Home › Forums › BulletProof Security Pro › Warnings during upadate to 3.7
- This topic has 29 replies, 2 voices, and was last updated 10 years, 6 months ago by AITpro Admin.
-
AuthorPosts
-
KrzysztofParticipant
Hello,
Today I have updatetd to 3.7 (ARQ turned off) and got two warnings:
[28-Oct-2013 14:07:37 UTC] PHP Warning: copy(/xxx/infolotnicze.pl/public_html/index.php): failed to open stream: Permission denied in /xxx/infolotnicze.pl/public_html/wp-admin/includes/class-wp-filesystem-direct.php on line 200 [28-Oct-2013 14:07:38 UTC] PHP Warning: copy(/xxx/infolotnicze.pl/public_html/wp-blog-header.php): failed to open stream: Permission denied in /xxx/infolotnicze.pl/public_html/wp-admin/includes/class-wp-filesystem-direct.php on line 200
Also on test serwer it redirected me to some data base update page but on main server not. Is this a problem? On test I have no BPS installed.
AITpro AdminKeymasterYou can disregard these php errors. These php errors will occur when installing any WordPress major version release. WordPress tries to write to these files, but since they are locked it generates these php errors. Then WordPress unlocks the files to write to them.
KrzysztofParticipantI also started to get errors like this:
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - 28/10/2013 - 16:35 <<<<<<<<<<< REMOTE_ADDR: 185.5.98.32 Host Name: vz13304.dahost.pl SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/2013/10/C-17_Indie.jpg QUERY_STRING: HTTP_USER_AGENT: WordPress/3.7; https: //www.infolotnicze.pl
This is my server so I do not get it 🙁
AITpro AdminKeymasterThe new Brute Force Login page protection code will block Server Protocol HTTP/1.0 Requests. It is possible that this new code will not work on your Server. It is also equally possible that this is a spammer, hacker or scraper using a script that causes the error to appear to be coming from your site. Most likely this is a scraper, harvester or mining script that is trying to grab your image files. These errors will always appear to be coming from your site because scraping, mining, harvesting scripts are designed to mirror your website.
When I go to this URL: infolotnicze.pl/wp-content/uploads/2013/10/C-17_Indie.jpg I see the image of the C-17 plane. So there is not a problem.
KrzysztofParticipantI always get this warning when I try to upload an image or edit a post and add a image.
I did a test for this post:
infolotnicze.pl/2013/04/11/ka-32a11bc-na-aerial-firefighting-conference/
and got:
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - 28/10/2013 - 17:53 <<<<<<<<<<< REMOTE_ADDR: 185.5.98.32 Host Name: vz13304.dahost.pl SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/2013/04/INAER_Ka-32A11BC_with_Bambi_Bucket.jpg QUERY_STRING: HTTP_USER_AGENT: WordPress/3.7; https: //www.infolotnicze.pl
My server is a VPS.
The problem is more complex I think – when I was adding this image it was blank i wordpress library –
http: //img404.imageshack.us/img404/7884/bbp.png
AITpro AdminKeymasterTry removing the new Brute Force Login page protection code from your root .htaccess file. It may not work on your Server. If your Server is using an outdated or old version of Proxy software the uses Server Protocol HTTP/1.0 then these are the exact problems that would occur. Or if you have some old or outdated Proxy or other software on your computer then this would also occur.
Click on the BPS Pro Custom Code menu link.
Click on the Root htaccess File Custom Code accordion tab.
Add a pound sign # in this Custom Code Text box: CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:
Click the Save Root Custom Code button.
Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.KrzysztofParticipantThis doesn’t work. Now the funny thing – I got two new errors which represent two photos which I was tring to attach but had no preview in media site as in the link above. Maybe I could ask my support to change something on my VPS – or what else can I change? Everything was working great util 3.7 update.
AITpro AdminKeymasterYou have to find the problem before you can create a solution. First eliminate that BPS Pro is involved in the problem by doing the standard BPS Pro troubleshooting steps in the link below.
Do troubleshooting steps 1 through 5 and let me know what happens after testing.
