Several questions after first usage

  • Resolved schlafcola

    (@schlafcola)


    10 years, 9 months ago

    Hey, we have a website in a university network and therefore also a higher security setup. I have a few questions about wordfence since we are thinking of getting the premium version:

    1. I have not been able to connect to noc1.wordfence.com and our firewell admin is now asking which port he should open and if data is downloaded and if yes if this is done through https

    2. We have the .htacces file deactivated and code everything into the apache-config file directly, would this cause problems when using the falcon engine?

    3. Since we have brute force attacks, I wanted to manually block IPs and it seems to have worked but they are not diplayed in the Blocked IPs section. the same goes for the biweekly report, it is empty. I am guessing this might be related to Database permissions but I am not sure.

    Thank you very much!

    All the best

    Tino

    https://ww.wp.xz.cn/plugins/wordfence/

Viewing 6 replies - 1 through 6 (of 6 total)
  • WFSupport

    (@wfsupport)

    10 years, 9 months ago

    1. I believe port 443 and port 80 have to allow traffic. Outbound curl requests need to be allowed.

    2. No htaccess would have issues with Falcon since we add many rules for it to work there. Also blocks get written there after Falcon is enabled (I believe).

    3. The database user has to have all permissions including ALTER and UPDATE. Can you also verify how long an IP is blocked when it breaks a rule?

    tim

    Thread Starter schlafcola

    (@schlafcola)

    10 years, 9 months ago

    Dear Tim!

    Thank you so muich for the reply!

    I think an IP is actually not blocked at all upon closer inspection.
    I will get back to the topic one answer 1 and 3 have been implemented.

    All the best

    Tino

    Thread Starter schlafcola

    (@schlafcola)

    10 years, 9 months ago

    Hey,

    I have confirmed with the firewall admin that both port 443 and port 80 are allowing traffic. Still I cannot connect to the wordfence server.

    Other issues:

    Live traffic IPs are not displayed.

    It works though to block IPs that are using login names that are on our blacklist. So far the program works well even though we cannot check back against the wordpress repository.

    Thank you and keep up the good work!

    Plugin Author WFMattR

    (@wfmattr)

    10 years, 9 months ago

    For the connection issue, can you try the link at the bottom of the Wordfence Options page, titled “Click to test connectivity to the Wordfence API servers”, and post the output here?

    For the missing IPs in live traffic, it may be a database privilege issue, where the database user doesn’t have ALTER privilege. When you said the IPs are not displayed, does it say “false” instead? There is an example screenshot of this issue here:
    False is shown instead of an IP address in Live Traffic

    Thread Starter schlafcola

    (@schlafcola)

    10 years, 9 months ago

    Here is the output from the connectivity test:

    Wordfence connectivity tester

    DNS lookup for noc1.wordfence.com returns: 69.46.36.8

    STARTING CURL http CONNECTION TEST….
    Curl connectivity test failed with response:

    Curl HTTP status: 0
    Curl error code: 7
    Curl Error: couldn’t connect to host

    STARTING CURL https CONNECTION TEST….
    Curl connectivity test failed with response:

    Curl HTTP status: 0
    Curl error code: 7
    Curl Error: couldn’t connect to host

    Starting wp_remote_post() test
    wp_remote_post() test to noc1.wordfence.com failed! Response was: connect() timed out!

    Starting wp_remote_post() test
    wp_remote_post() test to noc1.wordfence.com failed! Response was: connect() timed out!

    Plugin Author WFMattR

    (@wfmattr)

    10 years, 9 months ago

    This does still look like a firewall or something else is blocking outbound connections, to both port 80 and 443. If it’s not the firewall on the server itself, it could be another firewall outside of the server that is blocking these connections.

    If it is not a firewall, it might be that SELinux is enabled and blocking the web server user from making outbound connections, but I think that would provide a different error message. If SELinux is blocking the connection, it should be logged in the site’s audit log, usually /var/log/audit/audit.log

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Several questions after first usage’ is closed to new replies.