Problems with MainWP. Base64-encoded POST Variable

  • Resolved idonteatmeat

    (@idonteatmeat)


    6 years, 4 months ago

    Hi,

    I am using MainWP for remotely managing the sites of my subscribed clients. Some functionality is blocked by NF interpreting it as an intrusion.

    ’24/Jul/18 02:29:28 #2957922 CRITICAL – 46.252.27.245 POST /index.php – BASE64-encoded injection – [POST:settings = YTo2MTp7czoxNzoiY2hpbGRfcGx1Z2luX25hbWUiO3M6MDoiIjtzOjE3OiJjaGlsZF9wbHVnaW5fZGVzYyI7czowOiIiO3M6MTk6ImNoaWxkX3BsdWdpbl9hdXRob3IiO3M6MDoiIjtzOjIzOiJjaGlsZF9wbHVnaW5fYXV0aG9yX3VyaSI7czow…]’
    ’24/Jul/18 02:29:28 #8884613 CRITICAL – 46.252.27.245 POST /wp-admin/admin-ajax.php – BASE64-encoded injection – [POST:settings = YTo2MTp7czoxNzoiY2hpbGRfcGx1Z2luX25hbWUiO3M6MDoiIjtzOjE3OiJjaGlsZF9wbHVnaW5fZGVzYyI7czowOiIiO3M6MTk6ImNoaWxkX3BsdWdpbl9hdXRob3IiO3M6MDoiIjtzOjIzOiJjaGlsZF9wbHVnaW5fYXV0aG9yX3VyaSI7czow…]’

    I really don’t want to disable that policy. So I tried to whitelist my servers IP via .htninja but that doesn’t work. The only way of not giving up on any of these softwares would be to disable that. Or would there be any safe way around this?

    Second question. When testing I noticed one client site letting those requests through despite having this option enabled as well as “Block any access to the REST API” enabled. NF is running in FAW mode. Would that mean the firewall is broken on that site?

    Btw. sorry for asking so much. But I have a lot of clients and pitching a new software to them I need to be really certain that everything works together nicely.

    Thank you for your time!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    Normally, adding this code to the .htninja should be all you need to whitelist the IP:

    <?php
/*
 +====================================================================+
 | NinjaFirewall optional configuration file                          |
 |                                                                    |
 | See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
 +====================================================================+
*/

if ( $_SERVER["REMOTE_ADDR"] == '46.252.27.245' ) {
   return 'ALLOW'; // whitelist
}

    Check in the “Overview” page to make sure the .htninja is detected and loaded by the firewall:

    Regarding the REST API, you should receive a “403 Forbidden” HTTP code and the following content:

    {"code":"nfw_rest_api_access_restricted","message":"Forbidden access","data":{"status":403}}

    You can test it easily, for instance: https://some-site.com/wp-json/wp/v2/posts.
    Make sure to log out of the dashboard first, so that you aren’t whitelisted by the firewall.

    Thread Starter idonteatmeat

    (@idonteatmeat)

    Thanks, .htninja was not working due to me stupid putting it in document root instead of one folder above like you mention in the docs.

    Regarding the other issue I will open a new ticket because it seems NF is not working at all on this site despite it tells me running in FAW mode and everything should be ok.

    Thank you.

    Thread Starter idonteatmeat

    (@idonteatmeat)

    Any way to mark those posts as private? Wasn’t my intention to spread that servers IP.

    Plugin Author nintechnet

    (@nintechnet)

    All posts are public and no one can change that I’m afraid.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Problems with MainWP. Base64-encoded POST Variable’ is closed to new replies.