Wild card as *.php?…

  • Resolved rod

    (@nomadarod)


    2 years, 10 months ago

    Hi,
    My site was hacked by Anonymousfox some time ago, and I see that I have many requests blocked in the firewal that end as ‘.php?Fox=d3wL7’
    Can I use the wild card as ‘/*.php?Fox=d3wL7’ so it blocks all (and only those) requests to .php files that are followed by ‘?Fox=d3wL7’ ?

    I’m afraid that it might block all php file requests instead.

    Cheers,
    Rod

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @nomadarod, sorry to see you had some trouble with a breach before.

    I saw you spoke with Tim and he provided you with some site cleaning details and some further information about what happened. I think similarly to the issue with attempted access to “/wqaofwbl.php” previously, the ?Fox=d3wL7 query string requests are also trying to hit your site in search of utilizing the previously present vulnerability.

    If they are showing in Live Traffic as blocked requests, this means that Wordfence is already identifying them and correctly blocking them as they arrive at your site. Wordfence, as an endpoint firewall, can deal with these appropriately when they hit your site but the act of adding them as a manual or custom block won’t stop them arriving so we generally feel this is an unnecessary step if Wordfence is stopping them on its own.

    Thanks,

    Peter.

    Thread Starter rod

    (@nomadarod)

    Thanks Peter for clarifying it.

    Have a great day
    Rod

    Plugin Support wfpeter

    (@wfpeter)

    You too! If you have any further Wordfence questions in future, please by all means start a new topic and we’ll be glad to help you out.

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Wild card as *.php?…’ is closed to new replies.