Home › Forums › BulletProof Security Pro › Beaver Builder – 403 error – UAEG blocking js scripts
Tagged: 403 error, Beaver Builder, UAEG, Uploads Anti-Exploit Guard
- This topic has 21 replies, 4 voices, and was last updated 7 years ago by AITpro Admin.
-
AuthorPosts
-
PhilParticipant
My sites that use the ‘Beaver Builder’ plugin are not playing well with BPS Pro. I’ll post my logs below. Hopefully I’ll be able to figure out how to fix these issues myself in the future, but so far I’m not quite understanding it. I very much appreciate your help.
[403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/easy-digital-downloads/assets/js/edd-ajax.min.js?ver=2.6.13 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.fitvids.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.bxslider.min.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.wookmark.min.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.mosaicflow.min.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.waypoints.min.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.magnificpopup.min.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: UAEGWR-HPR Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/uploads/bb-plugin/cache/24-layout.js?ver=8d5522b25b17a6995116754d708f8b3d QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/media-grid/js/frontend.js?ver=4.31 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/auto-hide-admin-bar/js/jquery.hoverIntent.minified.js?ver=4.7 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.fitvids.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/auto-hide-admin-bar/js/ahab.js?ver=4.7 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.bxslider.min.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.wookmark.min.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.mosaicflow.min.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.magnificpopup.min.js?ver=1.9 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: UAEGWR-HPR Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/uploads/bb-plugin/cache/24-layout.js?ver=8d5522b25b17a6995116754d708f8b3d QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/media-grid/js/frontend.js?ver=4.31 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/auto-hide-admin-bar/js/jquery.hoverIntent.minified.js?ver=4.7 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/auto-hide-admin-bar/js/ahab.js?ver=4.7 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:07 pm] Event Code: PFWR-PSBR-HPR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/plugins/media-grid/js/mediaelement/mediaelement-and-player.min.js QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [Plugin Firewall AutoPilot Mode New Whitelist Rule(s) Created: December 8, 2016 - 7:16 pm] Whitelist Rule: /bb-plugin/js/jquery.waypoints.min.js Whitelist Rule: /easy-digital-downloads/assets/js/edd-ajax.min.js Whitelist Rule: /bb-plugin/js/jquery.fitvids.js Whitelist Rule: /bb-plugin/js/jquery.bxslider.min.js Whitelist Rule: /bb-plugin/js/jquery.wookmark.min.js Whitelist Rule: /bb-plugin/js/jquery.mosaicflow.min.js Whitelist Rule: /bb-plugin/js/jquery.magnificpopup.min.js Whitelist Rule: /media-grid/js/frontend.js Whitelist Rule: /auto-hide-admin-bar/js/jquery.hoverIntent.minified.js Whitelist Rule: /auto-hide-admin-bar/js/ahab.js Whitelist Rule: /media-grid/js/mediaelement/mediaelement-and-player.min.js [403 GET Request: December 8, 2016 - 7:17 pm] Event Code: UAEGWR-HPR Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/ REQUEST_URI: /play/wp-content/uploads/bb-plugin/cache/24-layout.js?ver=8d5522b25b17a6995116754d708f8b3d QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 [403 GET Request: December 8, 2016 - 7:17 pm] Event Code: UAEGWR-HPR Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/play/playshops-for-individuals/ REQUEST_URI: /play/wp-content/uploads/bb-plugin/cache/94-layout.js?ver=0a4419d601db3db554d9ef1b7740c249 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
AITpro AdminKeymasterUPDATE: 3-14-2017: This UAEG whitelisting method no longer works for Beaver Builder. See new solution: https://forum.ait-pro.com/forums/topic/beaver-builder-plugin/#post-32715
BPS Pro Uploads Anti-Exploit Guard (UAEG) is blocking Beaver Builder js scripts in your WordPress Uploads folder. See the steps below for how to create a whitelist rule in your UAEG htaccess file for this Beaver Builder folder: bb-plugin.
https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
CUSTOM CODE UAEG Help Info
To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box.
2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box.
3. Click the Save UAEG Custom Code button to save your UAEG custom code.
4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.The edit that you want to do in step #2 is this:
If you have an Apache server:
Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name as shown below.
#SetEnvIf Request_URI "bb-plugin/.*$" whitelist
If you have a LiteSpeed server:
Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name as shown below.
#RewriteRule ^bb-plugin/.*$ - [L]
PhilParticipantThanks – that seems to account for only 1 of the errors I listed. There seem to be many other issues as well, no?
AITpro AdminKeymasterScroll down in your Security Log file until you see this: [Plugin Firewall AutoPilot Mode New Whitelist Rule(s) Created: December 8, 2016 – 7:16 pm] Plugin Firewall AutoPilot Mode automatically created whitelist rules for all previous Security Log entries. Eventually UAEG will also do the same thing.
