Beaver Builder – 403 error – UAEG blocking js scripts

Home Forums BulletProof Security Pro Beaver Builder – 403 error – UAEG blocking js scripts

This topic contains 21 replies, has 4 voices, and was last updated by  AITpro Admin 7 months, 1 week ago.

Viewing 15 posts - 1 through 15 (of 22 total)
  • Author
    Posts
  • #31693

    Phil
    Participant

    My sites that use the ‘Beaver Builder’ plugin are not playing well with BPS Pro. I’ll post my logs below. Hopefully I’ll be able to figure out how to fix these issues myself in the future, but so far I’m not quite understanding it. I very much appreciate your help.

    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/easy-digital-downloads/assets/js/edd-ajax.min.js?ver=2.6.13
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.fitvids.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.bxslider.min.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.wookmark.min.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.mosaicflow.min.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.waypoints.min.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.magnificpopup.min.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: UAEGWR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/uploads/bb-plugin/cache/24-layout.js?ver=8d5522b25b17a6995116754d708f8b3d
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/media-grid/js/frontend.js?ver=4.31
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/auto-hide-admin-bar/js/jquery.hoverIntent.minified.js?ver=4.7
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.fitvids.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/auto-hide-admin-bar/js/ahab.js?ver=4.7
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.bxslider.min.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.wookmark.min.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.mosaicflow.min.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/bb-plugin/js/jquery.magnificpopup.min.js?ver=1.9
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: UAEGWR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/uploads/bb-plugin/cache/24-layout.js?ver=8d5522b25b17a6995116754d708f8b3d
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/media-grid/js/frontend.js?ver=4.31
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/auto-hide-admin-bar/js/jquery.hoverIntent.minified.js?ver=4.7
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/auto-hide-admin-bar/js/ahab.js?ver=4.7
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:07 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/plugins/media-grid/js/mediaelement/mediaelement-and-player.min.js
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [Plugin Firewall AutoPilot Mode New Whitelist Rule(s) Created: December 8, 2016 - 7:16 pm]
    Whitelist Rule: /bb-plugin/js/jquery.waypoints.min.js
    Whitelist Rule: /easy-digital-downloads/assets/js/edd-ajax.min.js
    Whitelist Rule: /bb-plugin/js/jquery.fitvids.js
    Whitelist Rule: /bb-plugin/js/jquery.bxslider.min.js
    Whitelist Rule: /bb-plugin/js/jquery.wookmark.min.js
    Whitelist Rule: /bb-plugin/js/jquery.mosaicflow.min.js
    Whitelist Rule: /bb-plugin/js/jquery.magnificpopup.min.js
    Whitelist Rule: /media-grid/js/frontend.js
    Whitelist Rule: /auto-hide-admin-bar/js/jquery.hoverIntent.minified.js
    Whitelist Rule: /auto-hide-admin-bar/js/ahab.js
    Whitelist Rule: /media-grid/js/mediaelement/mediaelement-and-player.min.js
    
    [403 GET Request: December 8, 2016 - 7:17 pm]
    Event Code: UAEGWR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/
    REQUEST_URI: /play/wp-content/uploads/bb-plugin/cache/24-layout.js?ver=8d5522b25b17a6995116754d708f8b3d
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    [403 GET Request: December 8, 2016 - 7:17 pm]
    Event Code: UAEGWR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.example.com/play/playshops-for-individuals/
    REQUEST_URI: /play/wp-content/uploads/bb-plugin/cache/94-layout.js?ver=0a4419d601db3db554d9ef1b7740c249
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    

     

    #31694

    AITpro Admin
    Keymaster

    UPDATE:  3-14-2017:  This UAEG whitelisting method no longer works for Beaver Builder.  See new solution: https://forum.ait-pro.com/forums/topic/beaver-builder-plugin/#post-32715

    BPS Pro Uploads Anti-Exploit Guard (UAEG) is blocking Beaver Builder js scripts in your WordPress Uploads folder. See the steps below for how to create a whitelist rule in your UAEG htaccess file for this Beaver Builder folder: bb-plugin.

    https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    CUSTOM CODE UAEG Help Info
    To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
    1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box.
    2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box.
    3. Click the Save UAEG Custom Code button to save your UAEG custom code.
    4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.

