Home › Forums › BulletProof Security Pro › 403 GET|HEAD Request Log Entries
Tagged: 403 error, CAPTCHA, captcha log entries
- This topic has 95 replies, 20 voices, and was last updated 3 months ago by x.
-
AuthorPosts
-
AITpro AdminKeymaster
@ MMBCB – I checked your site with Google Chrome Developer tools and did not see any 403 errors. SERVER_PROTOCOL: HTTP/1.0 usually means the Request was made by a spambot or spammer.
MMBCBParticipantCould you please take a look at this: https://wordpress.org/support/topic/hostname-5?replies=6#post-7748523
AITpro AdminKeymasterI checked the forum link and posted a response. Please provide the information requested in my response in that forum thread.
John GaltParticipant[Topic has been merged into this relevant Topic]
Over the last few days our subscribers have been reporting “403 Forbidden” errors when attempting to access our site. Today, after going through plugin settings and then running BPS Wizard, immediately the entire became 403 Forbidden inaccessible to anyone, including site admins. We’ve already contacted our hosting company and requested sever logs, which points to BPS Security plugin as the 403 issue. Below you will find a small snippet of hosting error reporting logs: (Note: I’ve removed the server configuration path from the hosting error log entries below, replacing the path with “……………………….”)
Please advise and thank you in advance!
~~~~~~~~~~~~~~ Hosting Error Log: ~~~~~~~~~~~~~~ referer: http://www.estatetransformation.com/wx1g [Wed Jan 27 13:08:50 2016] [error] [client 82.85.14.105] client denied by server configuration: /home/...............................................wp-content/plugins/bulletproof-security/403.php
~~~~~~~~~~~~~~ BPS Security Log: (just a few log entries from January 28th only) ~~~~~~~~~~~~~~ [403 GET Request: January 28, 2016 - 4:40 am] Event Code: PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 24.140.10.215 Host Name: cable-10-215.sssnet.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/plugins/wccp-pro/watermark.php?type=dw&position=center- center&text=WATERMARKED&font_color=%23000000&r_text=estatetransformation.com&r_font_color= %23efefef&font_size_factor=90&r_font_size_factor=55&text_transparency=65&rotation=40&imagefilter=None&signa ture=This+image+is+protected&stamp=http://estatetransformation.com/wp-content/plugins/wccp- pro/images/testing-logo.png&src=/Images/template_mid_whitenb.jpg QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko [403 GET Request: January 28, 2016 - 4:50 am] Event Code: PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 70.106.227.243 Host Name: pool-70-106-227-243.clppva.fios.verizon.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/plugins/wccp-pro/watermark.php?type=dw&position=center- center&text=WATERMARKED&font_color=%23000000&r_text=estatetransformation.com&r_font_color= %23efefef&font_size_factor=90&r_font_size_factor=55&text_transparency=65&rotation=40&imagefilter=None&signa ture=This+image+is+protected&stamp=http://estatetransformation.com/wp-content/plugins/wccp- pro/images/testing-logo.png&src=/Images/template_top_favicon.png QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
AITpro AdminKeymasterLooks like a typical RFI hacker pattern that is being blocked by these root htaccess filters below. Do these steps and let me know if the simulated RFI hacking attempt against your website is allowed and not blocked. Note an additional whitelist rule may be required in the Primary RFI security filter as well is this does not work.
