Title: Counterespionage Firewall
Author: Floodspark
Published: <strong>2020 年 2 月 15 日</strong>
Last modified: 2022 年 7 月 19 日

---

搜索插件

![](https://ps.w.org/counterespionage-firewall/assets/banner-772x250.png?rev=2244683)

**该插件尚未通过WordPress的最新3个主要版本进行测试**。 当与较新版本的WordPress一起
使用时，可能不再受到维护或支持，并且可能会存在兼容性问题。

![](https://ps.w.org/counterespionage-firewall/assets/icon-256x256.png?rev=2244683)

# Counterespionage Firewall

 作者：[Floodspark](https://profiles.wordpress.org/floodspark/)

[下载](https://downloads.wordpress.org/plugin/counterespionage-firewall.1.6.0.zip)

 * [详情](https://cn.wordpress.org/plugins/counterespionage-firewall/#description)
 * [评价](https://cn.wordpress.org/plugins/counterespionage-firewall/#reviews)
 * [开发进展](https://cn.wordpress.org/plugins/counterespionage-firewall/#developers)

 [支持](https://wordpress.org/support/plugin/counterespionage-firewall/)

## 描述

Floodspark Counterespionage Firewall (CEF) helps you block reconnaissance or otherwise
illegitimate traffic. CEF is like a web application firewall (WAF) but protects 
against intelligence gathering. CEF focuses on pre-attack protection and is designed
to complement security plugins such as Wordfence or Sucuri.

CEF can:
 * Fake out WPScan and bots by hiding your real usernames, instead supplying
them with fake ones they will never be able to log in with. * Prevent bots from 
logging in even with your real password. * Defeat WPScan’s aggressive plugin and
theme scans, also causing the scanner to terminate.

…as well as detect:
 * Tor browser, with minor delay * Chrome Incognito, with minor
delay, over HTTPS * Firefox Private Browsing, with minor delay * Chrome-Selenium
in its default configuration, with minor delay * cURL in its default configuration*
Wget in its default configuration * HTTP methods other than GET, POST, and HEAD *
Proxy probing

### How does this work?

So! A hacker’s usual approach for hacking into WordPress sites includes using a 
tool like WPScan to find out usernames as well as which plugins and themes are installed.
They’ll try to guess passwords for the user account(s) and also check vulnerability/
exploit databases for any known vulnerabilities in any of the installed plugins 
or themes, and then try to hack into the site through those.

But! We’re aiming to disrupt that information gathering step of the attack. So when
WPScan scans for usernames, we give out fake ones that don’t exist. So all the password
guessing attempts will be in vain. When WPScan scans for any of 88.5k plugins that
might be installed, we respond that every one of them is installed. Same with themes–
when WPScan scans for 400 themes, we assert that they too are all installed.

So the attacker then has so much data they don’t know what to trust. And they’ll
launch attacks against plugins and themes that don’t exist, so the exploits will
never work.

PS, WPScan is a legit tool that we love and just use as an example.

### Cyber Intent Blog

The [Floodspark Cyber Intent Blog](http://floodspark.com/blog/) uses this plugin
and is all about just that, cyber intent. Here we will cover the art and science
of it and the developments in the Counterespionage Firewall (CEF) portfolio (CEF
for WordPress and CEF Full) that turn these ideas into reality.

### Stay up to date

Stay up to date with developments in the Floodspark portfolio [@Floodspark](https://twitter.com/floodspark)

### Thank you

Feedback is greatly appreciated as we continue to shape Floodspark. Email us anytime–
gs@floodspark.com.

## 屏幕截图

[⌊Deceiving WPScan's username hunting. Real usernames were "admin", "admin2", "admin3","
admin4", "admin5". No hacker can log in with these faked usernames because they 
don't actually exist.⌉⌊Deceiving WPScan's username hunting. Real usernames were "
admin", "admin2", "admin3", "admin4", "admin5". No hacker can log in with these 
faked usernames because they don't actually exist.⌉[

Deceiving WPScan’s username hunting. Real usernames were “admin”, “admin2”, “admin3”,“
admin4”, “admin5”. No hacker can log in with these faked usernames because they 
don’t actually exist.

[⌊Defeating WPScan's plugin scan⌉⌊Defeating WPScan's plugin scan⌉[

Defeating WPScan’s plugin scan

[⌊Defeating WPScan's theme scan⌉⌊Defeating WPScan's theme scan⌉[

Defeating WPScan’s theme scan

[⌊Error message the visitor will receive for banned behavior or devices.⌉⌊Error 
message the visitor will receive for banned behavior or devices.⌉[

Error message the visitor will receive for banned behavior or devices.

[⌊Defeating hackertarget.com's WordPress username enumeration scan⌉⌊Defeating hackertarget.
com's WordPress username enumeration scan⌉[

Defeating hackertarget.com’s WordPress username enumeration scan

[⌊Recommended setting for Endurance Cache / Endurance Page Cache to avoid issues⌉⌊
Recommended setting for Endurance Cache / Endurance Page Cache to avoid issues⌉[

Recommended setting for Endurance Cache / Endurance Page Cache to avoid issues

## 常见问题

### How can I test CEF’s protection?

Use the Docker version of WPScan and the commands below. When prompted whether to
update the database, you shouldn’t need to.