http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting
KrzysztofParticipantMy VPS support gave me some logs:
lRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace. [Mon Oct 28 16:03:59 2013] [error] [client 85.221.244.235] client denied by server configuration: /home/admin/domains/infolotnicze.pl/private_html/wp-content/plugins /microkids-related-posts/microkids-related-posts.js, referer: https: //www.infolotnicze.pl/wp-admin/post.php?post=23488&action=edit [Mon Oct 28 16:04:00 2013] [error] [client 85.221.244.235] client denied by server configuration: /home/admin/domains/infolotnicze.pl/private_html/wp-content/plugins /microkids-related-posts/microkids-related-posts.js, referer: https: //www.infolotnicze.pl/wp-admin/post.php?post=23488&action=edit [Mon Oct 28 16:05:28 2013] [error] [client 85.221.244.235] client denied by server configuration: /home/admin/domains/infolotnicze.pl/private_html/wp-content/plugins /microkids-related-posts/microkids-related-posts.js, referer: https: //www.infolotnicze.pl/wp-admin/post.php?post=23488&action=edit&message=1 [Mon Oct 28 16:06:05 2013] [error] [client 85.221.244.235] client denied by server configuration: /home/admin/domains/infolotnicze.pl/private_html/wp-content/plugins /microkids-related-posts/microkids-related-posts.js, referer: https: //www.infolotnicze.pl/wp-admin/post.php?post=23539&action=edit [Mon Oct 28 16:06:59 2013] [error] [client 85.221.244.235] client denied by server configuration: /home/admin/domains/infolotnicze.pl/private_html/wp-content/plugins /microkids-related-posts/microkids-related-posts.js, referer: https: //www.infolotnicze.pl/wp-admin/post.php?post=23539&action=edit&message=1 [Mon Oct 28 16:07:29 2013] [error] [client 85.221.244.235] client denied by server configuration: /home/admin/domains/infolotnicze.pl/private_html/wp-content/plugins /microkids-related-posts/microkids-related-posts.js, referer: https: //www.infolotnicze.pl/wp-admin/post.php?post=23539&action=edit&message=1 [Mon Oct 28 16:08:22 2013] [error] [client 85.221.244.235] client denied by server configuration: /home/admin/domains/infolotnicze.pl/private_html/wp-content/plugins /microkids-related-posts/microkids-related-posts.js, referer: https: //www.infolotnicze.pl/wp-admin/post.php?post=23592&action=edit [Mon Oct 28 16:09:18 2013] [error] [client 85.221.244.235] client denied by server configuration: /home/admin/domains/infolotnicze.pl/private_html/wp-content/plugins /microkids-related-posts/microkids-related-posts.js, referer: https: //www.infolotnicze.pl/wp-admin/post.php?post=23592&action=edit&message=1 [Mon Oct 28 16:09:29 2013] [error] [client 85.221.244.235] client denied by server configuration: /home/admin/domains/infolotnicze.pl/private_html/wp-content/plugins /microkids-related-posts/microkids-related-posts.js, referer: https: //www.infolotnicze.pl/wp-admin/post.php?post=23621&action=edit [Mon Oct 28 16:10:23 2013] [error] [client 85.221.244.235] client denied by server configuration: /home/admin/domains/infolotnicze.pl/private_html/wp-content/plugins/microkids-related-posts/microkids-related-posts.js, referer: https: //www.infolotnicze.pl/wp-admin/post.php?post=23621&action=edit&message=1 [Mon Oct 28 16:42:29 2013] [error] [client 152.83.241.205] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace. [Mon Oct 28 16:42:30 2013] [error] [client 152.83.241.205] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace. [Mon Oct 28 16:52:40 2013] [error] [client 152.83.241.205] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace. [Mon Oct 28 16:52:41 2013] [error] [client 152.83.241.205] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace. [Mon Oct 28 17:35:27 2013] [error] [client 152.83.241.205] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace. [Mon Oct 28 17:35:28 2013] [error] [client 152.83.241.205] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.</p
AITpro AdminKeymasterThis looks like another problem with this plugin and is not related to the Media upload problem. Do you see any logged errors in your BPS Pro Security Log for this plugin?
AITpro AdminKeymasterTry whitelisting post.php in your wp-admin .htaccess file. This plugin may be calling post.php in a way that is seen as a threat to BPS.
Add this wp-admin .htaccess bypass / skip rule below to the wp-admin Custom Code text box – CUSTOM CODE WPADMIN PLUGIN FIXES: Add ONLY WPADMIN personal plugin fixes code here
ONLY add valid htaccess code below or text commented out with a pound sign #…save this code by clicking the Save wp-admin Custom Code button and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security. If you have other wp-admin skip/bypass rules already then either combine them or add this skip/bypass rule separately above the other rules and change the skip #. Example: If you already have skip #’s 2 and 3 then this rule would be skip rule #4.
# post.php skip/bypass rule RewriteCond %{REQUEST_URI} (post\.php) [NC] RewriteRule . - [S=2]
KrzysztofParticipantThis custom code doesn’t work 🙁
AITpro AdminKeymasterPlease explain in exact specific details what you are talking about. I am guessing that you are talking about the problem with this plugin: microkids-related-posts. The problem with that plugin may not have anything to do with BPS or anything else and may just be a coding problem in that plugin. Does that plugin work? Have you done the BPS troubleshooting steps to see if this has anything to do with BPS?
KrzysztofParticipantNow in admin pane I have:
Notice: Undefined variable: D8 in /xxx/infolotnicze.pl/public_html/wp-content/plugins/bulletproof-security/admin/php/php-options.php on line 1851 Notice: Undefined variable: � in /xxx/infolotnicze.pl/public_html/wp-content/plugins/bulletproof-security/includes/functions.php on line 130
after enabling debuging in wp-config
AITpro AdminKeymasterDisregard these errors. They are insignificant. Have you done the BPS troubleshooting steps to determine if BPS has anything to do with the other issues on this site?
-
AuthorPosts
- You must be logged in to reply to this topic.