1. Copy the modified BPS Query String Exploits below to this BPS Root Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# BEGIN BPSQSE BPS QUERY STRING EXPLOITS # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too. # Good sites such as W3C use it for their W3C-LinkChecker. # Use BPS Custom Code to add or remove user agents temporarily or permanently from the # User Agent filters directly below or to modify/edit/change any of the other security code rules below. RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE BPS QUERY STRING EXPLOITS
JenParticipant[Topic has been merged into this relevant Topic]
Hello,I keep getting BPS Security Log emails every 2 hour or so. “Total 403 GET Log Entries” for each email ranges from 900 – 1300. Is this normal? Or is there anything I need to do? Here is a part of the code:
BPS SECURITY LOG ================= ================= [BEGIN Total # of Security Log Entries by Type:] Total 403 GET Request Log Entries: 1025 [END Total # of Security Log Entries by Type:] [403 GET Request: Nov 10, 2016 - 3:07 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.210.97.205 Host Name: ec2-54-210-97-205.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /65-gorgeous-fall-nail-art-designs-to-try-now/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19 [403 GET Request: Nov 10, 2016 - 3:07 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.85.191.35 Host Name: ec2-54-85-191-35.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /best-arm-workouts-for-women QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) [403 GET Request: Nov 10, 2016 - 3:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.210.209.38 Host Name: ec2-54-210-209-38.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /35-ways-to-rock-the-bomber-jacket-trend/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) [403 GET Request: Nov 10, 2016 - 3:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.165.24.101 Host Name: ec2-54-165-24-101.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /65-gorgeous-fall-nail-art-designs-to-try-now/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648) [403 GET Request: Nov 10, 2016 - 3:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.210.97.205 Host Name: ec2-54-210-97-205.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /65-gorgeous-fall-nail-art-designs-to-try-now/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19 [403 GET Request: Nov 10, 2016 - 3:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.210.101.142 Host Name: ec2-54-210-101-142.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /best-arm-workouts-for-women QUERY_STRING: HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)
AITpro AdminKeymaster@ Jen – Post a link to your website so I can take a look at the frontend of your website for any obvious causes for this problem.
JenParticipantThank you for the fast response!
It’s [URL removed/deleted]
AITpro AdminKeymaster@ Jen – You are using Amazon CloudFront – Content Delivery Network (CDN) and also using W3TC on your website. The Security Log 403 errors are for your Amazon CDN. I believe the problem has to do with using the W3TC disk enhanced option. Try switching that W3TC option to disk basic. I believe those are the W3TC setting choices, but it has been several years since I checked or tested W3TC. Also are you using any BPS Bonus Custom Code in BPS Custom Code?
<!-- Performance optimized by W3 Total Cache. Learn more: https://www.w3-edge.com/products/ Page Caching using disk: enhanced Content Delivery Network via cdn.lovika.com
JenParticipantThanks so much for your response! Just changed it to “Disk: Basic” (I’ll keep you updated with the result)
Quick question – I am not sure if this is an related issue. But when I google my site, the google result shows as
cdn.mysite.com
instead ofwww.mysite.com
.Is it because of the same setting? I’m not sure if changing it to “Disk: Basic” will also resolve this prefix URL issue (showing as cdn. instead of www.), which I’ve been trying to solve for the last several weeks OR if it’s totally unrelated.
Thank you again!
AITpro AdminKeymaster@ Jen – Unfortunately, I know very little about CDN’s and have not used one before, but I’m pretty sure that your website should be indexed in Google search results without the cdn subdomain. I did this Google search: “google search results show CDN subdomain” and found this link: http://webmasters.stackexchange.com/questions/59018/remove-subdomains-from-google-index-and-stop-indexing-them If you do not find the answer in that link then look around some more and see if you can find the answer. Unfortunately, I can’t offer any other guesses.
JenParticipantOk, Thank you so much again! (could you please remove the site URL – I wasn’t able to edit it)
JenParticipantHi, I keep getting the log even though I switched to “Basic: Disk” – Not sure why this keeps happening. This time it shows “Total 403 GET Request Log Entries: 1219”. Here is a part of the code (looks similar to the previous one I provided).
