.49.3 mod_security issue – code mod pending for .49.4

Home Forums BulletProof Security Free .49.3 mod_security issue – code mod pending for .49.4

This topic contains 20 replies, has 5 voices, and was last updated by  AITpro Admin 3 years, 7 months ago.

Viewing 6 posts - 16 through 21 (of 21 total)
  • Author
    Posts
  • #10537

    AITpro Admin
    Keymaster

    What is happening with your code modification above is this:

    If the Request URI is your login page “AND” the user agent is blank then apply the other conditions so basically this would only apply to blank user agents using HTTP/1.0 instead of what is intended is “OR”.  A blank user agent “OR” any Request that is made using HTTP/1.0.

    # BRUTE FORCE LOGIN PAGE PROTECTION
    # Protects the Login page from SpamBots & Proxies
    # that use Server Protocol HTTP/1.0 or a blank User Agent
    RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ - [F,L]
    #10625

    Oscar Polat
    Participant

    I upgraded to 49.4 just a minute ago. I cannot logout or login. This time I am getting the following error:
    Error 404
    Nothing Found
    Sorry, the post you are looking for is not available. Maybe you want to perform a search?

    #10626

    AITpro Admin
    Keymaster

    We have decided not to include the Brute Force Login page protection code as standard code in BPS.  We are reverting back to the previous method of offering this code as Bonus code with a Dismiss Notice.  We will be releasing BPS .49.5 today and it will not include the Brute Force Login page protection code as standard code in the root .htaccess file.

    To remove the Brute Force Login page protection code do these steps.

    Go to the Custom Code tab page.
    Click on the Root htaccess File Custom Code accordion tab.
    Add a pound sign # in this Custom Code Text box: CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION:
    Click the Save Root Custom Code button.
    Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    #10639

    AITpro Admin
    Keymaster

    BPS .49.5 Whats New page help info
    Brute Force Login Protection code:
    The success/fail ratio for the Brute Force Login page protection code was 95%/5% success/fail. We have decided not to make this code standard BPS root .htaccess file code and are reverting back to using the Bonus Code Dismiss Notice so that this code is optional and not standard code. If you are already using this code and it is working fine on your site then copy and paste the code to this BPS Custom Code text box: CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION to save it permanently. BPS will no longer automatically add this code to the root .htaccess file as standard BPS code.

    If you are seeing a 403 error when logging in or logging out of your website delete the code shown below from your root .htaccess file.

    # BRUTE FORCE LOGIN PAGE PROTECTION
    # Protects the Login page from SpamBots & Proxies
    # that use Server Protocol HTTP/1.0 or a blank User Agent
    RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
    RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ - [F,L]
    #18690

    Kouichi Sugawara
    Participant

    Hi AITpro

    Now Display – Bonus Custom Code: Brute Force Login Protection
    This proteciton may be not needed for me.

    How to clear this diplay ?

    #18693

    AITpro Admin
    Keymaster

    Click the “Dimiss Notice” link to Dismiss Notices.

    Bonus Custom Code: Brute Force Login Protection
    You may already have this code in your root .htaccess file. In BPS Pro 7.6 this code was standard code and was removed due to this code being problematic for a small number of folks.
    Click the Click Here link below for instructions on how to either check for this code in your root .htaccess file or how to add this code to BPS Pro Custom Code.
    Click Here for how to check for or get the additional Brute Force Login Protection code for your website.
    To Dismiss this Notice click the Dismiss Notice link below. To Reset Dismiss Notices click the Reset/Recheck Dismiss Notices button on the S-Monitor page.
    Dismiss Notice

Viewing 6 posts - 16 through 21 (of 21 total)

You must be logged in to reply to this topic.