WordPress Firewall SEO Egghead and WASSUP Plugin

  • WordPress Firewall is blocking a number of IP’s where the offending parameter is similar to: wassup_screen_res = 1280×800

    It looks like the page requested is a perfectly normal page and not an admin page or a forbidden directory. Some of the IP’s will repeatedly show up after the first attempt as looking at the 404 page with the same offending parameter related to WASSUP.

    None of these users are logged in or have access to the WASSUP screen. Are they actually sending the string to hack in via Wassup or is there some kind of random collision between the Firewall plugin and the Wassup plugin?

    Anyone else seen this?

    This occurs on all three blogs where I use Firewall and Wassup. Firewall DOES block block SQL injection attacks reliably so I have intention of turning it off ??

    Example. IP address omitted:

    https://www.dougweb.com/doug/2009/03/salisbury-md-mayor-malicious-blogs-endangering-city/
    Warning: URL may contain dangerous content!

    Offending Parameter: wassup_screen_res = 1280×800

Viewing 10 replies - 1 through 10 (of 10 total)
  • Thread Starter popwireless

    (@popwireless)

    When I turn WASSUP off these occurrences cease. There must be some type of interaction between wassup and a visitor? The odd thing is that that screen res parameter changes.

    Is the firewall reacting to wassup collecting data in the background while a user is online?

    Anyone else notice this?

    Thread Starter popwireless

    (@popwireless)

    I also have noted that I do not have to be in Wassup for the occasional user to be blocked by the Firewall plugin. The Firewall thinks the user is sending the Wassup screen res = value. The appears to associated with the users screen res. I have inserted the various strings into the Firewall whitelist to see if that makes the problem go away.

    Thread Starter popwireless

    (@popwireless)

    Adding the variable strings like wassup_screen_res = 1280×768 in the white list variable fields does not appear to have any positive effect. I still get the sql injection emails.

    Hey popwireless – I had the same issue last night.

    I installed the firewall plugin and the wassup plugin, both in an effort to better secure my site and to be able to see when someone is trying to hack it.

    Things went crazy from there. when I tried to go to my site, I could not access it because the browser said it was trying to redirect and would wind up going nowhere. Firewall sent about a hundred “attack stopped” emails to me, each one saying that my own ip address was trying to make the request. It was always that screen res message.

    So I couldn’t get to my site or my admin panel. I went in via my ftp access and deleted the wassup plugin, but that still didn’t stop it.

    I had to use ftp to delete firewall, and everything went back to normal with my site.

    What a mess.

    So today I did some experimenting to see what’s going on with this. I reinstalled the firewall plugin but did not reinstall wassup.

    As soon as I activated firewall, things went awry. The login screen froze. I tried opening my blog in another window and it wouldn’t come up. Firewall sent a barrage of attack emails to me.

    Then I went into my browser’s cookie file and found my site cookie, looked in there and found wassup’s screen res entry.

    Deleted that from the cookie file, and now everything is back to normal with firewall. It lets me work with the site and doesn’t trigger messages.

    Problem is, though, that any of my visitors who would have stopped by while I had wassup running will have that entry in their cookie, and if I have firewall activated, it’ll probably go haywire next time they visit.

    Looks like I’ll have to leave them both off.

    For Wassup to run with “WordPress Firewall”, “wassup_screen_res” has to be added to Firewall’s Whitelist as a “Form Variable”.

    However, “WordPress Firewall” has 2 major problems that must be fixed ASAP before any Wassup user should use it:

    1. Firewall redirects incorrectly when WordPress core files are in a separate directory from the blog. This can send visitors to 404 page or server error page.
    2. The blogger’s own IP address is not excluded from being blocked. The current IP is NOT automatically added to Firewall’s IP Whitelist as a part of the activation process, so bloggers can find themselves blocked from their own blog once Firewall is active.

    WordPress Firewall is a great idea, but it’s code is not quite ready for real world use. Until then, Wassup users can check out “Bad Behavior” plugin as an alternative.

    Thread Starter popwireless

    (@popwireless)

    I turned off Bad Behavior because my blogs were a little sluggish using it and some legitimate spiders were getting clobbered. The Firewall plugin caught all of the sql injection attacks. There are still too many losers use on the Internet.

    The “wassup Screen res” form variable option does not work.

    I also noted that turning off Wassup was not always the answer. Guess I have to reconsider my options.

    i don’t know why im getting errors everytime i add a whitelist variable.

    Scott Winterroth

    (@countrymusicchicago)

    I’m having the same problems. Funny thing is, I deactivated Wassup like over a month ago prior to installing WP Firewall last night.

    I’m modifying the WordPress Firewall plugin to fix some of the errors reported in these forums. I’ve added the the default IP feature, so that the IP the plugin is activated from is automatically added to the whitelisted IP’s. I have not investigated the compatibility issues regarding Wassup.

    I will make the modified plugin available in the WP plugin repository as soon as I can.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘WordPress Firewall SEO Egghead and WASSUP Plugin’ is closed to new replies.