gstark
Forum Replies Created
-
Oh, if I allow uploads, what are the downsides of that setting?
Am I still protected from other upload attempts from non-logged-in users?
Test #1.
Notifications were already set as described. Logged out. Logged in. No email received.Test #2
Logged in to child site, created a new user as admin.
Logged out.
Logged in as new user; no email received.
Unable to upload file; script response below.Session was already started. Checking "nfw_goodguy" session flag: ERROR: not found.Just logged back in to main site. Email received …
Someone just logged in to your WordPress admin console: -User : gstark (administrator) -IP : x.x.x.x -Date : December 1, 2015 @ 12:34:57 (UTC +1100) -Blog : http://multi.redbacksweb.com/ NinjaFirewall (WP Edition) - http://ninjafirewall.com/ Support forum: http://ww.wp.xz.cn/support/plugin/ninjafirewallBoth users now shown in users list.
These are the two relevant lines from the log …
01/Dec/15 23:29:26 #5624199 critical - x.x.x.x POST /wp-admin/async-upload.php - Blocked file upload attempt - [DSC_0013_small.jpg, 98,762 bytes] - jazznblues.com.au 01/Dec/15 23:34:57 #6234808 info - x.x.x.x POST /wp-login.php - Logged in user - [gstark (administrator)] - multi.redbacksweb.comThat doesn’t seem to be the case. When I look at the users page for the primary site, I see my name as a user, listed as superadmin.
When I switch to the secondary site, I see my name on the users’ page, listed as a site admin.
I receive no such warning about a user “not in users list”. I presume that such an event would be in the logs, but there’s no such entry either.
Thank you. I look forward to your further results.
For my main site, it shows me as superadmin, for the site in question – a sub-site – it says admin.
But there is just the one user only – me – with just the one login id and password
Script output is
`Session was already started.
Checking “nfw_goodguy” session flag: ERROR: not found.’As noted above, I am the only user, so I am both the superadmin and the admin
Thank you.
Nothing in the Ninja Overview page, which also shows that I am whitelisted.
On the upload page, I am shown the there’s a http error, which is consistent with Ninja rejecting the file.
When I change the policies setting to allow uploads, it all works, but my understanding is that it should work for me, as the admin, regardless.
Here’s the relevant log entries from a further test I just performed, using a different IP address than yesterday.
01/Dec/15 06:46:37 #4282411 critical - x.x.x.x POST /wp-admin/async-upload.php - Blocked file upload attempt - [DSC_1029_test.jpg, 81,446 bytes] - jazznblues.com.auAfter changing the policies uploads setting …
01/Dec/15 06:51:52 #3279543 upload - x.x.x.x POST /wp-admin/async-upload.php - Allowing file upload - [DSC_1029_test.jpg, 81,446 bytes] - jazznblues.com.auI have screen shots of the relevant screens if you need to see them.