We put a video embed which contains login request form, for example on this page:
http://www.vintagepornbay.com/uk/a-promise-of-bed-1970-uk-high-quality-vintage-porn-movie-download/
When we click on login button it returns this error:
——————
vintagepornbay.com 403 Forbidden Error Page
If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
IP Address: xxxxxxx (I have censored this ip)
——————
If I put this code into custom htaccess from bps settings:
RewriteCond %{HTTP_REFERER} !^.*/embed-cashp9coidpj.html
The error vanishes but nothing happens. No login is processed.
——————
Here is the security log entry for this:
[403 POST Request: August 6, 2017 8:59 am]
BPS: 2.3
WP: 4.8.1
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 178.62.5.157
Host Name: 178.62.5.157
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.vintagepornbay.com/embed-cashp9coidpj.html
REQUEST_URI: /embed-cashp9coidpj.html
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
REQUEST BODY: op=login&id=cashp9coidpj&ios=&g-recaptcha-response=&login=test&password=blabla