NinjaFirewall and the General Data Protection Regulation (GDPR).

Revision: May 24, 2018

The purpose of this document is to inform you about how to be compliant with the General Data Protection Regulation (GDPR) while using our NinjaFirewall (WP, WP+, Pro and Pro+ Edition) software.

Note that we, NinTechNet Limited – the authors, do not collect any private data from your visitors and do not have access to your logs.

 

NinjaFirewall WP and WP+ Edition

  • Automatic deletion of old log files
    Available since version 3.6.2, it is disabled by default. It can be configured from the “NinjaFirewall > Firewall Log” page:
     
    I recommend to keep the firewall logs for at least a month or, better, 45 days before deleting them. If there were security issues with your website, you could consult them for digital forensic purposes.
    NinjaFirewall doesn’t save its logs in the database, instead they are all stored on disk, inside the wp-content/nfwlog/ folder:
     
    In addition to the above option, users of the premium WP+ Edition can also delete the log whenever they want by clicking on the “Delete” button:
     
  • IP anonymization
    Disabled by default, this option is available in the “NinjaFirewall > Firewall Options” page:
     
    It will anonymize IP addresses (IPv4 and IPv6) by replacing their last 3 characters with the x character. Here’s an example of an anonymized IP in the firewall log:

    03/Apr/18 20:03:05  #4835755  CRITICAL  2  90.142.231.xxx  GET /index.php - GET /wp-admin/admin-ajax.php - Unrestricted file upload - [GET:client_action = get_captions_css]

    As indicated, this option does not apply to:

    • Private IP addresses: There is no need to anonymize them, they aren’t routable.
    • The “Login Protection”: It refers to the “Write the incident to the server Authentication log” feature from the brute-force attack protection which is used to forward the offender’s IP to the server authentication log in order to block it at the server level, usually via a third-party application such as Fail2Ban. For obvious reasons, the full IP must be forwarded because the kernel firewall cannot use anonymized IP addresses. Note that this is an optional feature and it is not enabled by default.
       

      If you are using the WP+ Edition and redirect events to the syslog server (“NinjaFirewall > Firewall Log > Write events to the Syslog server too”), IP addresses will be anonymized too.

  • Cookies
    NinjaFirewall makes use of PHP session cookies. A PHP session is started by NinjaFirewall to check if a user is whitelisted by the firewall or by the antispam (WP+ Edition only) and when a user is accessing the WordPress administration dashboard or its login page. It does not collect, store or use any private data from you or your visitors. Sessions are deleted:

     

    PHP sessions are time-limited and will always expire and be destroyed after a period of time defined in your PHP configuration.

 

NinjaFirewall Pro and Pro+ Edition

  • Firewall Log deletion
    I recommend to keep the firewall logs for at least a month or, better, 45 days if you can. If there were security issues with your website, you could consult them for digital forensic purposes. After that period, you can manually delete them whenever you want by clicking on the “Delete” button from the “Logs > Firewall Log” page:
     
    All logs are all stored on disk, in the {ninjafirewall_folder}/nfwlog/ folder:
     
    If you can run scheduled tasks (e.g., crontab), here’s a script that can be ran once a day to automatically delete old logs. You only need to configure the absolute path to NinjaFirewall’s log folder ($nf_log_folder) and the number of day logs should be kept ($max_days):

    <?php
    // =====================================================================
    // Script to delete NinjaFirewall's Pro/Pro+ older logs. You can run it
    // from a cron job e.g. `12 0 * * * /usr/bin/php /foo/bar/this_script.php`
    // =====================================================================
    // More info at http://nin.link/gdpr/
    // =====================================================================
    // Enter the full path to NinjaFirewall's log folder (no trailing slash):
    $nf_log_folder = '/foo/bar/nfwlog';
    // Enter how many days you want to keep the logs. Any log older than
    // that will be deleted:
    $max_days = '45';
    // =====================================================================
    
    // Convert to seconds:
    $max_days *= 86400;
    // Today's date:
    $now = time();
    // Retrieve the list of all logs:
    $glob = glob( $nf_log_folder . '/firewall_*.php' );
    if ( is_array( $glob ) ) {
       foreach( $glob as $file ) {
          $lines = array();
          $lines = file( $file, FILE_SKIP_EMPTY_LINES );
          foreach( $lines as $k => $line ) {
             if ( preg_match( '/^\[(\d{10})\]/', $line, $match ) ) {
                if ( $now - $max_days > $match[1] ) {
                   // This line is too old, remove it:
                   unset( $lines[$k] );
                }
             } else {
                // Not a firewall log line:
                unset( $lines[$k] );
             }
          }
          if ( empty( $lines ) ) {
             // No lines left, delete the file:
             unlink( $file );
          } else {
             // Save the last preserved lines to the log:
             $fh = fopen( $file,'w' );
             fwrite( $fh, "<?php exit; ?>\n" );
             foreach( $lines as $line ) {
                fwrite( $fh, $line );
             }
             fclose( $fh );
          }
       }
    }
    
    // =====================================================================
    // EOF
    

 

  • IP anonymization
    Disabled by default, this option is available in the “Firewall > Options” page:
     
    It will anonymize IP addresses (IPv4 and IPv6) by replacing their last 3 characters with the x character. Here’s an example of an anonymized IP in the firewall log:

    03/Apr/18 20:03:05  #4835755  CRITICAL  2  90.142.231.xxx  GET /index.php - GET /wp-admin/admin-ajax.php - Unrestricted file upload - [GET:client_action = get_captions_css]

    Note that this option does not apply to private IP addresses because they aren’t routable, and thus there is no need to anonymize them.

    If you are redirecting events to the syslog server (“Logs > Firewall Log > Write events to the Syslog server too”), IP addresses will be anonymized too.

  • Cookies
    NinjaFirewall makes use of mandatory authentication cookies to whitelist the administrator. Cookies are only set when an administrator logs in to the admin console, they do no apply to visitors of the site protected by NinjaFirewall.