BPS SECURITY LOG ================= ================= [BEGIN Total # of Security Log Entries by Type:] Total 403 GET Request Log Entries: 1219 [END Total # of Security Log Entries by Type:] [403 GET Request: Nov 11, 2016 - 1:07 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 52.90.73.229 Host Name: ec2-52-90-73-229.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /65-gorgeous-fall-nail-art-designs-to-try-now/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0 [403 GET Request: Nov 11, 2016 - 1:07 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.210.101.148 Host Name: ec2-54-210-101-148.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /best-arm-workouts-for-women QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) [403 GET Request: Nov 11, 2016 - 1:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.86.137.210 Host Name: ec2-54-86-137-210.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /65-gorgeous-fall-nail-art-designs-to-try-now/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) [403 GET Request: Nov 11, 2016 - 1:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.172.246.155 Host Name: ec2-54-172-246-155.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /chanel-2016-fall-winter-handbags/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0 [403 GET Request: Nov 11, 2016 - 1:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.210.101.148 Host Name: ec2-54-210-101-148.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /summer-white/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.5 Safari/534.55.3 [403 GET Request: Nov 11, 2016 - 1:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.152.162.237 Host Name: ec2-54-152-162-237.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /how-to-wear-slip-dress-trend/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19 [403 GET Request: Nov 11, 2016 - 1:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.210.209.38 Host Name: ec2-54-210-209-38.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /summer-white/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.5 Safari/534.55.3 [403 GET Request: Nov 11, 2016 - 1:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 54.210.99.189 Host Name: ec2-54-210-99-189.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /best-arm-workouts-for-women QUERY_STRING: HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648) [403 GET Request: Nov 11, 2016 - 1:08 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 107.22.97.6 Host Name: ec2-107-22-97-6.compute-1.amazonaws.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /how-to-wear-slip-dress-trend/ QUERY_STRING: HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)
AITpro AdminKeymaster@ Jen – Ok well it has something to do with your CDN since all of the Security Log entries are amazon log entries. What I don’t know is why that is happening. Lots of people use CDN’s with BPS and these 403 errors do not occur/are not logged for the amazon bot. So either something is not setup correctly with your CDN, you have corrupt cache somewhere (probably on the CDN side), W3TC settings problem, another plugin is conflicting with things or last, but not least – even though these amazon bot log entries say they are GET Requests it is possible that they are really HEAD Requests, but due to something that is fubar with something the bot Requests look like GET Requests to BPS or they are fubar HEAD Requests failing as GET Requests.
So the only suggestions I can make are these suggestions:
Try whitelisting HEAD Requests by doing the steps below:
1. Copy the REQUEST METHODS FILTERED .htaccess code below to the BPS Root Custom Code text box: CUSTOM CODE REQUEST METHODS FILTERED
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# REQUEST METHODS FILTERED # If you want to allow HEAD Requests use BPS Custom Code and copy # this entire REQUEST METHODS FILTERED section of code to this BPS Custom Code # text box: CUSTOM CODE REQUEST METHODS FILTERED. # See the CUSTOM CODE REQUEST METHODS FILTERED help text for additional steps. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC] RewriteRule ^(.*)$ - [F] #RewriteCond %{REQUEST_METHOD} ^(HEAD) [NC] #RewriteRule ^(.*)$ /wp-content/plugins/bulletproof-security/405.php [L]
Or deactivate Root Folder BulletProof Mode and just use the standard default root htaccess file.
ChrisParticipantHello!
We are two admin on a single wordpress website. My friend has setup Jetpack and connected it to his wordpress.com account to get statistics.
Today, when I tried to connect to the admin through my own wordpress.com account I get an error message. (But afterwards I was able to connect by entering “myurl/wp-admin” as usual.
Of course there was an error log shown below.
My question is : how can I ensure there will be no more errors like this one for me and my friend ? (My friend hasn’t tested that yet but…)
Thanks for your support !
[403 GET Request: 5 aout 2017 - 13:30] BPS: 2.3 WP: 4.8.1 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 90.14.xxx.xxx Host Name: ALyon-651-1-219-173.w90-14.abo.wanadoo.fr SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://wordpress.com/ REQUEST_URI: /wp-admin/?redirect_to=http://myurl/wp-admin/&request_redirect_to&calypso_env=production&jetpack-sso-auth-redirect=1 QUERY_STRING: redirect_to=http://myurl/wp-admin/&request_redirect_to&calypso_env=production&jetpack-sso-auth-redirect=1 HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
-
AuthorPosts
- You must be logged in to reply to this topic.