 * To verify that CEF deceives WPScan’s username scan, issue the following command:
   docker run -it –rm wpscanteam/wpscan –url http://[yourbloghere.com] –enumerate
   u
 * To verify that CEF deceives WPScan’s plugin scan, issue the following command:
   docker run -it –rm wpscanteam/wpscan –url http://[yourbloghere.com] –plugins-
   detection aggressive
 * To verify that CEF deceives WPScan’s theme scan, issue the following command:
   docker run -it –rm wpscanteam/wpscan –url http://[yourbloghere.com] –enumerate
   t

### Does CEF replace a Web Application Firewall (WAF)?

No. CEF and was specifically designed to leave protection against active web attacks
to WAFs, which do it best.

### Does CEF replace a host firewall?

No. CEF specializes in web-type intelligence and leaves the protection of other 
services to the host firewall.

### Should I keep my WAF and host firewall?

Yes.

### Why use CEF then?

CEF helps you **earlier in the cyber-attack chain, during the Reconnaissance stage,**
to disrupt malicious research efforts. Remember, attacks do not necessarily correlate
with the research origin(s).

### What is an Intent Indicator?

An Intent Indicator is a trait derived from cyber threat intelligence that with 
high confidence indicates malicious intent. You do not need to activate every Intent
Indicator powering CEF if for some reason one or more break your business traffic.
E.g. A bank may want to block visitors using Tor to reduce fraud, while an online
newspaper may recognize that readers and journalists have an interest in using Tor
to avoid censorship and retribution.

### How is an Intent Indicator different than an Indicator of Compromise (IoC)?

BLUF: An Intent Indicator is earlier than an IoC.

An IOC indicates that a breach already took place, allowing you only to respond 
after the fact. Intent Indicators are the attacker’s traits, or Tactics, Techniques,
and Procedures (TTPs), observable during the recon phase–traits, that with high 
confidence, would not belong to legitimate visitor traffic and behavior.

## 评价

此插件暂无评价。

## 贡献者及开发者

「Counterespionage Firewall」是开源软件。 以下人员对此插件做出了贡献。

贡献者

 *   [ Floodspark ](https://profiles.wordpress.org/floodspark/)

[帮助将「Counterespionage Firewall」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/counterespionage-firewall)

### 对开发感兴趣吗?

您可以[浏览代码](https://plugins.trac.wordpress.org/browser/counterespionage-firewall/)，
查看[SVN仓库](https://plugins.svn.wordpress.org/counterespionage-firewall/)，或通过
[RSS](https://plugins.trac.wordpress.org/log/counterespionage-firewall/?limit=100&mode=stop_on_copy&format=rss)
订阅[开发日志](https://plugins.trac.wordpress.org/log/counterespionage-firewall/)。

## 更新日志

#### 1.5.2

 * Bug fix: no longer blocking on non-sensitive pages (caching issue)

#### 1.5.1

 * Bug fix: async checks now also work for sites not located in the root folder

#### 1.5.0

 * CEF now disrupts hacker attempts at plugin and theme gathering/harvesting/enumeration

#### 1.4.0

 * CEF now disrupts hacker attempts at username gathering/harvesting/enumeration

#### 1.3.0

 * Fakes most current version of PHP

#### 1.2.0

 * Permitted HTTP methods safelisting
 * Block proxy probes
 * Blocked message appears for bad visitors
 * General fixes

#### 1.1.0

 * Added Wget detection
 * Commented out debugging/localhost settings

#### 1.0

 * Initial public release

## 额外信息

 *  版本 **1.6.0**
 *  最后更新：**4 年前**
 *  活跃安装数量 **10+**
 *  WordPress 版本 ** 5.3.2 或更高版本 **
 *  已测试的最高版本为 **6.0.12**
 *  PHP 版本 ** 7.0.33 或更高版本 **
 *  语言
 * [English (US)](https://wordpress.org/plugins/counterespionage-firewall/)
 * 标签
 * [intelligence](https://cn.wordpress.org/plugins/tags/intelligence/)
 *  [高级视图](https://cn.wordpress.org/plugins/counterespionage-firewall/advanced/)

## 评级

尚未提交反馈。

[Your review](https://wordpress.org/support/plugin/counterespionage-firewall/reviews/#new-post)

[查看全部评论](https://wordpress.org/support/plugin/counterespionage-firewall/reviews/)

## 贡献者

 *   [ Floodspark ](https://profiles.wordpress.org/floodspark/)

## 支持

有话要说吗？是否需要帮助？

 [查看支持论坛](https://wordpress.org/support/plugin/counterespionage-firewall/)

## 捐助

您愿意支持这个插件的发展吗?

 [ 捐助此插件 ](http://floodspark.com/donate.html)