403 Error for legitimate search

Home Forums BulletProof Security Pro 403 Error for legitimate search

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • December 5, 2017 at 11:22 am #34733
    Living Miracles
    Participant

    Hi,

    I have a SiteGround-hosted site that relies on a good search functionality. I just tried doing a search for a word that includes an apostrophe and got blocked by BPS Pro.

    Here are the security log entries:
[403 GET Request: December 5, 2017 - 12:14 pm]
BPS Pro: 13.4
WP: 4.9.1
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 187.139.4.60
Host Name: dsl-187-139-4-60-dyn.prod-infinitum.com.mx
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: https://acim.me/
REQUEST_URI: /?s=god%27s
QUERY_STRING: s=god%27s
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
    [403 GET Request: December 5, 2017 - 12:15 pm]
BPS Pro: 13.4
WP: 4.9.1
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 187.139.4.60
Host Name: dsl-187-139-4-60-dyn.prod-infinitum.com.mx
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: https://acim.me/?s=god+is
REQUEST_URI: /?s=%22god%27s%22
QUERY_STRING: s=%22god%27s%22
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36

    Is there a way to allow these searches that include apostrophes?

    Thank you!
    Jutta

    December 5, 2017 at 4:36 pm #34735
    AITpro Admin
    Keymaster

    Yep, simple solution for frontend and backend issues with the single qoute code character issue… See this forum link > https://forum.ait-pro.com/forums/topic/403-forbidden-error-page-for-search/#post-29132

     

    December 5, 2017 at 4:42 pm #34736
    Living Miracles
    Participant

    Thanks so much! I was just about to write to you saying that I had figured it out. I did exactly what is suggested in the link you sent.

    I have one other question. On new BPS Pro installations, when the Setup Wizards are run, the BPSQSE BPS QUERY STRING EXPLOITS Custom Code box always gets filled with a block of code automatically. That just happens due to the Autofix functionality, correct?

    Is there a standard block of BPSQSE BPS QUERY STRING EXPLOITS code that I could look at? I’d like to be able to compare some things.

    Thank you!

    December 7, 2017 at 8:21 am #34740
    Living Miracles
    Participant

    Hi again,

    Just wanted to see if you go my previous response. I had two more questions.

    Thank you,
    Jutta

    December 10, 2017 at 1:23 am #34745
    AITpro Admin
    Keymaster

    Sorry for the late reply.  We had some wild fires in our area.  Fortunately we were extremely lucky.  Stressful stuff.  Yep, the Setup Wizard AutoFix feature will automatically add/create BPSQSE BPS QUERY STRING EXPLOITS Custom Code to handle any issues that BPS automatically detects.  You can directly edit the BPSQSE BPS QUERY STRING EXPLOITS Custom Code, save your changes and activate root folder BulletProof mode again to apply any new changes.

    December 10, 2017 at 8:56 am #34756
    Living Miracles
    Participant

    Oh, wow, no problem! Glad to hear you’re safe!!! Are you guys in California?

    Thanks for that information. So, when the AutoFix feature adds the BPSQSE BPS QUERY STRING EXPLOITS custom code automatically, does that mean that some things have gotten automatically changed in the original BPSQSE BPS QUERY STRING EXPLOITS code? If so, is there any way I can see the original code (unchanged by AutoFix) somehow?

    December 10, 2017 at 9:49 am #34757
    AITpro Admin
    Keymaster

    Yep, right under the monster wild fires in our area.  Stressful stuff.  😉  You can go to the B-Core > htaccess File Editor tab page > click the default.htaccess tab and compare/check the standard BPS htaccess code to what AutoFix has created in BPS Custom Code.  If you want me to take a look at your BPSQSE BPS QUERY STRING EXPLOITS code please post it in your reply.

    December 10, 2017 at 12:12 pm #34760
    Living Miracles
    Participant

    Wowie!

    Perfect. Thanks for helping with this 🙂 All clear now!

    December 10, 2017 at 4:10 pm #34761
    Living Miracles
    Participant

    Oh, actually. When I look at the default.htaccess file, this is all I see for the content:

    #   BULLETPROOF PRO DEFAULT .HTACCESS      

# WARNING!!! THE default.htaccess FILE DOES NOT PROTECT YOUR WEBSITE AGAINST HACKERS
# This is a standard generic htaccess file that does NOT provide any website security
# The DEFAULT .HTACCESS file should be used for testing and troubleshooting purposes only

# BEGIN BPS WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END BPS WordPress

    Any idea why I’m not seeing any other code in there?

    December 10, 2017 at 9:01 pm #34774
    AITpro Admin
    Keymaster

    Oops meant the secure.htaccess tab. 😉

  • Author
    Posts
Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.