    The edit that you want to do in step #2 is this:

    If you have an Apache server:
    Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name as shown below.
    #SetEnvIf Request_URI "bb-plugin/.*$" whitelist

    If you have a LiteSpeed server:
    Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name as shown below.
    #RewriteRule ^bb-plugin/.*$ - [L]

    #31695

    Phil
    Participant

    Thanks – that seems to account for only 1 of the errors I listed. There seem to be many other issues as well, no?

    #31696

    AITpro Admin
    Keymaster

    Scroll down in your Security Log file until you see this:  [Plugin Firewall AutoPilot Mode New Whitelist Rule(s) Created: December 8, 2016 – 7:16 pm]  Plugin Firewall AutoPilot Mode automatically created whitelist rules for all previous Security Log entries.  Eventually UAEG will also do the same thing.

    #31717

    Phil
    Participant

    Thanks, your top post up above seemed to work okay, but when I create a new page, the exploit still happens. Here’s an example:

    
    [403 GET Request: December 12, 2016 - 6:54 pm]
    Event Code: UAEGWR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 64.229.246.162
    Host Name: toroon0240w-lp140-04-64-229-246-162.dsl.bell.ca
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.example.com/yes/about/
    REQUEST_URI: /yes/wp-content/uploads/bb-plugin/cache/66-layout.js?ver=aa4ed1417cad643f49f290d38ed40999
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
    
    
    #31718

    AITpro Admin
    Keymaster

    Is the page actually created or not?  What is the difference between /play/ and /yes/?  Are those page URI’s?  What exactly is working now and how are you creating a page?  Are you creating a page normally using WordPress “Add Page” or using something custom in Beaver Builder to create a page?  Logically the UAEG whitelist rule should work for anything/everything.  So if it is not then some kind of additional whitelist rule would be needed to whitelist whatever else Beaver Builder is doing that looks like a hacking attempt against your website to BPS.  Do these BPS Pro troubleshooting steps below and test creating a page after doing each step to isolate which BPS security feature is blocking something.

    https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
    2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button.  See Custom Code Note if doing this step works.
    4. On the Security Modes page, click the UAEG BulletProof Mode Deactivate button.

    #31750

    Phil
    Participant

    Is the page actually created or not? It’s created correctly in the backend, but most of the content isn’t visible on the front end.

    What is the difference between /play/ and /yes/? Sorry, those are 2 different sites I was referring to. WordPress is installed in those subdirectories ‘play’ and ‘yes’.

    What exactly is working now and how are you creating a page?  Are you creating a page normally using WordPress “Add Page” or using something custom in Beaver Builder to create a page?  I’m creating a page with the usual ‘Add Page’ method, but I’m adding content to the page through the Beaver Builder plugin, which is a drag and drop builder.

    I put ‘SetEnvIf Request_URI “bb-plugin/.*$” whitelist’ into the custom code UAEG, but that didn’t fix it. I also removed the js from the ‘FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY’ section, but that didn’t fix it.

    I also added the following code to the BPS Root Custom Code text box CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES, but no fix:

    # Plugin Name Here skip/bypass
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/plugin-folder-name/ [NC]
    RewriteRule . - [S=13]

    The only thing that fixes the problem is deactivating UAEG.

    #31754

    AITpro Admin
    Keymaster

    UPDATE:  3-14-2017:  This UAEG whitelisting method no longer works for Beaver Builder.  See new solution:  https://forum.ait-pro.com/forums/topic/beaver-builder-plugin/#post-32715

    Ok so since these are 2 different websites then you would need to do the same UAEG Custom Code solution for each of these sites.  So let’s get 1 site working and then rinse and repeat for the other site.  The problem is isolated to the UAEG htaccess file.  I forgot to mention another whitelisting step and also I see that that step is missing from the UAEG forum help topic, which I will add in a minute.  That is probably why the whitelist rule for the bb-plugin folder is not working.

    https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    CUSTOM CODE UAEG Help Info
    To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
    1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box.
    2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box.
    3. Click the Save UAEG Custom Code button to save your UAEG custom code.
    4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.

