WP Statistics component issues with RSFirewall component

  • Resolved mira25

    (@mira25)


    2 years, 1 month ago

    Good day,

    I use the WPStatistics component on my website along with the RSFirewall component to protect my website from possible attacks. I have automatic blocking of potentially dangerous IP addresses set in my firewall, and unfortunately it happens that RSFirewall also blocked IP addresses that were not dangerous. So I wrote to their support and with the help of the logs we came to the conclusion that the firewall was blocking the addresses due to an attempt to insert a remote file with URLs similar to this:

    wp_statistics_hit_rest=yes&track_all=0&current_page_type=search&current_page_id=0&search_query=http://rozvrhy hodin&page_uri=Lz9zPXJvenZyaHkraG9kaW4 | Match: =http://rozvrhy hodin&page_uri=Lz9zPXJvenZyaHkraG9kaW4

    The firewall obviously has a problem with the WPStatistics component. So I asked the developer of the RSFirewall component to tell me exactly what is wrong with the firewall on the WPStatistics component and this is the answer:

    Hello,

    As per the logs provided, the page is being blocked because there’s an URL in the parameters:

    search_query=    http://rozvrhy hodin&page_uri=Lz9zPXJvenZyaHkraG9kaW4

    Notice “    http://rozvrhy hodin”. This isn’t typical. I’m sure you’ve visited plenty of sites and URLs being part of the request is not a common occurrence. This is actually typical of bots/scripts that attempt to find a vulnerability on your website, hence why it’s blocked. I’m not sure what’s the legitimate reason for the search_query parameter to have “http://” in there, as it seems out of place. The rest of the parameter doesn’t look like a domain name but rather an actual query, for example these are extracted from your logs:
    Match: =    http://rozvrhy hodin
    Match: =    http://zaměstnanci  r.1987
    Match: =    http://Přihláška ke studiu na VOŠ

    Perhaps try contacting WPStatistics as maybe there’s a configuration error / bug causing this.

    Therefore, I would like to ask you if there is any way to set up WPStatistics so that the above-mentioned problem no longer occurs and I can use both components at the same time without problems?

    Thank you and have a nice day!

    Best regards

    M. Málek

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author VeronaLabs

    (@veronalabs)

    1 year, 12 months ago

    Hey @mira25,

    Thank you for bringing this issue to our attention and apologies for the delayed response. You made an excellent point regarding the handling of this parameter in the request.

    To enhance privacy and avoid detection by firewall systems like RSFirewall, I’ve decided to encode this value using base64, similar to the other parameters.

    You can view the commit here: 53c265c. We’ll be releasing the new version shortly.

    Best

    Thread Starter mira25

    (@mira25)

    1 year, 12 months ago

    Good day,

    thank you for your reply and for solving the problem. I noticed that Version 14.6.3 was released a little while ago. and I would like to ask if this problem has already been solved in it? I’ve been looking at the version history and I’m not entirely sure if I’m understanding correctly that this issue is fixed there as well?

    Thanks for your reply and have a nice day!

    Best regards

    M. Málek

    Plugin Author Mostafa Soufi

    (@mostafas1990)

    1 year, 11 months ago

    Hello,

    Thank you for replying, actually, I pointed out it in the screenshot of the changelog

    https://capture.dropbox.com/avTIt07y9COnQdCm

    Best

    Thread Starter mira25

    (@mira25)

    1 year, 11 months ago

    Good day,

    ok, thanks for the info and the fix.

    Best regards

    Thread Starter mira25

    (@mira25)

    1 year, 7 months ago

    Good morning,

    a few months ago we were working together on an issue where the RSFirewall component was blocking legitimate IP addresses due to a minor bug in the WP Statistics component (see previous posts in this thread). You fixed everything, released an update and everything was fine for about 3 months. But now I noticed that the same problem is happening again. Could you please check it?

    Thank you

    Plugin Support Amir

    (@amirfallah)

    1 year, 7 months ago

    Hi @mira25

    Please provide your website address along with a copy of the Site Health Info (Only WP Statistics) by going to Tools – Site Health – Info and clicking on ‘Copy site info to clipboard’ so that we can investigate the issue more accurately and resolve it.

    Regards,

    Thread Starter mira25

    (@mira25)

    1 year, 7 months ago

    Good day,

    thank you for the quick reply. I'm posting site health information below (WP Statistics only). The website address is oadomazlice.cz. However, the plugin is temporarily uninstalled at this time as I cannot afford to block more legitimate IP addresses. However, I am also sending a link to a screenshot showing why RSFirewall blocks addresses and what role WP Statistics plays in this:

    Screenshot download link: https://drive.google.com/file/d/1MN3d8seZTO-USOssx-5E6NT6DDq2mTRh/view?usp=drive_link

    Website status information:
    This section contains debug information about your WP Statistics settings to help you troubleshoot issues.

    Verze	14.10
    Detect Active Cache Plugin	Disabled
    Active Post Types	post, page, e-landing-page, elementor_library, udb_admin_page
    Daily Salt Date	2024-08-27
    GeoIP Database Exists	Ano
    GeoIP Database Last Updated	2024-02-29 09:22:41
    GeoIP Database Size	65 MB
    GeoIP Database Type	GeoLite2-City
    Monitor Online Visitors	Enabled
    Track Logged-In User Activity	Disabled
    Store Entire User Agent String	Disabled
    Tracking Method	Server Side Tracking
    Bypass Ad Blockers	Disabled
    Anonymize IP Addresses	Enabled
    Hash IP Addresses	Enabled
    WP Consent Level Integration	Disabled
    Anonymous Tracking	Disabled
    Do Not Track (DNT)	Enabled
    View Stats in Editor	Zapnout
    Views Column in Content List	Zapnout
    Views Column in User List	Disabled
    Show Stats in Admin Menu Bar	Enabled
    WP Statistics Widgets in the WordPress dashboard	Zapnout
    Disable Inactive Essential Feature Notices	Disabled
    Views in Single Contents	Disabled
    Report Frequency	weekly
    User Role Exclusions	Administrátor
    IP Exclusions	Not Set
    Excluded Login Page	Enabled
    Excluded RSS Feeds	Enabled
    Excluded 404 Pages	Enabled
    Excluded URLs	Not Set
    Matomo Referrer Spam Blacklist	Disabled
    Log Record Exclusions	Disabled
    Minimum Role to View Statistics	manage_options
    Minimum Role to Manage Settings	manage_options
    IP Detection Method	REMOTE_ADDR
    GeoIP Database Update Source	js-deliver
    Automatic Cleanup	Disabled
    Purge Data Older Than	365
    PHP Extension (GMP)	Instalováno
    PHP Extension (BCMath)	Instalováno
    PHP Function (gzopen)	Instalováno
    PHP Class (PharData)	Instalováno

    Thank you and have a nice day!
    Matthew

    (@mhdizmni)

    1 year, 6 months ago

    Hi @mira25,

    We have just released version 14.10.2, which addresses the issue you were experiencing.

    Please update the plugin to the latest version, and feel free to reach out if you encounter any further issues.

    Thank you for your patience and understanding!

    Regards

    Thread Starter mira25

    (@mira25)

    1 year, 6 months ago

    Good day,

    thank you very much for the quick solution, I just installed the current version.

    Regards

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘WP Statistics component issues with RSFirewall component’ is closed to new replies.