Topic: Random General Questions | BulletProof Security Forum

Random General Questions

This topic has 349 replies, 35 voices, and was last updated 1 year, 2 months ago by EmilianoJoel.

Viewing 15 posts - 316 through 330 (of 350 total)

← 1 2 3 … 21 22 23 24 →

Author

Posts
July 31, 2016 at 2:02 pm #30475
Steve
Participant

[Topic has been merged into this general Topic]
I am Not sure this post applies here but i keep getting the same error resulting in the htaccess file not being written to correctly.

There was a line “WORDPRESS WILL BREAK” that was missing the ## in front of it.
It was commented out and now it loads.

This now has to be reactivated….wp-admin Folder BulletProof Mode
this has happened in 5 of my other sites. What can be done from this breaking my respective site/s?
July 31, 2016 at 2:58 pm #30477
AITpro Admin
Keymaster
@ Steve – I do not understand the issue/problem. There is more code/text that is missing than the snippet of help text from the wp-admin htaccess file that you posted above. The wp-admin htaccess file has this help text below at the top/start of the wp-admin htaccess file Query String Exploits code. So to try and make some sense of your question do these things: 1. post your wp-admin htaccess file code so I can take a look at it. 2. Explain in specific detail what you were doing at the time the problem occurred. 3. Have you added any custom htaccess code to BPS wp-admin Custom Code and specifically in this wp-admin Custom Code text box: CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
```
# BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
...
...
...
# END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
```
July 31, 2016 at 3:53 pm #30478
Steve
Participant

see pic……. http://screencast.com/t/ztksZ2R56txm
this happens when i do a backup……….there are no hashmarks………..thus causing a 500 error. once i place the hashmark in Front of………..”OR WORDPRESS WILL BREAK”………..
http://screencast.com/t/q9POpauNCpX7
i gain access 2 my site.
This happens when i do a BU of my site. How does 1 prevent this error from occurring? Note; I’m Not a code writer but have been doing this for over 12+ years. This stuff Should Not be happening.
July 31, 2016 at 4:13 pm #30479
AITpro Admin
Keymaster
@ Steve – Ok I see the problem. So now to figure what is causing the problem.

The top of your wp-admin htacces file is this code and text:
```
<Files *>
order deny,allow
deny from all
allow from 98.253.67.84
</Files>
OR WORDPRESS WILL BREAK
# RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
# RewriteRule . /index.php [L] will break WordPress
```
That code is not BPS htaccess code and somehow the help text that should be there is mostly gone except for the one snippet of help text that is no longer commented out because all the rest of the BPS code and help text that should be there is not there: “OR WORDPRESS WILL BREAK”

This is what should be at the top of your BPS wp-admin htaccess file:
```
# BULLETPROOF PRO 12.2 WP-ADMIN SECURE .HTACCESS

# DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
# RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
# RewriteRule . /index.php [L] will break WordPress
```
So it appears that you are using custom htaccess code in your wp-admin htaccess file. Did you add that code that is not BPS standard htaccess code? If not, do you have any plugins installed that would do something like that? I find it hard to believe that doing a backup would add non-BPS code in the wp-admin htaccess file and also strip out/delete existing BPS htaccess code.
July 31, 2016 at 4:19 pm #30480
AITpro Admin
Keymaster

@ Steve – If you would like for me to login to your website to figure out what is breaking everything then send a WordPress Administrator login to: info at ait-pro dot com. Please include the URL to your website.
July 31, 2016 at 4:25 pm #30481
AITpro Admin
Keymaster

@ Steve – Ok so actually what it looks like is something is overwriting existing code/text in the wp-admin file. That coding mistake would happen by not using “append” when writing to a file. ie instead of that non-BPS code being written above all existing file contents or after/below all file contents it is instead overwriting existing file contents starting from the top of the wp-admin htaccess file. So maybe your backup plugin is inserting that code in the wp-admin htaccess file afterall. What is the name of the backup plugin that you are using?
August 19, 2016 at 6:47 pm #30628
Jan
Participant

[Topic has been merged into this general forum Topic]
BPS is blocking wpremote on my sites. I found this information, https://wordpress.org/support/topic/heads-up-need-confirmation-on-this-whitelist-skipbypass-code, but since it’s so old, I wondered if it still applies? There is no .js file to add to whitelist for his plugin.

If that doesn’t apply, what does work?

Thanks.
Jan
August 19, 2016 at 6:57 pm #30630
AITpro Admin
Keymaster

@ Jan – That forum topic had to do with an old problem that was fixed 3+ years ago. BPS does not block the WP Remote plugin. To completely eliminate that BPS Pro is causing this problem do the BPS Pro troubleshooting steps: http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting Note: If you had added any additional custom htaccess code or Bonus Custom Code then that code could be causing the problem. If you do step #1 and WP Remote is no longer blocked then check BPS Custom Code for any custom htaccess code that is causing the problem.
August 24, 2016 at 8:18 pm #30679
jenni101
Participant

@ ait-pro – thought you should know that recently your forum hasn’t been sending out email notifications on forum updates even when the ’email me notification’ box is ticked. Proably hasn’t worked for me for the last month I’d guess.
August 24, 2016 at 11:22 pm #30680
AITpro Admin
Keymaster

@ jenni101 – There are 2 main issues/problems that occur with automated emails. Automated emails in general are becoming less reliable each year due to anti-spam measures used on host mail servers that block or reject automated emails as spam and bbPress/BuddyPress randomly does not to send emails for some reason. This year the percentage of automated emails that are rejected/blocked by anti-spam measures is around 35%. Last year it was 30%. The year before that was 25%. So logically if this problem continues to get worse then next year 40% of automated emails will be rejected/blocked as spam and the year after that 45%….

