Pareto Security blocking after media deletes?

  • Resolved gizmomol

    (@gizmomol)


    6 years, 7 months ago

    On my website, Pareto Security version 2.1.5 is blocking authors that delete a media item. I was using WP 4.9.7, when I first saw this. I upgraded to 4.9.8 before doing these tests, because I hoped it would fix the blocking.

    I verified I was blocked and also the addition of .htaccess “deny from addresses” on two systems, a server, and my Linux PC.

    On my PC, I deleted the .htaccess deny entry, then deleted the entry via the “Pareto Security” Incidents List. (I had to remove the .htaccess entry in order to access the WP “Pareto Security” panel)

    Then, I disabled all plugins except “Pareto Security”. After I deleted another media item, I was blocked again.

    The log shows Severity: “Medium”, Req: “GET”, Filename: “post.php”, Vector: “[Banned] Arbitrary File Deletion Attempt: /var/www/website/public_html/wp-content/uploads/2018/08/img_7647-121×81.jpg”

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter gizmomol

    (@gizmomol)

    Just realized I am also seeing blocks after media deletes with Req: “POST” and Filename “admin-ajax.php”

    Plugin Author te_taipo

    (@te_taipo)

    Thanks very much for your feedback. Working on a fix for that now.

    Thread Starter gizmomol

    (@gizmomol)

    Its not really a bug after all.

    I originally had my site set up with a non-standard wp-content folder because it helped reduce the attempts to mine the wp-content folder for bad plugins vulnerabilities. The wp-config docs say we can redefine those, but my experience in thew last two years is it interfered with too many updates.

    Eventually I changed the folder back to wp-content and used a symbolic link to wp-content for my original folder name. There must still be some of the old folder name in the wp_posts guid field.

    I found that if I changed the function “check_filenames()” file_path to use this instead of the original, it does not block anymore:


    $file_path = wp_upload_dir()['basedir'];

    Thanks for your very useful plugin.

    Plugin Author te_taipo

    (@te_taipo)

    No problems. In fact, it made me have another look at that part of the code, and was able to make it work better anyways. So update just posted with the changes.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Pareto Security blocking after media deletes?’ is closed to new replies.