PSA: Beware | Nitro-Webhook-Agent

  • Resolved generosus

    (@generosus)


    1 month ago

    *** Public Service Announcement ***

    Issue:

    After complete removal of the plugin, NitroPack, the servers and/or IPs associated with NitroPack continue to ping or scrape websites for information via the user agent: Nitro-Webhook-Agent.

    Attacking IPs:

    46.101.77.196
    159.65.180.53
    178.62.81.205

    Click here for more information.

    Recommendations:

    1. Requesting Team Jetpack investigate in more detail this finding for comments and/or update their WAF rules for additional user protection.
    2. Until the issue is solved (permanently) by the developers of NitroPack, highly recommend blocking the above IPs and User Agent via Jetpack and/or CDN (via WAF rule).

    Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter generosus

    (@generosus)

    4 weeks, 1 day ago

    Note:

    The above recommendations apply only if the NitroPack plugin has been used in the past and is no longer needed.

    Cheers!

    Plugin Support Ajay Kumar Jain (a11n)

    (@akumarjain)

    3 weeks, 4 days ago

    Hi @generosus, thank you for your PSA post.

    We make WAF rules to block malicious requests trying to exploit vulnerabilities. That doesn’t seem to be the case here, so it’s something Jetpack WAF shouldn’t block. Also, if we add WAF rules to block these IPs, they will block them even if you have the NitroPack plugin installed and activated.

    I recommend contacting the NitroPack support team to discuss the issue you mentioned.

    Thread Starter generosus

    (@generosus)

    3 weeks, 4 days ago

    Hi Ajay,

    Yes, aware of that. Thank you. As stated above, the above recommendation applys only if the NitroPack plugin has been used in the past and is no longer needed.

    Cheers!

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.