) - [x.php != image/png]

    Marked as CRITICAL. But I saw one file upload which was allowed:

    POST /index.php - File upload detected, no action taken - [cmd.php (31 bytes)]

    Well, it definitely doesn’t look like legit upload at all. Any reason why WAF would let it? I don’t see it uploaded anywhere also.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    You have configured the firewall to allow uploads, hence the “no action taken”. If you want to block uploads, you need to change its configuration in the “Firewall Policies” page.

    Regarding “MIME-type mismatch”, it’s always blocked by the firewall, even if you allow uploads. See the documentation here: https://blog.nintechnet.com/securing-wordpress-with-a-web-application-firewall-ninjafirewall/?#file-uploads

    Thread Starter Jakub Knytl

    (@ltynk)

    Oh, I see… but if there is some kind of form for visitors to upload files then it will block it, right? Maybe it would be handy to allow & sanitize safe filetypes (or defined). Because uploading .PHP wouldn’t be legit in most cases. But not all uploads are from users to use whitelist options.

    Plugin Author nintechnet

    (@nintechnet)

    If you need to allow uploads for visitors, then you must disable the protection otherwise they won’t be able to upload.
    Allowing uploads while blocking dangerous files is a premium feature, I’m afraid:

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Missed file upload?’ is closed to new replies.