    The edit that you want to do in step #2 is this:

    If you have an Apache server:
    Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name as shown below.
    #SetEnvIf Request_URI "bb-plugin/.*$" whitelist

    If you have a LiteSpeed server:
    Remove/delete the # sign from infront of this line of code in your UAEG htaccess code and change the folder name as shown below.
    #RewriteRule ^bb-plugin/.*$ - [L]

    If you have an Apache server (this step is not required if you have a LiteSpeed server):
    Delete the # signs in front of #Require env whitelist and #Allow from env=whitelist shown highlighted in yellow below in your UAEG code that you copied to CUSTOM CODE UAEG.

    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
    <IfModule mod_authz_core.c>
    #Require env whitelist
    Require all denied
    </IfModule>
    
    <IfModule !mod_authz_core.c>
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    #Allow from env=whitelist
    Deny from all
    </IfModule>
    </IfModule>
    </FilesMatch>
    #31879

    Phil
    Participant

    It turns out most of the conflicts are not with the uploads directory, but with the beaver builder plugin javascript files, and the PFW autopilot isn’t catching most of them. Can I just whitelist the whole plugin?

    #31880

    AITpro Admin
    Keymaster

    I see from your previous Security Log entries (shown below) that you posted above that Plugin Firewall AutoPilot Mode successfully created these Plugin Firewall whitelist rules. Maybe you have an invalid whitelist rule in the Plugins Script|File Whitelist Text Area box? Post all of your Plugin Firewall whitelist rules that you see in the Plugins Script|File Whitelist Text Area box.

    Also upgrade to BPS Pro 12.5 if you do not have BPS Pro 12.5 installed.  Additional Plugin Firewall code was created to handle coding mistakes in other plugins that end up breaking the Plugin Firewall due to invalid whitelist rules being created with any other plugin’s coding mistakes.  Also to confirm that the Plugin Firewall is causing the problem do BPS Pro troubleshooting step #3:  https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting  Note:  Once you upgrade to BPS Pro 12.5, the new Plugin Firewall compensation code and filters should automatically fix and create only new valid Plugin Firewall whitelist rules even if there are coding mistakes in other plugins that you have installed.

    [Plugin Firewall AutoPilot Mode New Whitelist Rule(s) Created: December 8, 2016 - 7:16 pm]
    Whitelist Rule: /bb-plugin/js/jquery.waypoints.min.js
    Whitelist Rule: /easy-digital-downloads/assets/js/edd-ajax.min.js
    Whitelist Rule: /bb-plugin/js/jquery.fitvids.js
    Whitelist Rule: /bb-plugin/js/jquery.bxslider.min.js
    Whitelist Rule: /bb-plugin/js/jquery.wookmark.min.js
    Whitelist Rule: /bb-plugin/js/jquery.mosaicflow.min.js
    Whitelist Rule: /bb-plugin/js/jquery.magnificpopup.min.js
    Whitelist Rule: /media-grid/js/frontend.js
    Whitelist Rule: /auto-hide-admin-bar/js/jquery.hoverIntent.minified.js
    Whitelist Rule: /auto-hide-admin-bar/js/ahab.js
    Whitelist Rule: /media-grid/js/mediaelement/mediaelement-and-player.min.js
    #31897

    Phil
    Participant

    Do I have to update all of my sites to 12.5 manually? It’s not showing up as an update in the WP backend.

    (From now on I’ll create new forum topics for each site because I have different BPS issues with every one of my sites and I’ve made it confusing by combining a couple of them here.)

