View Attacks Blocked

  • Resolved readytogosurvival

    (@readytogosurvival)


    8 years, 4 months ago

    @wordfence
    @mmaunder
    @markm

    Hello Wordfence Team,

    First, love the product. I enjoy getting my weekly emails from Wordfence. There is a section for ‘Recently Blocked Attacks’ which has been growing lately. I wish to see more details on these attacks and view past/current attacks at my leisure.

    Where are these attacks being logged?

    Thank you.

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi,
    In “Wordfence activity report” email, the “Recently Blocked Attacks” section shows part of these hits blocked by firewall, which you can also check from (Wordfence > Live Traffic) and set the “Filter Traffic” to “Blocked By Firewall”.

    Note: amount of data in “Live Traffic” is limited by the value set for “Amount of Live Traffic data to store” option in (Wordfence > Options => Live Traffic View).

    Thanks.

    Thread Starter readytogosurvival

    (@readytogosurvival)

    Thanks @wfalaa for your reply. I’m trying to find an event that happened on the 13th which was reported in the weekly summary email. However, adding the filter did not show any results at all. I am guessing the event was not saved b/c of the default data to store value. I’ve increased that value and will continue to check on it. In addition, I specifically need preview to the “Action” that was blocked. Will the “Action” information be present in the results of live traffic by adding the filter you suggested?

    If so, great. If not, I’d like to view any backed-end logs or tables where this is stored. Any recommendations will be appreciated.

    Thank you.

    Yes, you will be able to view the action that got blocked by firewall in “Live Traffic” with an option to whitelist it in case you think it was blocked by mistake (false positive).

    All the data displayed in “Live Traffic” are stored in wp_wfHits table in the database, but it’s limited to the number of rows you set for “Amount of Live Traffic data to store” option.

    Thanks.

    Thread Starter readytogosurvival

    (@readytogosurvival)

    Thanks @wfalaa.

    I’m looking through my DB and I do not see the ‘wp-wfHits’ table. I see only the below.

    wp_wfBadLeechers
    wp_wfBlockedIPLog
    wp_wfBlocks
    wp_wfBlocksAdv
    wp_wfConfig
    wp_wfCrawlers
    wp_wfFileMods

    Please Advise. Thank you.

    That’s a little bit strange, because these are the database tables that you should have after installing the plugin:

    wp_wfBadLeechers
wp_wfBlockedIPLog
wp_wfBlocks
wp_wfBlocksAdv
wp_wfConfig
wp_wfCrawlers
wp_wfFileMods
wp_wfHits
wp_wfHoover
wp_wfIssues
wp_wfLeechers
wp_wfLockedOut
wp_wfLocs
wp_wfLogins
wp_wfNet404s
wp_wfReverseCache
wp_wfScanners
wp_wfSNIPCache
wp_wfStatus
wp_wfThrottleLog
wp_wfVulnScanners

    If you are sure that not all the tables mentioned above exist in your database, then I recommend following these steps to reset the plugin data, remove the database tables and re-install the plugin again. (You can make use of the “Export” option to keep a copy of your settings that can be imported after re-installing the plugin).

    Let me know how it goes,
    Thanks.

    Thread Starter readytogosurvival

    (@readytogosurvival)

    Hello again,

    Thanks @wfalla for the above. I was able to successfully recover all the tables and they have been populating fine. I updated my email alert preferences to daily and I received two blocked attacks today. Both attacks where labeled “Blocked for Malicious File Upload (PHP)” under the Action.

    For general knowledge to others, you can find that data in the action and actionDescription columns of your DB. I used the below query.

    SELECT * FROM wp_wfHits WHERE actionDescription is not null

    or

    SELECT * FROM wp_wfHit WHERE action LIKE '%blocked%'

    Many thanks.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘View Attacks Blocked’ is closed to new replies.