Title: A possible logging bug
Last modified: January 12, 2019

---

# A possible logging bug

 *  Resolved [CB](https://wordpress.org/support/users/cbrandt/)
 * (@cbrandt)
 * [7 years, 5 months ago](https://wordpress.org/support/topic/a-possible-logging-bug/)
 * Hi,
 * Today I had a bot blocked by NF while trying to get to a few .php pages on my
   site. As you can see below, the NF log recorded them as being hits to /index.
   php.
 *     ```
       12/Jan/19 10:39:36  #7969112  MEDIUM     306  51.38.48.186     GET /index.php - Bogus user-agent signature - [SERVER:HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)] - MYDOMAIN.com.br
       12/Jan/19 10:39:36  #5272081  MEDIUM     306  51.38.48.186     GET /index.php - Bogus user-agent signature - [SERVER:HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)] - MYDOMAIN.com.br
       12/Jan/19 10:39:41  #1561380  MEDIUM     306  51.38.48.186     GET /index.php - Bogus user-agent signature - [SERVER:HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)] - MYDOMAIN.com.br
       12/Jan/19 10:39:46  #5967783  MEDIUM     306  51.38.48.186     GET /index.php - Bogus user-agent signature - [SERVER:HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)] - MYDOMAIN.com.br
       ```
   
 * However, for the same timestamps (adjusted for the time zone difference), my 
   server raw access log have the file names recorded differently: [https://snag.gy/P4dNR0.jpg](https://snag.gy/P4dNR0.jpg).
 * Let me know if I can provide more info on this.
 * Thanks for this great plugin!
    -  This topic was modified 7 years, 5 months ago by [CB](https://wordpress.org/support/users/cbrandt/).

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [7 years, 5 months ago](https://wordpress.org/support/topic/a-possible-logging-bug/#post-11084123)
 * Hi,
 * It looks fine to me: your .htaccess may contain rewrite rules that redirect to
   the index.php page if the requested file does not exit. The HTTP server will 
   log the request URI, while NinjaFirewall will log the script name.
    For instance,
   if I go to `http://yoursite.com/inexistant/?%00`: Your HTTP server will log: `...
   GET /inexistant/?%00 HTTP/1.1 403...` NinjaFirewall will log: `...GET /index.
   php - ASCII character 0x00 (NULL byte)...`
 * The firewall will always log the real script name, which is the script that processed
   the request.
 *  Thread Starter [CB](https://wordpress.org/support/users/cbrandt/)
 * (@cbrandt)
 * [7 years, 2 months ago](https://wordpress.org/support/topic/a-possible-logging-bug/#post-11376543)
 * Thank you. I had read this a long time ago, but forgot to mark it as resolved.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘A possible logging bug’ is closed to new replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

## Tags

 * [log](https://wordpress.org/support/topic-tag/log/)

 * 2 replies
 * 2 participants
 * Last reply from: [CB](https://wordpress.org/support/users/cbrandt/)
 * Last activity: [7 years, 2 months ago](https://wordpress.org/support/topic/a-possible-logging-bug/#post-11376543)
 * Status: resolved