PhilParticipantThanks, your top post up above seemed to work okay, but when I create a new page, the exploit still happens. Here’s an example:
[403 GET Request: December 12, 2016 - 6:54 pm] Event Code: UAEGWR-HPR Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 64.229.246.162 Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.example.com/yes/about/ REQUEST_URI: /yes/wp-content/uploads/bb-plugin/cache/66-layout.js?ver=aa4ed1417cad643f49f290d38ed40999 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
AITpro AdminKeymasterIs the page actually created or not? What is the difference between /play/ and /yes/? Are those page URI’s? What exactly is working now and how are you creating a page? Are you creating a page normally using WordPress “Add Page” or using something custom in Beaver Builder to create a page? Logically the UAEG whitelist rule should work for anything/everything. So if it is not then some kind of additional whitelist rule would be needed to whitelist whatever else Beaver Builder is doing that looks like a hacking attempt against your website to BPS. Do these BPS Pro troubleshooting steps below and test creating a page after doing each step to isolate which BPS security feature is blocking something.
https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting
1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
4. On the Security Modes page, click the UAEG BulletProof Mode Deactivate button.PhilParticipantIs the page actually created or not? It’s created correctly in the backend, but most of the content isn’t visible on the front end.
What is the difference between /play/ and /yes/? Sorry, those are 2 different sites I was referring to. WordPress is installed in those subdirectories ‘play’ and ‘yes’.
What exactly is working now and how are you creating a page? Are you creating a page normally using WordPress “Add Page” or using something custom in Beaver Builder to create a page? I’m creating a page with the usual ‘Add Page’ method, but I’m adding content to the page through the Beaver Builder plugin, which is a drag and drop builder.
I put ‘SetEnvIf Request_URI “bb-plugin/.*$” whitelist’ into the custom code UAEG, but that didn’t fix it. I also removed the js from the ‘FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY’ section, but that didn’t fix it.
I also added the following code to the BPS Root Custom Code text box CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES, but no fix:
# Plugin Name Here skip/bypass RewriteCond %{REQUEST_URI} ^/wp-content/plugins/plugin-folder-name/ [NC] RewriteRule . - [S=13]
The only thing that fixes the problem is deactivating UAEG.
AITpro AdminKeymasterUPDATE: 3-14-2017: This UAEG whitelisting method no longer works for Beaver Builder. See new solution: https://forum.ait-pro.com/forums/topic/beaver-builder-plugin/#post-32715
Ok so since these are 2 different websites then you would need to do the same UAEG Custom Code solution for each of these sites. So let’s get 1 site working and then rinse and repeat for the other site. The problem is isolated to the UAEG htaccess file. I forgot to mention another whitelisting step and also I see that that step is missing from the UAEG forum help topic, which I will add in a minute. That is probably why the whitelist rule for the bb-plugin folder is not working.
https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
CUSTOM CODE UAEG Help Info
To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box.
2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box.
3. Click the Save UAEG Custom Code button to save your UAEG custom code.
4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.The edit that you want to do in step #2 is this:
If you have an Apache server:
Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name as shown below.
#SetEnvIf Request_URI "bb-plugin/.*$" whitelist
If you have a LiteSpeed server:
Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name as shown below.
#RewriteRule ^bb-plugin/.*$ - [L]
If you have an Apache server (this step is not required if you have a LiteSpeed server):
Delete the # signs in front of #Require env whitelist and #Allow from env=whitelist shown highlighted in yellow below in your UAEG code that you copied to CUSTOM CODE UAEG.# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> <IfModule mod_authz_core.c> #Require env whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny #Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch>
PhilParticipantIt turns out most of the conflicts are not with the uploads directory, but with the beaver builder plugin javascript files, and the PFW autopilot isn’t catching most of them. Can I just whitelist the whole plugin?
AITpro AdminKeymasterI see from your previous Security Log entries (shown below) that you posted above that Plugin Firewall AutoPilot Mode successfully created these Plugin Firewall whitelist rules. Maybe you have an invalid whitelist rule in the Plugins Script|File Whitelist Text Area box? Post all of your Plugin Firewall whitelist rules that you see in the Plugins Script|File Whitelist Text Area box.
Also upgrade to BPS Pro 12.5 if you do not have BPS Pro 12.5 installed. Additional Plugin Firewall code was created to handle coding mistakes in other plugins that end up breaking the Plugin Firewall due to invalid whitelist rules being created with any other plugin’s coding mistakes. Also to confirm that the Plugin Firewall is causing the problem do BPS Pro troubleshooting step #3: https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting Note: Once you upgrade to BPS Pro 12.5, the new Plugin Firewall compensation code and filters should automatically fix and create only new valid Plugin Firewall whitelist rules even if there are coding mistakes in other plugins that you have installed.
