Many attacks not blocked

  • Resolved lucius100

    (@lucius100)


    4 years, 10 months ago

    Hi, can you update the list with more expression ?
    I have many attacks that are not blocked.
    I would suggest u take a look at aapanel free nginx firewall expression.

    All these attacks are getting through.

    /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
    /wp-content/langar.php
    /.env
    /up.php
    /upload.php
    /wp-content/mu-plugins/db-safe-mode.php
    /wp-includes/small.php
    /wp-includes/lfx.php
    /wp-content/plugins/ubh/up.php
    /old-index.php
    /wp-1ogin_bak.php
    /wp-content/wp-1ogin_bak.php
    /cindex.php
    /wp-booking.php
    /alfa.php
    /alfindex.php
    /boom.php?x
    /wp-content/plugins/backup_index.php
    /wp-content/db_cache.php
    /admin.php
    /moduless.php
    /style.php
    /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello
    /adminer.php

    I have more that targeting my wordpress vulnerability.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Jeff Starr

    (@specialk)

    4 years, 10 months ago

    I do my own research and development for BBQ, but definitely will consider some of these patterns, Thank you for sharing @lucius100.

    Thread Starter lucius100

    (@lucius100)

    4 years, 10 months ago

    Does there any way to test the htaccess rules other than eval( ?
    I test on other server with eval( works, but on my production sites, it’s not working with htaccess rules.
    I plan to use htaccess to minimize plugin use.

    Plugin Author Jeff Starr

    (@specialk)

    4 years, 10 months ago

    Sure, you can test whichever rules you would like. Simply append to any site URL in the browser and click GO.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Many attacks not blocked’ is closed to new replies.