BackupBuddy – wget cron blocked – 403 error

Home Forums BulletProof Security Free BackupBuddy – wget cron blocked – 403 error

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #35568
    Vladimir
    Participant

    Help pls. I have BackupBuddy and cannot make a regular backup.

    BackupBuddy says there is a problem with cron jobs, I contacted Siteground, they made modifications and made Cpanel Cron Job which is blocked by BPS.

    They say allowing the cron job to be triggered from IP XXX.X.XXX.XXX would fix this and I searched for the forum but I could not find a fix. I removed wget| from user agent as well.

    siteground.eu 15:00:00 Tue Apr 03 ~/public_html/
    └─> wget --no-check-certificate -O - https://www.xxxxxxxx.xx/wp-cron.php?doing_wp_cron
    --2018-04-03 15:00:02-- https://www.xxxxxxxx.xx/wp-cron.php?doing_wp_cron
    Resolving www.xxxxxxxx.xx (www.xxxxxxxx.xx)... xxx.xx.xx.xxx, xxx.xx.xx.xxx, xxxx:xxxx:xxxx:1::xxxx:xxxx, ...
    Connecting to www.xxxxxxxx.xx (www.xxxxxxxx.xx)|xxx.xx.xx.xxx|:xxx... connected.
    HTTP request sent, awaiting response... 403 Forbidden
    2018-04-03 15:00:02 ERROR 403: Forbidden.
    #35569
    AITpro Admin
    Keymaster

    See this forum topic for the steps to allow wget crons > https://forum.ait-pro.com/forums/topic/rss-link-bomber-cron-job-blocked/. If you are using a caching plugin or some other form of caching then be aware that Query Strings are cached: ?doing_wp_cron. Using Direct Crons instead of the standard WP Crons could effect plugin and theme cron jobs if there is a caching problem/issue. See this forum topic for more information regarding that issue > https://forum.ait-pro.com/forums/topic/siteground-arq-turns-off-during-updates/#post-35560

    #35628
    Vladimir
    Participant

    Thank you for the help but it did not resolve my issue…

    I updated my cron job and added the code

    lynx -source https://www.xxxxxxxxxxxxxx.xx/subfolder/wp-cron.php > /dev/null 2>&1

    I believe I have to create wp-admin Skip/Bypass rule, please look at the 403 error I’m getting when I try to manually start the cron job

     [403 GET Request: April 9, 2018 - 9:42 pm]
    BPS: 2.9
    WP: 4.9.5
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: xxx.xxx.xx.xxx
    Host Name: xxx.xxx.xx.xxx
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.xxxxxxxxxxxxxx.xx/subfolder/wp-admin/admin.php?page=pb_backupbuddy_server_tools
    REQUEST_URI: /subfolder/wp-admin/admin.php?page=pb_backupbuddy_server_tools&run_cron=1523306218|backupbuddy_cron|e0dbe855bf1a87f3b492be074edddc48&value=%3Cspan%20title=%27Key:%20e0dbe855bf1a87f3b492be074edddc48%27%3Ebackupbuddy_cron%3C/span%3E
    QUERY_STRING: page=pb_backupbuddy_server_tools&run_cron=1523306218|backupbuddy_cron|e0dbe855bf1a87f3b492be074edddc48&value=%3Cspan%20title=%27Key:%20e0dbe855bf1a87f3b492be074edddc48%27%3Ebackupbuddy_cron%3C/span%3E
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

    Thank you for all the help in advance.

     

    #35638
    AITpro Admin
    Keymaster

    Try this:

    1. Copy the wp-admin htaccess code below into this BPS wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
    2. Click the save wp-admin Custom Code button.
    3. Go to the Security Modes page and click the wp-admin folder BulletProof Mode Activate button.

    # BackupBuddy Query String skip/bypass rule
    RewriteCond %{QUERY_STRING} page=pb_backupbuddy_server_tools(.*) [NC]
    RewriteRule . - [S=2]
    #35643
    Vladimir
    Participant

    Dear AIT,

    All of this worked so far but it does not fix my issue. I contacted my hosting Siteground and they gave me the following

    • The bulletproof security rules are causing this request to be rejected and the cron job couldn’t be triggered.

    I changed the cron job to

    lynx -source https://www.xxxxxxxxxxxxxx.xx/subfolder/wp-cron.php > /dev/null 2>&1

    I removed “?doing_wp_cron” as I believe I do not need this line

    And added the code as you mentioned

    I can now start crons remotely but they are not triggering automatically.

    • Siteground also said – For this setup to work with the plugin, the bulletproof security rules would either have to be modified to allow the cron job to be triggered from a specific IP address  (the main IP of the server which hosts your account).

    Is there a way to whitelist my server IP?

    #35644
    AITpro Admin
    Keymaster

    I do not think an IP address whitelist rule is needed.  You definitely need the ?doing_wp_cron Query String in the URL/URI.  Also if you are doing anything with caching you need to add a random string generator (MD5 works well) after the doing_wp_cron Query String.  Example URI request output:  ?doing_wp_cron&89765789095. See this forum topic for a reference regarding this issue > https://forum.ait-pro.com/forums/topic/siteground-arq-turns-off-during-updates/#post-35560.  Try putting the Query String back and add a random string generator if you are doing anything with caching/CDN’s, etc.

    #35651
    Vladimir
    Participant

    Dear Ait,

    Finally, I got some progress with EasyCron. Making a random string generator on my own is above my knowledge and this works

    https://mywebsite.com/wp-cron.php?doing_wp_cron&__RANDOM__

    I removed the cpanel Cron Job.

    Should I remove any of the code I implemented before

    # BackupBuddy Query String skip/bypass rule 
    RewriteCond %{QUERY_STRING} 
    page=pb_backupbuddy_server_tools(.*) [NC] 
    RewriteRule . - [S=2]e

    and I implemented CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS without wget

    #35652
    AITpro Admin
    Keymaster

    Great! Glad you got it working. The BackupBuddy Query String whitelist rule may or may not still be needed. Try removing it and see if things still work. If the problem occurs again then add the BackupBuddy Query String whitelist rule.

    #43183
    Larry Lujan
    Participant

    cbc

Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.