Site Analyzer blocked – Submit Express Site Analyzer

Home Forums BulletProof Security Free Site Analyzer blocked – Submit Express Site Analyzer

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #6336
    Mark
    Participant

    When I try to use a site analyzer like www.submitexpress.com/analyzer/ I get a 403 error. Does this mean that search engine agents are being blocked too?

    BPS .48.5 WP 3.5.1

    #6341
    AITpro Admin
    Keymaster

    Post the error from your BPS Security log that directly relates to this error.  DO NOT post your entire Security Log file and ONLY post the relevant log entry/error for this issue.

    #6342
    AITpro Admin
    Keymaster

    Is this the Site Analyzer that you are talking about?

    http://www.site-analyzer.com/en/report/forum.ait-pro.com

    I just ran this on this Forum and there were no errors.

    Oops I did not see that you posted a link to the Site Analyzer you are talking about.  Will test that one.

    #6344
    AITpro Admin
    Keymaster

    The Security Log entry/error is:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - May 28, 2013 - 11:24 am <<<<<<<<<<<
    REMOTE_ADDR: 87.106.133.245
    Host Name: 87.106.133.245
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /
    QUERY_STRING:
    HTTP_USER_AGENT: SiteAnalyzerBot

    I am testing what is being blocked. Most likely this analyzer is making a HEAD Request.

    #6345
    AITpro Admin
    Keymaster

    There are actually several different things that are being blocked in this analyzer script/site:  http: //www.submitexpress.com/cgi-bin/analyzer/metahtn.pl.  It might be possible to whitelist this script, but it would be very dangerous for your website to do that.  What I recommend is that if you want to analyze your site with this Perl script metahtn.pl from this website then you will need to deactivate BulletProof Modes to perform the scan and after the scan is done turn your website security back on by activating BulletProof Modes again.

    #6349
    Mark
    Participant

    >>>>>>>>>>>> 403 GET or Other Request Error Logged – May 28, 2013 – 10:33 am <<<<<<<<<<<
    REMOTE_ADDR: 173.255.233.124
    Host Name: sitecheck2.sucuri.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /readme.html
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6

    Not a problem to deactivate BPS to analyze. Just want to assure that Google and other search engines are able to index the site. Thanks.

    #6350
    AITpro Admin
    Keymaster

    BPS does not block any good bots.  What has happened is that when we added the Security Log folks started thinking that BPS blocks good bots.  Bot scripts may be doing several different things at the same time and one of those things that the bot script is doing violates your website security rules/conditions.  So the  end result is that nothing negative occurs except that you end up with a 403 nuisance error in your Security Log for whatever additional thing that the bot script is doing that violates your website security rules/conditions.

    The Sucuri error above occurs because BPS blocks browser access to your WordPress readme.html file in your root .htaccess file.  To allow access to the WordPress readme.html file you would remove readme\.html| from this security filter in your root .htaccess file.

    # DENY BROWSER ACCESS TO THESE FILES
    # wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
    # Replace Allow from 88.77.66.55 with your current IP address and remove the
    # pound sign # from in front of the Allow from line of code below to access these
    # files directly from your browser.
    
    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order allow,deny
    Deny from all
    #Allow from 88.77.66.55
    </FilesMatch>
    #6351
    Mark
    Participant

    Thanks. I did not realize  that what I posted was the sucuri  log entry. I received no error message in my browser when I did the sucuri scan. I did get the <b>Error: 403 Forbidden</b> in my browser every time I ran www.submitexpress.com/analyzer. However I am not finding anything in the Security Log for www.submitexpress.com.

    Also, http://www.site-analyzer.com/ seems to run OK.

    #6352
    AITpro Admin
    Keymaster

    Yes, Sucuri expects that you have protected your readme.html file since they are a website security provider and handle this gracefully by not displaying any unnecessary/nuisance error messages.

    Yes, submitexpress is handling error reporting on their end in the Perl script.

    I posted the submitexpress error above – it is the SiteAnalyzerBot log entry, but there are several things that this script is doing and to whitelist all of the things required to allow this script full access to protected folders and files this would open up several very dangerous security vulnerabilities for your website. Since this is not an ongoing thing that is needed then the simple solution is to drop your website defenses temporarily to allow this script to do what it does.

     

    #6359
    AITpro Admin
    Keymaster

    Actually the SiteAnalyzerBot log entries were some other nuisance bot that just happened to be doing what nuisance bots do – being a nuisance – at the same time that I was testing the analyzer site.  This is not a legitmate bot and is just another junk bot – one of millions of junk bots.

    #25860
    ila lila
    Participant

    [Looks like a typical non-useful SPAM link so the link has been nulled]
    Submit Express Site Analyzer website http://seo1s.com

Viewing 11 posts - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.