Author Topic: /old/wp-admin/setup-config.php  (Read 1730 times)

Offline needsomehelp

  • Comodo Family Member
  • ***
  • Posts: 97
/old/wp-admin/setup-config.php
« on: May 12, 2017, 10:22:56 AM »
Hi anyone had attacks to wordpress sites like this below ? they have old or test or anyname and just attack them. anyway of stopping these with comodo ?

/old/wp-admin/setup-config.php
/test/wp-admin/setup-config.php

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 369
Re: /old/wp-admin/setup-config.php
« Reply #1 on: May 15, 2017, 04:55:35 AM »
You can use "userdata_bl_URLs" file for these purposes.

Offline needsomehelp

  • Comodo Family Member
  • ***
  • Posts: 97
Re: /old/wp-admin/setup-config.php
« Reply #2 on: May 15, 2017, 05:10:10 AM »
You can use "userdata_bl_URLs" file for these purposes.

Could you explain how i do this please. i also see loads of attacks on wp-login could do with tightening the rule to stop them

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: /old/wp-admin/setup-config.php
« Reply #3 on: May 15, 2017, 08:18:10 AM »
/old/wp-admin/ and /test/wp-admin could be placed in Comodo WAF - Userdata - Blocked URLs
It should resolve this issue.

Offline needsomehelp

  • Comodo Family Member
  • ***
  • Posts: 97
Re: /old/wp-admin/setup-config.php
« Reply #4 on: May 15, 2017, 08:27:59 AM »
/old/wp-admin/ and /test/wp-admin could be placed in Comodo WAF - Userdata - Blocked URLs
It should resolve this issue.

Hi so put them in userdata_bl_URLs like this below is that correct

# Put your blacklist of URL pathes here
# Only IPs from whitelisted list will be allowed to visit these URLs
/old/wp-admin/
/test/wp-admin

Offline akabakov

  • Comodo's Hero
  • *****
  • Posts: 375
Re: /old/wp-admin/setup-config.php
« Reply #5 on: May 15, 2017, 08:33:33 AM »
Yes, you are right.

Offline needsomehelp

  • Comodo Family Member
  • ***
  • Posts: 97
Re: /old/wp-admin/setup-config.php
« Reply #6 on: May 15, 2017, 08:38:46 AM »
Yes, you are right.

Thanks something new i have learnt. can you tell me how i make the rule for wp-login tighter getting loads of attacks for some reason.

Offline needsomehelp

  • Comodo Family Member
  • ***
  • Posts: 97
Re: /old/wp-admin/setup-config.php
« Reply #7 on: May 31, 2017, 12:24:17 PM »
Thanks something new i have learnt. can you tell me how i make the rule for wp-login tighter getting loads of attacks for some reason.

Hi still getting attacks on these URLs can you tell me do i need to add the full path like /wp/wp-admin/setup-config.php because i only added /old/wp-admin last time

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 369
Re: /old/wp-admin/setup-config.php
« Reply #8 on: May 31, 2017, 04:31:16 PM »
Hi still getting attacks on these URLs can you tell me do i need to add the full path like /wp/wp-admin/setup-config.php because i only added /old/wp-admin last time

Hi, I've tested your case and everything works fine, you can add any part of path to block that request, so simple string "/setup-config.php" (without quotes) in userdatat_bl_URLS should do the job.

Offline needsomehelp

  • Comodo Family Member
  • ***
  • Posts: 97
Re: /old/wp-admin/setup-config.php
« Reply #9 on: May 31, 2017, 05:40:17 PM »
Hi, I've tested your case and everything works fine, you can add any part of path to block that request, so simple string "/setup-config.php" (without quotes) in userdatat_bl_URLS should do the job.

Hi so i can just add /setup-config.php that will work for any name in front ? but i did get an high laod still might be bacuse they attacked all the wordpress sites on the server ? how fast does it block them and can i change to block them faster.

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 369
Re: /old/wp-admin/setup-config.php
« Reply #10 on: June 01, 2017, 05:10:48 AM »
Hi so i can just add /setup-config.php that will work for any name in front ? ...

Correct. Access to this page should be blocked immediately after web server restart for all IPs which not belongs to userdatat_wl_IPs file.

Offline needsomehelp

  • Comodo Family Member
  • ***
  • Posts: 97
Re: /old/wp-admin/setup-config.php
« Reply #11 on: June 20, 2018, 04:42:30 PM »
Correct. Access to this page should be blocked immediately after web server restart for all IPs which not belongs to userdatat_wl_IPs file.


Hi sorry to reply to this old topic, but all the blocked links i put in userdata_bl_URLs have all gone only noticed because i started getting attacks again. Any idea why they have all gone i can't remember whiat i added so got to do all the servers again now.

/setup-config.php
/old/wp-admin
/test/wp-admin
/wp-login.php

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 139
Re: /old/wp-admin/setup-config.php
« Reply #12 on: June 22, 2018, 10:57:49 AM »
Hi. It possible userdata files could be overwritten whith update to new version of rules, you should perform backup for your userdata files. Also please make sure that your userdata files doesn't contains '\r\n' but only '\n'.

Offline needsomehelp

  • Comodo Family Member
  • ***
  • Posts: 97
Re: /old/wp-admin/setup-config.php
« Reply #13 on: June 22, 2018, 02:04:56 PM »
Hi. It possible userdata files could be overwritten whith update to new version of rules, you should perform backup for your userdata files. Also please make sure that your userdata files doesn't contains '\r\n' but only '\n'.

Thanks but where would i find the backup files ?

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek