Valkyrie movie watch online free.REGISTER NOW GET FREE 888 PESOS REWARDS!

(@hmkay)

Hi,

I wonder if I set up something wrong or if Wordfence is rather limited in recognizing vulnerability scans. I often see IPs doeing nothing else then trying to access SQLiteManager/main.php/; phpMyAdmin-4.2.1-english/ etc. without any delay yet Wordfence lists those as normal requests. Even in combination with suspicious browser Ids it won’t see a pattern.

If 404s for known vulnerable URLs exceed: 5 per minute

Doesn’t seem to work here, as those URLs aren’t recognized as vulnerable to begin with.

I also added a couple of URLs to: “Immediately block IPs that access these URLs” but that doesn’t seem to have any effect. For example I added /mysql/ to the list, but as seen below, request was treated as normal.

Example below:

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:59 +0000 -- 1479047999.644526 in Unixtime
Secs since last hit:	0.5333
URL:	https://my.website.com/SQLiteManager/main.php/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:59 +0000 -- 1479047999.111221 in Unixtime
Secs since last hit:	0.5256
URL:	https://my.website.com/SQlite/main.php/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:58 +0000 -- 1479047998.585640 in Unixtime
Secs since last hit:	1.0044
URL:	https://my.website.com/sqlitemanager/main.php/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:57 +0000 -- 1479047997.581240 in Unixtime
Secs since last hit:	0.5277
URL:	https://my.website.com/SQLiteManager-1.2.4/main.php/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:57 +0000 -- 1479047997.053568 in Unixtime
Secs since last hit:	0.5924
URL:	https://my.website.com/SQLite/SQLiteManager-1.2.4/main.php/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:56 +0000 -- 1479047996.461193 in Unixtime
Secs since last hit:	0.6425
URL:	https://my.website.com/sqlite/main.php/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:55 +0000 -- 1479047995.818699 in Unixtime
Secs since last hit:	0.6953
URL:	https://my.website.com/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:55 +0000 -- 1479047995.123389 in Unixtime
Secs since last hit:	0.7392
URL:	https://my.website.com/phpMyAdmin-4.2.1-english/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:54 +0000 -- 1479047994.384141 in Unixtime
Secs since last hit:	0.4620
URL:	https://my.website.com/phpMyAdmin-4.2.1-all-languages/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:53 +0000 -- 1479047993.922096 in Unixtime
Secs since last hit:	0.5668
URL:	https://my.website.com/myadmin/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:53 +0000 -- 1479047993.355331 in Unixtime
Secs since last hit:	1.0886
URL:	https://my.website.com/sql/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:52 +0000 -- 1479047992.266711 in Unixtime
Secs since last hit:	0.6643
URL:	https://my.website.com/mysql/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:51 +0000 -- 1479047991.602450 in Unixtime
Secs since last hit:	0.6326
URL:	https://my.website.com/phpMyAdmin/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:50 +0000 -- 1479047990.969840 in Unixtime
Secs since last hit:	0.7312
URL:	https://my.website.com/phpmyadmin/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:50 +0000 -- 1479047990.238684 in Unixtime
Secs since last hit:	0.6015
URL:	https://my.website.com/sql/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:49 +0000 -- 1479047989.637174 in Unixtime
Secs since last hit:	0.6871
URL:	https://my.website.com/mysql/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:48 +0000 -- 1479047988.950086 in Unixtime
Secs since last hit:	0.7044
URL:	https://my.website.com/MySQLDumper/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:48 +0000 -- 1479047988.245705 in Unixtime
Secs since last hit:	0.6969
URL:	https://my.website.com/mysqldumper/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:47 +0000 -- 1479047987.548830 in Unixtime
Secs since last hit:	0.6757
URL:	https://my.website.com/msd1.24.4/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:46 +0000 -- 1479047986.873130 in Unixtime
Secs since last hit:	0.7446
URL:	https://my.website.com/msd1.24stable/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:46 +0000 -- 1479047986.128495 in Unixtime
Secs since last hit:	0.4764
URL:	https://my.website.com/mySqlDumper/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Time:	17 hours 40 mins ago -- Sun, 13 Nov 16 14:39:45 +0000 -- 1479047985.652094 in Unixtime
Secs since last hit:	0.5646
URL:	https://my.website.com/msd/
Type:	Normal request
Full Browser ID:	Python-urllib/2.7
Location:	France France

Viewing 1 replies (of 1 total)

wfasa
(@wfasa)

8 years, 4 months ago

Hi hmkay,
I think those are not WordPress specific and it’s possible they could have legit uses on some sites. That may be why we are not blocking them on all sites.

However, you can still block them via “Immediately block IPs that access these URLs”, you just have to make the paths relative so they match all variations. For example, you could add this

*/mysql/*

Please note that this will block EVERYTHING that has /mysql/ in the URL. So if you make a blog post on your site called “mysql” anyone who tries to visit that would get banned. So be careful with the asterisks. They are very useful but can cause problems if used carelessly.

Hope that helps!

Viewing 1 replies (of 1 total)

The topic ‘Wordfence doesn’t recognize vulnerability scanning’ is closed to new replies.