Last year we decided to create an email-less automated BPS Pro purchase system and email-less BPS Pro Get Activation Key tools because we were spending a lot of time handling failed automated BPS Pro purchase and Activation Key emails. Now when someone purchases BPS Pro, a user account is automatically created for them and they can login, get their Download-Request Key without having to rely on getting an email, which was failing (being rejected/blocked by host mail server anti-spam measures) 30% of the time. If BPS Pro Activation Key emials are being blocked/rejected then someone can get their Activation Keys in the BPS Pro Download area on the ait-pro.com site. We were spending 2 hours per day dealing with blocked/rejected automated emails. Since implementing an automated email-less BPS Pro purchase system and Activation Key system we have had 0 problems after 1 year and are no longer wasting time on handling rejected/blocked email issues/problems. Unfortunately, automated emails are no longer a reliable method of communication these days due to host mail server anti-spam measures.
August 25, 2016 at 12:08 am #30683
jenni101
Participant

That’s a good solution you’ve found. I just try to remember to check back in the forum regularly, but with so much other ‘stuff’ happening these days it’s easy to forget!

PS: I did actually get an email notification for your reply this time!!!
August 25, 2016 at 12:15 am #30684
jenni101
Participant
OK another random Q:

I keep finding this in my security log:
```
[Internal Usage: upgrader_pre_install Filter Triggered]
[WP Automatic|Shiny Update Plugin|Theme: ARQ was turned Off: August 25, 2016 - 3:27 pm]
[Internal Usage: upgrader_post_install Filter Triggered]
[WP Automatic|Shiny Update Plugin|Theme: ARQ wp-content File Backup Completed: August 25, 2016 - 3:27 pm]
[WP Automatic|Shiny Update Plugin|Theme: ARQ was turned back On: August 25, 2016 - 3:27 pm]
```
which i guess is related to the new WP version…. BUT I have disabled ALL auto updates for my site so don’t understand why this is happening.

Any ideas?
August 25, 2016 at 9:55 am #30685
AITpro Admin
Keymaster

@ jenni101 – BPS Pro 12+ logs WP Automatic Updates and WP Shiny Updates in the Security Log. See the links below for more detailed info.

http://www.ait-pro.com/aitpro-blog/5265/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12/
http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#automation
August 26, 2016 at 12:57 pm #30707
jenni101
Participant

Thanks – understand now 🙂
September 8, 2016 at 3:21 am #30870
Immerse
Participant
I don’t understand this; I’m getting sec errors that appear to be about bps. I looked for similar posts here but found nothing relevant. I have no plugin whitelists – it’s a site I’m using to test stuff and it has been online about a couple of hours, with just a few basic plugins and a theme installed. What would be causing this? They appeared after I clicked the pro tools curl scan.

They appeared in an earlier install on the same site but that was after I’d installed and then removed bps free. I assumed I’d cocked up and deleted the entire site and database to start afresh.

It’s unlikely to be hosting related as I have bps pro on (from memory) 4 other sites on the same server, and I’ve never seen this on them.
```
[403 GET Request: 8th September 2016 - 11:08 am]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xxxxxxxxxxxxxxx
Host Name: xxxxxxxxxxxxxxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://xxxxxxxxxxxxxxx/xxxxxxxxxx/wp-admin/admin.php?page=bulletproof-security/admin/core/core.php
REQUEST_URI: /xxxxxxxxxxxxxxx/wp-content/plugins/bulletproof-security/admin/js/bps-ui-tabs.js?ver=12.3
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0

[403 GET Request: 8th September 2016 - 11:08 am]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xxxxxxxxxxxxxxx
Host Name: xxxxxxxxxxxxxxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://xxxxxxxxxxxxxxx/xxxxxxxxxx/wp-admin/admin.php?page=bulletproof-security/admin/core/core.php
REQUEST_URI: /xxxxxxxxxxxxxxx/wp-content/plugins/bulletproof-security/admin/js/bps-ui-dialog.js?ver=12.3
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0

[403 GET Request: 8th September 2016 - 11:08 am]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xxxxxxxxxxxxxxx
Host Name: xxxxxxxxxxxxxxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://xxxxxxxxxxxxxxx/xxxxxxxxxx/wp-admin/admin.php?page=bulletproof-security/admin/core/core.php
REQUEST_URI: /xxxxxxxxxxxxxxx/wp-content/plugins/bulletproof-security/admin/js/bps-ui-accordion.js?ver=12.3
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
```
Author

Posts

Viewing 15 posts - 316 through 330 (of 350 total)

← 1 2 3 … 21 22 23 24 →

You must be logged in to reply to this topic.

BulletProof Security Forum

Random General Questions

Search Forums

Topic Tags