Title: Attacks not prevented
Last modified: May 28, 2023

---

# Attacks not prevented

 *  Resolved [scott8035](https://wordpress.org/support/users/scott8035/)
 * (@scott8035)
 * [3 years ago](https://wordpress.org/support/topic/attacks-not-prevented/)
 * Hi. I found traces of three attacks in my wp-content/debug.log file on a development
   system we have. They are shown below. My concern is: why didn’t the WAF catch
   these? They were eventually detected by the scanner.
 * [22-May-2023 21:51:08 UTC] PHP Warning: file_put_contents(/www/devph_206/public/
   wp-content/cache/flying-press/www.acornfinance.com//devmode.actionindex-debug
   =command-expression=(#_memberAccess[“allowStaticMethodAccess”]=true,#foo=new 
   java.lang.Boolean(“false”) ,#context[“xwork.MethodAccessor.denyMethodExecution”]
   =#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().
   exec(‘cat /etc/passwd’).getInputStream())).html): Failed to open stream: File
   name too long in /www/devph_206/public/wp-content/plugins/flying-press/src/Caching.
   php on line 106
 * [22-May-2023 21:52:58 UTC] PHP Warning: file_put_contents(/www/devph_206/public/
   wp-content/cache/flying-press/www.acornfinance.com//index.actionindex-cmd=cat/
   etc/passwd-encoding=UTF-8-method:#_memberAccess=@ognl_OgnlContext@DEFAULT_MEMBER_ACCESS,#
   res=@org_apache_struts2_ServletActionContext@getResponse(),#res_setCharacterEncoding(#
   parameters_encoding=Array-ppp= .html): Failed to open stream: No such file or
   directory in /www/devph_206/public/wp-content/plugins/flying-press/src/Caching.
   php on line 106
 * [22-May-2023 21:53:03 UTC] PHP Warning: file_put_contents(/www/devph_206/public/
   wp-content/cache/flying-press/www.acornfinance.com//api/pingindex-count=5-host
   =cat /etc/passwd-port=80-source=1.1.1.1-type=icmp.html): Failed to open stream:
   No such file or directory in /www/devph_206/public/wp-content/plugins/flying-
   press/src/Caching.php on line 106
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fattacks-not-prevented%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [dimal](https://wordpress.org/support/users/dimalifragis/)
 * (@dimalifragis)
 * [3 years ago](https://wordpress.org/support/topic/attacks-not-prevented/#post-16777671)
 * Those are not attacks. They are warnings from PHP, coming from that plugin (flying-
   press). And keep in mind that page caching and Wordfence do not play well together.
 *  Thread Starter [scott8035](https://wordpress.org/support/users/scott8035/)
 * (@scott8035)
 * [3 years ago](https://wordpress.org/support/topic/attacks-not-prevented/#post-16777684)
 * [@dimalifragis](https://wordpress.org/support/users/dimalifragis/), if you look
   a little closer you can see the payload that was delivered past Wordfence and
   into the FlyingPress plugin, namely “cat /etc/passwd”. Also, I’ve had cached 
   sites using Wordfence for years with no issues, so I don’t know where all that’s
   coming from.
 *  [dimal](https://wordpress.org/support/users/dimalifragis/)
 * (@dimalifragis)
 * [3 years ago](https://wordpress.org/support/topic/attacks-not-prevented/#post-16777694)
 * [@scott8035](https://wordpress.org/support/users/scott8035/) I’m not familiar
   with that caching/optimizing plugin, still page caching doesn’t work right with
   Wordfence, especially if page caching is using “mod_rewrite” and not “php”.
 * I have checked your posted logs and i don’t believe this is an attack or anything
   to do with WF.
    -  This reply was modified 3 years ago by [dimal](https://wordpress.org/support/users/dimalifragis/).
 *  Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * (@wfpeter)
 * [3 years ago](https://wordpress.org/support/topic/attacks-not-prevented/#post-16782662)
 * Hi [@scott8035](https://wordpress.org/support/users/scott8035/), thanks for your
   message.
 * We did recently see a similar case of this recently. We believe your caching 
   plugin is trying to use part of the URL as a filename, but it was an invalid 
   filename based on where the error occurred in Caching.php. It doesn’t point to
   an external request probing for a vulnerability.
 * Many thanks,
   Peter.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Attacks not prevented’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [exploit](https://wordpress.org/support/topic-tag/exploit/)
 * [scan](https://wordpress.org/support/topic-tag/scan/)
 * [waf](https://wordpress.org/support/topic-tag/waf/)

 * 5 replies
 * 3 participants
 * Last reply from: [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * Last activity: [3 years ago](https://wordpress.org/support/topic/attacks-not-prevented/#post-16782662)
 * Status: resolved