[Wordpress] DNS rebinding attack

[alex-malone]

Platform

AWS

bndiagnostic ID know more about bndiagnostic ID

5dfef8f3-c6da-d4f0-ecf5-cdbd818e11a5

bndiagnostic output

Apache: [Fri Mar 03 12:45:44.225968 2023] [proxy_fcgi:error] [pid 18207:tid 140497976653568] [client ip_address:9806] AH01071: Got error 'PHP message: PHP Warning: file_get_contents(): Peer certificate CN=x' did not match expected CN=x' in /bitnami/wordpress/wp-content/themes/x/inc/media.php on line 32PHP Press [Enter] to continue: message: PHP Warning: file_get_contents(): Failed to enable crypto in /bitnami/wordpress/wp-content/themes/x/inc/media.php on line 32PHP message: PHP Warning: [Fri Mar 03 12:45:44.248144 2023] [proxy_fcgi:error] [pid 18207:tid 140497976653568] [client ip_address:9806] AH01071: Got error 'PHP message: PHP Warning: file_get_contents(): Peer certificate CN=x' did not match expected CN=x' in /bitnami/wordpress/wp-content/themes/x/inc/media.php on line 32PHP message: PHP Warning: file_get_contents(): Failed to enable crypto in /bitnami/wordpress/wp-content/themes/x/inc/media.php on line 32PHP message: PHP Warning: [Fri Mar 03 13:43:15.102548 2023] [autoindex:error] [pid 18007:tid 140498077366016] [client ip_address:61927] AH01276: Cannot serve directory /opt/bitnami/wordpress/wp-admin/css/: No matching DirectoryIndex (index.html,index.html,index.htm,index.php) found, and server-generated directory index forbidden by Options directive, referer: binance.com

bndiagnostic was not useful. Could you please tell us why?

I don't think they are related

Describe your issue as much as you can

Hi,

I inherited a site and have recently been getting alerts from AWS that my site is performing DNS lookups that may indicate that it is a target of a DNS rebinding attack.

I took a look at configuring apache to only respond to requests with the hostname that it is configured to serve by setting up virtual hosts.

I tried doing this using the DocumentRoot already set in apache config (/opt/bitnami/apache/conf/httpd.conf), but noticed this directory points to a generic HTML file - I checked for symlinks but there aren't any.

I cannot find any other relevant file that points to the correct DocumentRoot, therefore I can't understand how the correct pages are being served. I setup the VirtualHost directive anyway and as expected my site then showed this generic html page.

1. Are there any other files that have configuration for DocumentRoot and serving pages?
2. Is there a different way to find out what DocumentRoot should be? Cpanel doesn't seem to be installed or work.
3. Is there some other bitnami related config that I should be looking at?
4. Any other suggestions for avoiding DNS rebinding attacks?

Thanks

[mdhont]

The document root for WordPress is /opt/bitnami/wordpress

You can find the vhost configuration files for WordPress in /opt/bitnami/apache/conf/vhosts

For securing your site, I recommend checking the following guide:

https://docs.bitnami.com/aws-templates/apps/wordpress/troubleshooting/enforce-security/

An option would be to launch a new instance and then migrate your old site there:

https://docs.bitnami.com/aws/how-to/migrate-wordpress/

[alex-malone]

Thanks, however over port 80 that DocumentRoot path gave me a forbidden error, and over 443 a security error (which is likely masking another security error).

[mdhont]

In that case I recommend the second option. I also recommend asking in a dedicated WordPress forum.

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions[bot]]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.