For the past 12 months or so, hackers have been scanning my site for phpMyAdmin setup scripts… For the past 2 months, my log entries are blank where the URL should be when they scan for phpMyAdmin… I know its the same people doing the same scans because of their locations. It says they were blocked at: (shows nothing here) then the rest of the log is fine. Most of the logs are still working right so they are obviously using code embedded in the URL to cause your firewall not to log what they’re accessing. I thought maybe you would patch it and fix it but, since you haven’t, here’s the report.
The page I need help with: [log in to see the link]
Hi @lestado, thanks for the detailed description of the issue you’re seeing.
As I can’t view the wp-admin section of your site, it’d be great if you could provide a precise example of the Live Traffic entries you’re seeing. If you’d like to send a screenshot directly to wftest @ wordfence . com, make sure to include your username in the subject and respond here when you’ve sent it so I can take a look.
You can alternatively obscure any sensitive information like IPs and include images here on the forums by clicking the “+” in a new paragraph block and selecting “Image“, then Upload once you’ve picked a file.
Oddly, I haven’t had any for the past two days, but my log is so full that about 2 days is all I have. I’m going to change my settings to save more entries, and I’ll keep an eye out for another example. Why isn’t there a way to access my entire log as text? I’ve been having a very difficult time reporting this situation to the FBI with your incomplete logs of SQL Injections.
I found an entry on another server on our domain to take a shot of. Uploading is disabled here so I’ll do it on my site and link it here. I embedded the image by using the url as well, but this site is broken I guess.
OK well, I guess I will find another security plugin since you won’t respond to this ticket. These blank logs are worthless and I need a solution that will provide me with complete logs I can send over to the FBI Cybersecurity Division. I was going to upgrade to premium but, when it takes a week to get a response from your team, I think there might be better customer service elsewhere.
Pete has been out this past week and I missed your responses as it was in his queue. None of the images you posted are available because you have disabled hotlinking on sitecrafters.pro.
Getting back to your issue at hand, I checked and you never sent in the diagnostics we asked for which would help us determine the problem. It could be some sort of issue where something on the site was blocking the live traffic display (opening a browser console might have shown you what exactly), or corruption of the database table that these blocks are recorded in, or something else entirely. Regardless, if you intend to work with the FBI I am certain they will want the raw access and error logs to examine so I’d advise backing those up so they are available when they ask.
