Check for wordpress paths

2026-01-08 15:13:52 +00:00 · 2026-01-08 15:13:52 +00:00 · 0bca0d9787
parent 328eb6cd6e
commit 0bca0d9787
2 changed files with 6 additions and 1 deletions
--- a/scripts/invalid
+++ b/scripts/invalid
@ -1,2 +1,2 @@
 #!/bin/bash
-journalctl -u epicyon | grep "invalid header\|invalid characters\|leech bounced\|LLM scraper\|suspicious\|bad path"
+journalctl -u epicyon | grep "invalid header\|invalid characters\|leech bounced\|LLM scraper\|suspicious\|bad path\|not wordpress"
--- a/utils.py
+++ b/utils.py
@ -3964,6 +3964,7 @@ def check_bad_path(path: str):
    """for http GET or POST check that the path looks valid
    """
    path_lower = path.lower()
+
    bad_strings = ('..', '/.', '%2e%2e', '%252e%252e')

    # allow /.well-known/...
@ -3972,6 +3973,10 @@ def check_bad_path(path: str):
           path_lower.startswith('/users/.well-known/'):
            bad_strings = ('..', '%2e%2e', '%252e%252e')

+    if path_lower.startswith('/wp-content'):
+        print('WARN: this is not wordpress ' + path)
+        return True
+
    if string_contains(path_lower, bad_strings):
        print('WARN: bad path ' + path)
        return True