[Plugin Firewall AutoPilot Mode New Whitelist Rule(s) Created: December 8, 2016 - 7:16 pm] Whitelist Rule: /bb-plugin/js/jquery.waypoints.min.js Whitelist Rule: /easy-digital-downloads/assets/js/edd-ajax.min.js Whitelist Rule: /bb-plugin/js/jquery.fitvids.js Whitelist Rule: /bb-plugin/js/jquery.bxslider.min.js Whitelist Rule: /bb-plugin/js/jquery.wookmark.min.js Whitelist Rule: /bb-plugin/js/jquery.mosaicflow.min.js Whitelist Rule: /bb-plugin/js/jquery.magnificpopup.min.js Whitelist Rule: /media-grid/js/frontend.js Whitelist Rule: /auto-hide-admin-bar/js/jquery.hoverIntent.minified.js Whitelist Rule: /auto-hide-admin-bar/js/ahab.js Whitelist Rule: /media-grid/js/mediaelement/mediaelement-and-player.min.js
PhilParticipantDo I have to update all of my sites to 12.5 manually? It’s not showing up as an update in the WP backend.
(From now on I’ll create new forum topics for each site because I have different BPS issues with every one of my sites and I’ve made it confusing by combining a couple of them here.)
AITpro AdminKeymasterIf you are not seeing the BPS Pro version upgrade on the Plugins page then try doing these things: https://forum.ait-pro.com/forums/topic/wp-mu-plugin-update/#post-22887 to see if you can figure out what is causing the problem. Forum Topics are grouped by plugin name or error message or other related things. So do a forum search to see if the problem and solution already exists.
AITpro AdminKeymasterUPDATE: 3-14-2017: Beaver Builder js scripts are being handled/cached in a way that the standard UAEG folder whitelisting method for the /bb-plugin/ folder will no longer work. The alternative UAEG whitelisting method below needs to be used instead.
Just a reference point/note (see the steps below):
/wp-content/uploads/bb-plugin/cache/7172-layout.js?ver=a1d3869e9df6cdc4be634d507ec278e6
To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box.
2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box. See required edit below.
3. Click the Save UAEG Custom Code button to save your UAEG custom code.
4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.Step #2 edit that needs to be made: Delete js| from the UAEG FilesMatch code as shown in the code below.
# FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> .... .... .... </FilesMatch>
rafaelmagicParticipantThis works on my Apache install for Beaver Builder and BPS Pro.
Currently Beaver is installing files in the “Uploads” folder.
# Beaver Beaver Fix- FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$"> <IfModule mod_authz_core.c> Require env whitelist SetEnvIf Request_URI "bb-plugin/.*$" whitelist Require all denied </IfModule> <IfModule !mod_authz_core.c> <IfModule mod_access_compat.c> Order Allow,Deny #Allow from env=whitelist Deny from all </IfModule> </IfModule> </FilesMatch>
To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box.
2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box.
3. Click the Save UAEG Custom Code button to save your UAEG custom code.
4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.Terry ChadbanParticipant[Topic merged into this relevant Topic]
Hi all,
Given the popularity of page builders like Beaver Builder, Elementor, etc, I would have thought that BPS Pro would be able to play nice with them by now, but it seems not!
[403 GET Request: November 12, 2017 - 1:06 pm] BPS Pro: 13.3.3 WP: 4.8.3 Event Code: UAEGWR-HPRA Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 27.96.200.58 Host Name: 27.96.200.58 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://mybizaus.com/?page_id=46&fl_builder REQUEST_URI: /wp-content/uploads/bb-plugin/cache/46-layout-draft.js QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 [403 POST Request: November 12, 2017 - 1:06 pm] BPS Pro: 13.3.3 WP: 4.8.3 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 27.96.200.58 Host Name: 27-96-200-58-cpe.spintel.net.au SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: POST HTTP_REFERER: https://mybizaus.com/?page_id=46&fl_builder REQUEST_URI: /?page_id=46&fl_builder QUERY_STRING: page_id=46&fl_builder HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data
The problem seems to be that BB uses the Uploads folder to work its magic, which I realize is bad practice, but it is what it is.
I have tried whitelisting the folder in the Uploads folder .htaccess file, but BPS Pro knows more than I do and it keeps deleting the whitelist rule! It is also flagging my IP address as a hacker even though the IP address is also whitelisted. Any suggestions?
Terry
-
AuthorPosts
- You must be logged in to reply to this topic.