403 with Beaver Builder

Home Forums BulletProof Security Pro 403 with Beaver Builder

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • July 15, 2025 at 4:27 pm #45136
    handsunc
    Participant

    Hi I used to be able to use Beaver Builder, now I get a 403, Security codeĀ  is here

    [403 GET Request: July 15, 2025 - 7:19 pm]
BPS Pro: 17.5
WP: 6.8.1
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 108.188.57.145
Host Name: syn-108-188-057-145.biz.spectrum.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: https://westcoasthairdesign.com/frequently-asked-questions/?fl_builder&fl_builder_ui&wd_fb_og_status=-2&wd_fb_og_error=Facebook+returned%3A+%28%23100%29+Must+have+a+valid+access+token+or+a+valid+url_hmac
REQUEST_URI: /frequently-asked-questions/?fl_builder&wd_fb_og_status=-2&wd_fb_og_error=Facebook%20returned:%20(
QUERY_STRING: fl_builder&wd_fb_og_status=-2&wd_fb_og_error=Facebook%20returned:%20(
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
    July 15, 2025 at 5:05 pm #45137
    AITpro Admin
    Keymaster

    The Query String has a round bracket code character in it ( which is being blocked by this BPS Query String Exploit security rule RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR].

    Go to the Custom Code tab page > click the Root Custom Code accordion button > Scroll down to Custom Code text box 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
    Edit the existing custom code and comment out the security rule shown below with a # sign.
    Click the Save Root Custom Code button.
    Go to the Security Modes tab page and click the Root Folder BulletProof Mode Activate button.

    #RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    July 16, 2025 at 5:50 am #45138
    handsunc
    Participant

    To the rescue again, thank you!! Can you recommend a good place to learn how to harden server ports? or points of entry?. I have two shared servers and one VPS that got hacked in the last two weeks, all sites are updated and have bulletproof installed. I noticed the hacks becasue of the quarantine notifications and also from malcare notifications. on the VPS every site had been infected and on one of the servers even though I hd replaced wordpress and all plugins I kept getting a file inserted into wp-includes. It is exhausting to fix sites so often, all are now showing clear in malcare scans. ANy advice you can give me would be greatly appreciated!! This is what support wrote:

    I believe I have managed to destroy the last remnant of the malware.

    I believe you had likely already destroyed the last files that remain. However the process was spawning itself with a full fledged shell:

    php -n

    The -n flag was being used to bypass the master php.ini file, which blocks eval, shell and shell_exec.

    auditd was use to confirm that the actual spawn point of the execution was both domains’ main directory. Renaming both directories allowed me to kill the process and prevent them from re spawning. Which is what has happening before.

    I have confirmed that the plugin-info.php file no longer regenerates in your domain.

    July 16, 2025 at 8:00 am #45139
    AITpro Admin
    Keymaster

    Honest recommendation > get rid of the VPS server and move your websites to Shared hosting. Why? VPS servers are sold to average folks without any warning that you are getting a bare bones server with minimal security and securing your VPS is entirely on you. Telling people that would obviously cause VPS server sales to plummet. Shared hosting servers are secured by server security professionals and those servers are then cloned. So that they only need to image a new secure server from that clone.

    Securing a VPS server is technically not rocket science, but it is an ongoing thing. You will need to continue to update your VPS server on an ongoing basis forever. With Shared hosting the host does that.

    If you want to keep your VPS server then do this google search: vps server security

    Important Note: You will need to read between the lines for some sites that are selling something. If the information is telling you that server hacks are caused by things you installed that is a red flag. Honest information will include native security vulnerabilities in servers themselves.

    July 16, 2025 at 8:39 am #45140
    handsunc
    Participant

    Thank you!! I appreciate you!

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.