403 Error for legitimate search

Home Forums BulletProof Security Pro 403 Error for legitimate search

This topic contains 9 replies, has 2 voices, and was last updated by  AITpro Admin 5 months, 1 week ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #34733

    Living Miracles
    Participant

    Hi,

    I have a SiteGround-hosted site that relies on a good search functionality. I just tried doing a search for a word that includes an apostrophe and got blocked by BPS Pro.

    Here are the security log entries:
    [403 GET Request: December 5, 2017 - 12:14 pm]
    BPS Pro: 13.4
    WP: 4.9.1
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 187.139.4.60
    Host Name: dsl-187-139-4-60-dyn.prod-infinitum.com.mx
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: https://acim.me/
    REQUEST_URI: /?s=god%27s
    QUERY_STRING: s=god%27s
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
    [403 GET Request: December 5, 2017 - 12:15 pm]
    BPS Pro: 13.4
    WP: 4.9.1
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 187.139.4.60
    Host Name: dsl-187-139-4-60-dyn.prod-infinitum.com.mx
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: https://acim.me/?s=god+is
    REQUEST_URI: /?s=%22god%27s%22
    QUERY_STRING: s=%22god%27s%22
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36

    Is there a way to allow these searches that include apostrophes?

    Thank you!
    Jutta

    #34735

    AITpro Admin
    Keymaster

    Yep, simple solution for frontend and backend issues with the single qoute code character issue… See this forum link > https://forum.ait-pro.com/forums/topic/403-forbidden-error-page-for-search/#post-29132

     

    #34736

    Living Miracles
    Participant

    Thanks so much! I was just about to write to you saying that I had figured it out. I did exactly what is suggested in the link you sent.

    I have one other question. On new BPS Pro installations, when the Setup Wizards are run, the BPSQSE BPS QUERY STRING EXPLOITS Custom Code box always gets filled with a block of code automatically. That just happens due to the Autofix functionality, correct?

    Is there a standard block of BPSQSE BPS QUERY STRING EXPLOITS code that I could look at? I’d like to be able to compare some things.

    Thank you!

    #34740

    Living Miracles
    Participant

    Hi again,

    Just wanted to see if you go my previous response. I had two more questions.

    Thank you,
    Jutta

    #34745

    AITpro Admin
    Keymaster

    Sorry for the late reply.  We had some wild fires in our area.  Fortunately we were extremely lucky.  Stressful stuff.  Yep, the Setup Wizard AutoFix feature will automatically add/create BPSQSE BPS QUERY STRING EXPLOITS Custom Code to handle any issues that BPS automatically detects.  You can directly edit the BPSQSE BPS QUERY STRING EXPLOITS Custom Code, save your changes and activate root folder BulletProof mode again to apply any new changes.

    #34756

    Living Miracles
    Participant

    Oh, wow, no problem! Glad to hear you’re safe!!! Are you guys in California?

    Thanks for that information. So, when the AutoFix feature adds the BPSQSE BPS QUERY STRING EXPLOITS custom code automatically, does that mean that some things have gotten automatically changed in the original BPSQSE BPS QUERY STRING EXPLOITS code? If so, is there any way I can see the original code (unchanged by AutoFix) somehow?

    #34757

    AITpro Admin
    Keymaster

    Yep, right under the monster wild fires in our area.  Stressful stuff.  😉  You can go to the B-Core > htaccess File Editor tab page > click the default.htaccess tab and compare/check the standard BPS htaccess code to what AutoFix has created in BPS Custom Code.  If you want me to take a look at your BPSQSE BPS QUERY STRING EXPLOITS code please post it in your reply.

    #34760

    Living Miracles
    Participant

    Wowie!

    Perfect. Thanks for helping with this 🙂 All clear now!

    #34761

    Living Miracles
    Participant

    Oh, actually. When I look at the default.htaccess file, this is all I see for the content:

    #   BULLETPROOF PRO DEFAULT .HTACCESS      
    
    # WARNING!!! THE default.htaccess FILE DOES NOT PROTECT YOUR WEBSITE AGAINST HACKERS
    # This is a standard generic htaccess file that does NOT provide any website security
    # The DEFAULT .HTACCESS file should be used for testing and troubleshooting purposes only
    
    # BEGIN BPS WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END BPS WordPress

    Any idea why I’m not seeing any other code in there?

    #34774

    AITpro Admin
    Keymaster

    Oops meant the secure.htaccess tab. 😉

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.