Support

Admin Tools for WordPress

#35523 Weird Security Exception in log

Posted in ‘Admin Tools for WordPress’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

WordPress version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Wednesday, 18 August 2021 20:17 CDT

[email protected]

While scanning the security exceptions log I noticed this:

COM_ADMINTOOLS_LBL_SECURITYEXCEPTION_REASON_DFISHIELD https://mydomain/mdocs-posts/?mdocs-img-preview=../wp-config.php

I've never seen someone specifically target your plugin, so thought you might find it useful.

Also, not to beat a dead horse, but will you ever add a function to easily export the security log, for inclusion to government entities for investigation?

nicholas
Akeeba Staff
Manager

This is not weird, it comes from the DFIShield feature we removed. This was triggered every time a request includes a relative or absolute path to a file on your site. Unfortunately many WP plugins use exactly this kind of paths so people ended up disabling this feature anyway.

As you can see, someone tried to have the image preview in your MemphisDocuments Library plugin go through your wp-config.php file in hope they would trick it into dumping the contents of the .php file. And no, this plugin is not ours so nobody is targeting our plugin :)

Regarding the security log, I've already explained that this is just a simple database table. You can export it with phpMyAdmin or even create an Excel integration which pulls directly from your site's MySQL database. If you Google it there are very well documented instructions for doing so. I had been doing something like that to get sales stats about ten years ago.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.