Images not displaying, timthumb theme images, thumbnail images

[SuperHumanSecret]

Dear Forum,
I installed & set-up the Bulletproof Security Free plugin and since then, images are not displaying on my site. The log file reports this error: Can you please assist?

>>>>>>>>>>> 403 GET or Other Request Error Logged - April 5, 2013 - 06:49 <<<<<<<<<<<
REMOTE_ADDR: 62.31.116.70
Host Name: cpc1-croy17-2-0-cust69.croy.cable.virginmedia.com
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //www.superhumansecret.com/the-10-superhuman-commandments/
REQUEST_URI: /wp-content/themes/itheme2/themify/img.php?src=http: //www.superhumansecret.com/wp-content/uploads/2013/04/The-10-SuperHuman-Commandments-www.superhumansecret.com_.jpg&w=622&h=274
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31

Thank-you.

[AITpro Admin]

UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

OPTION 1:  Add the img.php file name as shown below in the TimThumb/MISC File Skip/Bypass rule to whitelist the img.php file.  Go to the htaccess File Editor tab page, click on “Your Current Root htaccess file tab”, scroll down in your root .htaccess file until you find this code, add img\.php| and click the Update File button to save your changes.

IMPORTANT!!! Clear your Browser cache and clear your caching plugin cache.

# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
# 
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (img\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*example.com.*
RewriteRule . - [S=1]

If the code above works then to add/save the code above permanently to BPS Custom Code do these steps:

IMPORTANT!!! Clear your Browser cache and clear your caching plugin cache.

1.  Copy the code above to this Custom Code text box:  CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE: Add additional Referers and/or misc file names. IMPORTANT! Change the HTTP_REFERER example.com domain name to your actual domain/website’s name.
2. Save your new custom code by clicking the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

OPTION 2: If the skip/bypass/whitelist rule above does not work then add this skip/bypass rule to Custom Code.

IMPORTANT!!! Clear your Browser cache and clear your caching plugin cache after doing all of the steps below.

1. Copy this .htaccess code below to the Custom Code CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:
Add personal plugin/theme skip/bypass rules here text box
2. Save your new custom code by clicking the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

NOTE: If your WordPress installation is in a subfolder then add your WordPress subfolder name in the path.
Example:  /my-wordpress-installation-folder-name/wp-content/themes/…

# Theme Thumbnailer script skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/themes/itheme2/themify/img\.php [NC]
RewriteRule . - [S=13]

[SuperHumanSecret]

Thank-you so much for your prompt response.

I added the
img\.php|

to the line of code that you instructed within the root htaccess file and the site is now working correctly.

All images are now displaying as normal.

Thank-you.

[AITpro Admin]

Great!  Thanks for confirming all is well.

[Matt]

I am having the same issue with some of my pictures.

Here is error code.

HTTP_REFERER: http: //dean-smithrealty.com/9904-bellflower-way-knoxville-hardin-valley-real-estate
REQUEST_URI: /wp-content/themes/SmoothV4.1/thumbnail.php?src=http://dean-smithrealty.com/wp-content/uploads/agents/no-agent-photo.jpg&w=146&h=196&zc=1&q=70&cropfrom=topcenter
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.15 Safari/537.36

I tried using the above solutions with changing theme info and img\.php to thumbnail\.php to no avail.

Any help is appreciated.

[AITpro Admin]

One of the 2 fixes will work so double check that you have added/created them correctly.  Also you need to clear both your Browser cache and plugin cache for whatever caching plugin you are using.

[Matt]

Got it to work. Thanks

[AITpro Admin]

Great! Thanks for confirming all is well.

[AITpro Admin]

[Post was Manually Moved to this relevant Forum Topic]

How to solve these kind of security log.How to white list these kind of errors.

HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://transtechacademy.com/gallery/
REQUEST_URI: /wp-content/themes/grandcollege_v1-08/stylesheet/ie-style.php?path=http://transtechacademy.com/wp-content/themes/grandcollege_v1-08
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;  SV1;  .NET CLR 1.1.4322;  .NET CLR 2.0.50727;  .NET CLR 3.0.04506.648)

REMOTE_ADDR: 98.137.207.233
Host Name: h105.hlfs.bf1.yahoo.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://ginaparrisentertainment.com/
REQUEST_URI: /wp-content/themes/GinaParis/thumb.php?src=http://ginaparrisentertainment.com/files/2012/03/Parris_Gina-01a_4.jpg&w=77&h=60&zc=1&q=80&bid=3
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp) NOT Firefox/3.5

REMOTE_ADDR: 198.50.154.235
Host Name: 198.50.154.235
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://caribbeanthings.com/register/
REQUEST_URI: /?s=search…
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36

[AITpro Admin]

These themes are simulating RFI hacking attempts against your website and BPS is blocking these simulated RFI hacking attempts. To tell BPS to allow these simulated RFI hacking attempts do the steps below:

IMPORTANT!!! Clear your Browser cache and clear your caching plugin cache.

1. Copy this .htaccess code below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:.
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

NOTE: If your WordPress installation is in a subfolder then add your WordPress subfolder name in the path.
Example:  /my-wordpress-installation-folder-name/wp-content/themes/…

# Theme Thumbnailer script skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/themes/GinaParis/thumb\.php [NC] 
RewriteRule . - [S=14]

# Theme style script skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/themes/grandcollege_v1-08/stylesheet/ie-style\.php [NC] 
RewriteRule . - [S=13]

The 3rd error is a spammer or hacker that was blocked by BPS Pro.  The spammer or hacker is doing recon/probes on your website looking for vulnerabilities/exploits.  IP Address:  198.50.154.235 is a known spammer or hacker IP address.

[jena]

For this kind of errors where HTTP_REFERER is blank Do we need to whitelist the url or these are all hacker attack?

>>>>>>>>>>> 403 GET or Other Request Error Logged - September 5, 2013 - 4:21 am <<<<<<<<<<<
REMOTE_ADDR: 217.8.253.206
Host Name: tylerhost.co.uk
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /deepfocus-theme-documentation/wp-content/themes/DeepFocus/timthumb.php?src=http://flickr.com.yenimynet.tk/xp.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6

[AITpro Admin]

Yes, you are correct.  The blank Referer means that this RFI hacking recon/probe/attack came from an external website and NOT your website.  The other thing to note/check is is the Request URI showing a link to a file/theme/plugin on your website or is this just a random recon/probe/attack looking for this theme/plugin/file on your website.  Most likely you do not have the DeepFocus Theme installed on your website.

[jena]

I have already added this rule

# Theme style script skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/themes/grandcollege_v1-08/stylesheet/ie-style\.php [NC] 
RewriteRule . - [S=20]

But it still shows the same log entry again.

REMOTE_ADDR: 164.82.32.13
Host Name: 164.82.32.13
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: http: //transtechacademy.com/celebrating-champions-making-an-investment/
REQUEST_URI: /wp-content/themes/grandcollege_v1-08/stylesheet/ie-style.php?path=http://transtechacademy.com/wp-content/themes/grandcollege_v1-08
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)

[AITpro Admin]

Ok then try this next, but instead of whitelisting img.php file shown is this example you would want to whitelist the ie-style.php file:  http://forum.ait-pro.com/forums/topic/images-not-displaying-after-bulletproof-security-free-plugin-was-enabled-and-configured/#post-3828

I see that this skip rule is #20 [S=20].  Do you already have skip rules for #13 through #19 below this #20 skip rule.  Skip rules must be in descending order and they must be in sequence 20, 19, 18, 17, 16, 15, 14, 13, etc.

Example:

xxxx
RewriteRule . - [S=20]
xxxx
RewriteRule . - [S=19]
xxxx
RewriteRule . - [S=18]
xxxx
RewriteRule . - [S=17]
...
...
...
xxxx
RewriteRule . - [S=13]

[AITpro Admin]

Was having some SQL Server issues with Go Daddy on the 50. Network due to SQL Server maintenance.  Seems to be resolved now.

[Author]

Posts