SiteLockSpider – xmlrpc 403 error

Home Forums BulletProof Security Free SiteLockSpider – xmlrpc 403 error

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #20236
    addicted
    Participant

    I have an premium security account with sitelock. Now I find these in my security log. How can I give access to sitelock to scan my site every day?

    [403 GET / HEAD Request: 25 december 2014 - 10:30]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 184.154.36.163
    Host Name: scan21.sitelock.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /xmlrpc.php?rsd
    QUERY_STRING:
    HTTP_USER_AGENT: SiteLockSpider [en] (WinNT; I ;Nav)
    #20238
    AITpro Admin
    Keymaster

    Looks like the SiteLockSpider bot is trying to make a GET Request to your WordPress xmlrpc.php file.  Are you using the BPS XML-RPC DDoS Protection Bonus Custom Code?  http://forum.ait-pro.com/forums/topic/wordpress-xml-rpc-ddos-protection-protect-xmlrpc-php-block-xmlrpc-php-forbid-xmlrpc-php/

    #20240
    addicted
    Participant

    Yes, should I allow on ip adress?

    I changed it to allow from ip address, requested a remote scan, and all is green 🙂 sorry to bother you, I am a new user. thx, for your quick answer.

    regards,
    J.

    #20243
    AITpro Admin
    Keymaster

    You may need to add the Singlehop CIDR IP address block if the SiteLockSpider bot uses other Singlehop Host IP addresses randomly.

    # XML-RPC DDoS & TRACKBACK/PINGBACK PROTECTION
    # Using this code blocks Pingbacks and Trackbacks on your website.
    # You can whitelist your IP address if you use A Weblog Client
    # or want to whitelist your IP address for any other reasons.
    # Example: uncomment #Allow from x.x.x. by deleting the # sign and
    # replace the x's with your actual IP address. Allow from 99.88.77.
    # Note: It is recommended that you use 3 octets x.x.x. of your IP address
    # instead of 4 octets x.x.x.x of your IP address.
    
    <FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
    Order Deny,Allow
    # Whitelist Jetpack/ Automattic CIDR IP Address Blocks
    Allow from 192.0.64.0/18
    Allow from 209.15.0.0/16
    Allow from 66.155.0.0/17
    # Whitelist Singlehop SiteLock CIDR IP Address Block
    Allow from 184.154.0.0/16
    Deny from all
    </FilesMatch>
    #20247
    addicted
    Participant

    You were right, today new information are stored in my security log.
    I tried the sniplet you gave. I will keep you informed.

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.