Recently blocked attacks.

  • Resolved Sean

    (@sean-h)


    4 years, 6 months ago

    Hi there,

    Saw this in the latest weekly email summary from 2 of my sites:

    August 29, 2020
    12:45pm
    185.130.xxx.xxx (Spain)
    Blocked for Siteground Optimizer <= 5.0.12 – Improper REST capabilities checks

    What’s interesting is the IP is that of the local ISP I’m using in Spain right now. Yes, I am hosting with Siteground and I have the latest version of their Optimizer plugin installed. (5.6.5)

    Any ideas what to make of this?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @sean-h and thanks for reaching out to us!

    If you do a google search on “Siteground Optimizer <= 5.0.12 – Improper REST capabilities checks” you will see a lot of information on a vulnerability issue that it had around a year ago with that specific version mentioned in the block. It looks as though Wordfence is catching this issue and blocking it.

    If you would like, send me a diagnostic so I can review it.

    Send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Thanks!

    Thread Starter Sean

    (@sean-h)

    Hi @wfadam

    I seem to have missed your reply. I did Google that and found the info about the vulnerability, but what I was asking was why was it coming from my IP address? Why was my local IP being blocked? I have just opened a premium ticket about my 2 premium sites that are doing funny things on my current internet connection.

    Diagnostics report sent, but I also forwarded the whole activity report for the same site.

    Regards,

    Sean H.

    Thread Starter Sean

    (@sean-h)

    Hi @wfadam

    I seem to have missed your reply. I did Google that and found the info about the vulnerability, but what I was asking was why was it coming from my IP address? Why was my local IP being blocked? I have just opened a premium ticket about my 2 premium sites that are also doing funny things on my current internet connection.

    Diagnostics report sent, but I also forwarded the whole activity report for the same site.

    Regards,

    Sean H.

    Plugin Support WFAdam

    (@wfadam)

    Thanks @sean-h for sending the diagnostic report! I was not able to locate the activity report though.

    Just looking over your diagnostic report, everything seems to be set correctly. I was thinking it was possible that your IP detection was set incorrectly but it looks to be fine. Are you using a CDN of any sort?

    You might want to clear the cache on the Siteground Optimizer and also the cache of any other site cache plugins you might be running.

    Let me know if this helps!

    Thanks!

    Thread Starter Sean

    (@sean-h)

    Hi @wfadam

    No, not using any kind of CDN. I have also cleared all caches, a few times. I think I’m just going to put this down to some unexplained anomaly. I’ll mark this as resolved, but I might unmark it and bump this topic, if it comes back. Here’s hoping it doesn’t ??

    • This reply was modified 4 years, 6 months ago by Sean.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Recently blocked attacks.’ is closed to new replies.