    #31898

    AITpro Admin
    Keymaster

    If you are not seeing the BPS Pro version upgrade on the Plugins page then try doing these things:  https://forum.ait-pro.com/forums/topic/wp-mu-plugin-update/#post-22887 to see if you can figure out what is causing the problem.  Forum Topics are grouped by plugin name or error message or other related things.  So do a forum search to see if the problem and solution already exists.

    #32715

    AITpro Admin
    Keymaster

    UPDATE:  3-14-2017:  Beaver Builder js scripts are being handled/cached in a way that the standard UAEG folder whitelisting method for the /bb-plugin/ folder will no longer work. The alternative UAEG whitelisting method below needs to be used instead.

    Just a reference point/note (see the steps below):  /wp-content/uploads/bb-plugin/cache/7172-layout.js?ver=a1d3869e9df6cdc4be634d507ec278e6

    To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
    1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box.
    2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box.  See required edit below.
    3. Click the Save UAEG Custom Code button to save your UAEG custom code.
    4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.

    Step #2 edit that needs to be made:  Delete js| from the UAEG FilesMatch code as shown in the code below.

    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
    ....
    ....
    ....
    </FilesMatch>
    #33772

    rafaelmagic
    Participant

    This works on my Apache install for Beaver Builder and BPS Pro.

    Currently Beaver is installing files in the “Uploads” folder.

    # Beaver Beaver Fix- FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    <FilesMatch "\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$">
    
    <IfModule mod_authz_core.c>
    Require env whitelist
    SetEnvIf Request_URI "bb-plugin/.*$" whitelist
    Require all denied
    </IfModule>
    
    <IfModule !mod_authz_core.c>
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    #Allow from env=whitelist
    Deny from all
    </IfModule>
    </IfModule>
    </FilesMatch>

    To edit/customize your Uploads Anti-Exploit Guard (UAEG) .htaccess file go to the B-Core > htaccess File Editor tab page > “Your Current Uploads htaccess File” tab and do the steps below.
    1. Copy and paste your entire Uploads .htaccess file code from the “Your Current Uploads htaccess File” tab on the htaccess File Editor page into the CUSTOM CODE UAEG text box.
    2. Edit/modify/customize your UAEG htaccess code in the CUSTOM CODE UAEG text box.
    3. Click the Save UAEG Custom Code button to save your UAEG custom code.
    4. Go to the Security Modes page and click the UAEG BulletProof Mode Activate button.

    #34540

    Terry Chadban
    Participant

    [Topic merged into this relevant Topic]

    Hi all,

    Given the popularity of page builders like Beaver Builder, Elementor, etc, I would have thought that BPS Pro would be able to play nice with them by now, but it seems not!

    [403 GET Request: November 12, 2017 - 1:06 pm]
    BPS Pro: 13.3.3
    WP: 4.8.3
    Event Code: UAEGWR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 27.96.200.58
    Host Name: 27.96.200.58
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: https://mybizaus.com/?page_id=46&fl_builder
    REQUEST_URI: /wp-content/uploads/bb-plugin/cache/46-layout-draft.js
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
    
    [403 POST Request: November 12, 2017 - 1:06 pm]
    BPS Pro: 13.3.3
    WP: 4.8.3
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 27.96.200.58
    Host Name: 27-96-200-58-cpe.spintel.net.au
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: POST
    HTTP_REFERER: https://mybizaus.com/?page_id=46&fl_builder
    REQUEST_URI: /?page_id=46&fl_builder
    QUERY_STRING: page_id=46&fl_builder
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
    REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data

    The problem seems to be that BB uses the Uploads folder to work its magic, which I realize is bad practice, but it is what it is.

    I have tried whitelisting the folder in the Uploads folder .htaccess file, but BPS Pro knows more than I do and it keeps deleting the whitelist rule! It is also flagging my IP address as a hacker even though the IP address is also whitelisted. Any suggestions?

    Terry

Viewing 15 posts - 1 through 15 (of 22 total)

You must be logged in to reply to this topic.