PSA: Beware | Nitro-Webhook-Agent

  • Resolved Generosus

    (@generosus)


    4 months, 2 weeks ago

    *** Public Service Announcement ***

    Issue:

    After complete removal of the plugin, NitroPack, the servers and/or IPs associated with NitroPack continue to ping or scrape websites for information via the user agent: Nitro-Webhook-Agent.

    Attacking IPs:

    46.101.77.196
    159.65.180.53
    178.62.81.205

    Click here for more information.

    Recommendations:

    1. Requesting Team Solid Security investigate in more detail this finding for comments and/or update their WAF rules for additional user protection.
    2. Until the issue is solved (permanently) by the developers of NitroPack, highly recommend blocking the above IPs and User Agent via Solid Security and/or CDN (via WAF rule).

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Generosus

    (@generosus)

    Note:

    The above recommendations apply only if the NitroPack plugin has been used in the past and is no longer needed.

    Cheers!

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @generosus, please excuse the delayed response, and thank you for providing clear information and recommendations about this issue!

    I’ve read the linked support thread and it looks like the NitroPack team has already applied some changes in their system to resolve this.

    I’ll close this ticket for now, but if the issue comes back, let me know and I’ll forward these recommendations to our team internally.

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.