Had an incident where Prestashop was missing a customer address in the address database (that was my fault) and it errored with [ERROR 500 Customer Address missing (something like that I didn't record it)] when I went to view that customers order. Prestashop asked if I wanted to enable debug mode and I clicked YES. I was then blocked by BitNinja on my hosting providers server from my shop, all emails and FTP for the next 24 hours.
I connected via a VPN and contacted my hosting provider support who said that my IP had been grey listed in the BitNinja software. They asked that I provide the domain name of my website, I replied and that was the last I heard from support.
I couldn't access the admin of my shop as it was configured to only allow my IP and as I was connected via a VPN I no longer had access. After a few hours of being blocked I contacted BitNinja support via chat and was provided a log of what triggered the firewall block.
He said "The description of rule 408001 says that: You can disable some Symfony directory access with this rule (_preview_error /_wdt /_profiler*) which should never be deployed in production. Also, I should mention that this rule is not among our recommended low false positive ruleset."
He told me that my hosting provider had to manually remove my IP from BitNinja grey list. I then contacted my hosting provider again and again with no response and then after 24 hours I was able to access Prestashop, emails and FTP directly from my IP.
Someone needs to know that BitNinja is out there watching Prestashop.
Is the Symfony directory access from a default Prestashop installation? Is there something I should change?