Unable to save custom code – 403 error

Home Forums BulletProof Security Free Unable to save custom code – 403 error

Tagged: ,

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • July 8, 2016 at 3:33 am #30254
    Jason
    Participant

    Hi,

    So I’ve got an issue where my client is using Mail Chimp for newsletters and the links don’t resolve to the correct URL and instead end up at the Apache 2 Test Page. This in itself is a mystery and why it doesn’t show a 403 but anyway after some research I believe it’s due to the issue outlined in this BPS forum post: http://forum.ait-pro.com/forums/topic/mailchimp-tracking-code-causing-403/#post-13778 and rounded brackets.

    http://mysite.com/?ct=t(Name_Of_Newsletter_Aut7_7_2016)&mc_cid=e7f7f73ecc&mc_eid=[UNIQID]

    I’ve since copied the custom code from that post but whenever I “Click the Save Root Custom Code button” I get a 403 Forbidden Alert and my IP get’s blocked by the server.

    I can see the following security log is triggered and I think I need to implement a Skip / Bypass rule but not sure if it should be on the core.php or admin.php? Also not too sure how to implement this without tirggering the same issue?

    [403 POST Request: July 8, 2016 - 10:55]
Event Code: WPADMIN-SBR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: ##.###.###.###
Host Name: -----.----.---
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://mysite.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fcore%2Fcore.php
REQUEST_URI: /wp-admin/admin.php?page=bulletproof-security/admin/core/core.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
REQUEST BODY: _wpnonce=528da6bf7d&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dbulletproof-security%2Fadmin%2Fcore%2Fcore.php&bps_customcode_one=&bps_customcode_server_signature=&bps_customcode_directory_index=&bps_customcode_server_protocol=&bps_customcode_error_logging=&bps_customcode_deny_dot_folders=&bps_customcode_admin_includes=&bps_customcode_wp_rewrite_start=&bps_customcode_request_methods=&bps_customcode_two=&bps_customcode_timthumb_misc=&bps_customcode_bpsqse=%23+BEGIN+BPSQSE+BPS+QUERY+STRING+E

    Hope you can shed some light on this.

    Many thanks
    Jason

    July 8, 2016 at 10:05 am #30257
    AITpro Admin
    Keymaster

    This could be caused by the BPS Pro Plugin Firewall having invalid code in the PFW htaccess file.  Go to the Plugin Firewall and click the Deactivate button and try to save your custom code again.  More likely this problem is caused by another plugin you have installed or maybe something like mod_security is installed on the host server.  Go to the BPS System Info page and click the Get Plugins List button and copy and paste all of your installed plugins in your forum reply.

    July 8, 2016 at 11:30 am #30259
    Jason
    Participant

    Hi

    Thanks very much for the reply and sorry I should have said I’m using BPS free on this site.

    Here’s the plugin list:
    BulletProof Security .53.9 – Activated: bulletproof-security/bulletproof-security.php
    Contact Form 7 4.4.2 – Activated: contact-form-7/wp-contact-form-7.php
    Contact Form 7 widget 1.0 – Activated: contact-form-7-widget/contact-form-7-widget.php
    Cookie Law Info 1.5.3 – Activated: cookie-law-info/cookie-law-info.php
    Custom Facebook Feed Pro Developer 2.6.7 – Activated: custom-facebook-feed-pro/custom-facebook-feed.php
    eStore bulk discount 1.2 – Activated: estore-bulk-discount/estore-bulk-discount-addon.php
    File Un-Attach 1.1.3 – Activated: file-un-attach/file-unattach.php
    Google XML Sitemaps 4.0.8 – Activated: google-sitemap-generator/sitemap.php
    MailChimp for WordPress 3.1.11 – Activated: mailchimp-for-wp/mailchimp-for-wp.php
    Really Simple CAPTCHA 1.9 – Activated: really-simple-captcha/really-simple-captcha.php
    WP-PageNavi 2.91 – Activated: wp-pagenavi/wp-pagenavi.php
    WP eStore 7.3.8 – Activated: wp-cart-for-digital-products/wp_cart_for_digital_products.php

    As a further bit of information I was locked out and IP blocked at the server level as a I triggered a ModSecurity. My hosting provider noted this at the same time as the above issue:

    [Fri Jul 08 10:55:26 2016] [error] [client ##.###.###.###] ModSecurity: [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "121"] [id "390614"] [rev "23"] [msg "Atomicorp.com WAF Rules: Invalid character in ARGS"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Match of "rx recaptcha_response_field" against "TX:invalidarg2" required. [hostname "mysite.com"] [uri "/wp-admin/admin.php"] [unique_id "V394ji63C2sAAELVrgMAAABm"]

    It appears yet note captcha but I don’t run recaptcha within the admin.

    Thanks
    Jason

    July 8, 2016 at 11:47 am #30260
    AITpro Admin
    Keymaster

    Oops yeah my bad on the Plugin Firewall deactivation thing.  Ok so it does look like what is blocking the Custom Code save is a ModSecurity SecRule or SecFilter.  This same exact issue/problem has occurred on several occaisons here and there over the years with mod_security and saving code in BPS Custom Code.  That mod_security error you posted may or may not be related to the Custom Code issue/problem.  You are correct that the captcha should not be doing anything in your wp-admin backend, but since a captcha controls access to the wp-admin backend via the login page (either by using the /wp-login.php or the /wp-admin URI) then the error may be misleading.  If your host allows turning off mod_security using htaccess code then see this forum topic for how to turn off mod_security for testing:  http://forum.ait-pro.com/forums/topic/how-to-turn-off-mod-security-mod_security-secfilterengine-off/

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.