False Flag?

  • Resolved roaming1

    (@roaming1)


    3 weeks ago

    Getting critical warnings on some posts when I edit headings/titles. I am an admin user whitelisted in the plugin settings. It doesn’t happen very often (7 times) but is giving false flags for my ip. This is the first I have noticed these type of warnings (March). I am getting these sometimes when editing post headings-it does not happen all of the time…Any thoughts? Flagging my ip.

    05/Mar/26 11:10:12  #4974279  CRITICAL   115  66.XXXXXX    POST /index.php - Cross-site scripting - [RAW:POST = {"id":117723,"content":"<!-- wp:heading {\"textAlign\":\"left\",\"level\":3} -->\n<h3 class=\"wp-block-heading has-text-align-left\">Is an Briard Right for You?</h3>\n<!-- /wp:heading -->\n...] - petrage.net
    05/Mar/26 11:10:15  #6286043  CRITICAL   115  66.XXXXXXX    POST /index.php - Cross-site scripting - [RAW:POST = {"id":117723,"content":"<!-- wp:heading {\"textAlign\":\"left\",\"level\":3} -->\n<h3 class=\"wp-block-heading has-text-align-left\">Is an Briard Right for You?</h3>\n<!-- /wp:heading -->\n...] - petrage.net
    05/Mar/26 11:10:17  #2567711  CRITICAL   115  66.XXXXXXX    POST /index.php - Cross-site scripting - [RAW:POST = {"id":117723,"content":"<!-- wp:heading {\"textAlign\":\"left\",\"level\":3} -->\n<h3 class=\"wp-block-heading has-text-align-left\">Is an Briard Right for You?</h3>\n<!-- /wp:heading -->\n...] - petrage.net
    05/Mar/26 11:10:18  #1666409  CRITICAL   115  66.XXXXXXX    POST /index.php - Cross-site scripting - [RAW:POST = {"id":117723,"content":"<!-- wp:heading {\"textAlign\":\"left\",\"level\":3} -->\n<h3 class=\"wp-block-heading has-text-align-left\">Is an Briard Right for You?</h3>\n<!-- /wp:heading -->\n...] - petrage.net
    05/Mar/26 11:10:18  #1729650  CRITICAL   115  66.XXXXXXX     POST /index.php - Cross-site scripting - [RAW:POST = {"id":117723,"content":"<!-- wp:heading {\"textAlign\":\"left\",\"level\":3} -->\n<h3 class=\"wp-block-heading has-text-align-left\">Is an Briard Right for You?</h3>\n<!-- /wp:heading -->\n...] - petrage.net
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor bruandet

    (@bruandet)

    2 weeks, 6 days ago

    Do you see any error message about session or authentication in the NinjaFirewall > Dashboard page ?
    It looks like the session was lost or destroyed at that moment and you weren’t whitelisted anymore.

    Thread Starter roaming1

    (@roaming1)

    2 weeks, 6 days ago

    No change on the dashboard page-no errors were shown. I did not see any server error logs corresponding with the timestamps-not sure if there would be any-but confirmed none. I can’t replicate the behavior as it has appeard only 7 times out of hundreds of posts being edited/created. Must be as you suggested-that I was temporary removed from the whitelist. Not sure what happened exactly-but I will watch and follow-up if it happens again and I can pinpoint the behavior more.

    Firewall Enabled
    Mode NinjaFirewall is running in Full WAF mode.
    Version 4.8.3 ~ Security rules: 2026-03-02.1
    PHP SAPI FPM-FCGI ~ 8.3.30
    Admin user xxxxxxx You are whitelisted by the firewall.
    Help & configuration Securing WordPress with NinjaFirewall (WP Edition)

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.