Beaver Builder – 403 error – UAEG blocking js scripts

Home Forums BulletProof Security Pro Beaver Builder – 403 error – UAEG blocking js scripts

Viewing 7 posts - 16 through 22 (of 22 total)
  • Author
    Posts
  • #34542
    AITpro Admin
    Keymaster

    Terry Chadban – The older fix in this forum topic may still actually work, but if not use the newer fix listed in this topic.

    #34543
    Terry Chadban
    Participant

    I have already tried the ‘solutions’ under https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ with no success. Either ARQ or UAEG is overwriting the whitelisted folder I added. I have isolated the problem to the Root Folder because when I deactivated the Root Folder Bulletproof Mode Beaver Builder started working.

    The only custom code now in Root Folder is the TimThumb and BPS Query Strings code which is added by default, I have removed all the code I added, which was the same custom code which you present as bonus scripts, the Brute Force and Bottom Hotlinking codes which I have added to every other website with no problems.

    But as soon as I re-activate Root Folder Bulletproof Mode, Beaver Builder hangs and the same alerts come back. I need Beaver Builder to work on this website so it is BPS Pro that will be going if I can’t get them working together, but obviously I would prefer to keep BPS Pro rather than go back to iThemes Security or Wordfence if possible.

    Terry

    #34545
    AITpro Admin
    Keymaster

    Terry Chadban – The problem is being caused by the BPS POST Attack Protection Bonus Custom Code.  Most likely this whitelist rule would work: page_id=(.*)_builder. Important Notes: Your BPS POST Attack Protection Bonus Custom Code should be added to this BPS Custom Code text box: 8. CUSTOM CODE WP REWRITE LOOP START and you would need to include your standard BPS WP REWRITE LOOP START. So the end block of code(s) would look something like this example code below.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # BPS POST Request Attack Protection
    RewriteCond %{REQUEST_METHOD} POST [NC]
    ...
    ...
    ...
    # Query String Whitelist rule for Beaver Builder
    RewriteCond %{REQUEST_URI} !^.*page_id=(.*)_builder(.*) [NC]
    RewriteRule ^(.*)$ - [F]
    #34546
    Terry Chadban
    Participant

    I have applied the following rules in 8. Custom Code WP Rewrite Loop Start:

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    # BPS POST Request Attack Protection
    RewriteCond %{REQUEST_METHOD} POST [NC]
    # Query String Whitelist rule for Beaver Builder
    RewriteCond %{REQUEST_URI} !^.*page_id=(.*)_builder(.*) [NC]
    RewriteRule ^(.*)$ - [F]
    

    reactivated Bulletproof Mode and even did a complete new Setup, and still getting the following alerts:

    BPS PRO SECURITY LOG
    =====================
    =====================
    
    
    [403 GET Request: November 13, 2017 - 1:24 pm]
    BPS Pro: 13.3.3
    WP: 4.8.3
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 50.28.105.92
    Host Name: peter.uswebhost.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: POST
    HTTP_REFERER: https://mybizaus.com/wp-cron.php?doing_wp_cron=1510539845.4635488986968994140625
    REQUEST_URI: /wp-cron.php?doing_wp_cron=1510539845.4635488986968994140625
    QUERY_STRING: doing_wp_cron=1510539845.4635488986968994140625
    HTTP_USER_AGENT: WordPress/4.8.3; https://mybizaus.com
    
    [403 GET Request: November 13, 2017 - 1:24 pm]
    BPS Pro: 13.3.3
    WP: 4.8.3
    Event Code: UAEGWR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 27.96.200.58
    Host Name: 27-96-200-58-cpe.spintel.net.au
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: https://mybizaus.com/?page_id=46&fl_builder
    REQUEST_URI: /wp-content/uploads/bb-plugin/cache/46-layout-draft.js
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
    
    [403 POST Request: November 13, 2017 - 1:24 pm]
    BPS Pro: 13.3.3
    WP: 4.8.3
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 27.96.200.58
    Host Name: 27-96-200-58-cpe.spintel.net.au
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: POST
    HTTP_REFERER: https://mybizaus.com/?page_id=46&fl_builder
    REQUEST_URI: /?page_id=46&fl_builder
    QUERY_STRING: page_id=46&fl_builder
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
    REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data
    
    [403 GET Request: November 13, 2017 - 1:25 pm]
    BPS Pro: 13.3.3
    WP: 4.8.3
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 50.28.105.92
    Host Name: peter.uswebhost.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: POST
    HTTP_REFERER: https://mybizaus.com/wp-cron.php?doing_wp_cron=1510539907.8256819248199462890625
    REQUEST_URI: /wp-cron.php?doing_wp_cron=1510539907.8256819248199462890625
    QUERY_STRING: doing_wp_cron=1510539907.8256819248199462890625
    HTTP_USER_AGENT: WordPress/4.8.3; https://mybizaus.com
    

    The IP addresses are mine, and the domain’s. Do I need to include the full WP Rewrite Loop, or just the Loop Start as you said above and which I did?

    Terry

     

    #34552
    AITpro Admin
    Keymaster

    Terry Chadban – Try removing (cut and paste somewhere – Notepad, Notepad++, etc) the POST Attack Protection Bonus Custom Code just to make sure that is what is causing the problem.  Resave your Custom Code changes and activate Root BulletProof Mode again. Let me know if that temporarily works and then we can work from there.

    #34560
    Terry Chadban
    Participant

    This morning when I tried to log in to wp-admin I got a ‘403 Forbidden’ error from BPS Pro, obviously I have been flagged as a hacker even though my IP address was supposedly whitelisted! So I spat the dummy and deleted and re-installed BPS Pro and ran the Setup Wizard again.

    This time I got this code installed in 8. Custom Code:

     

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    # BPS POST Request Attack Protection
    RewriteCond %{REQUEST_METHOD} POST [NC]
    # Query String Whitelist rule for Beaver Builder
    RewriteCond %{REQUEST_URI} !^.*page_id=(.*)_builder(.*) [NC]
    RewriteRule ^(.*)$ - [F]
    
    

    which has improved things a bit, in that the BB page will load, but options are still hanging and IPs getting blocked. Here is what I currently have in UAEG Custom Code:

    
    # BULLETPROOF PRO UPLOADS FOLDER .HTACCESS
    #
    # BPS LiteSpeed mod_rewrite
    #
    # BEGIN WHITELIST
    # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front
    # of the whitelist rule you want to use and add the actual filename or folder name you want to whitelist.
    # Whitelist a specific js file in the uploads folder: example.js
    #RewriteRule ^example.js$ - [L]
    # Whitelist an entire folder in the uploads folder: /uploads/example-folder/
    #RewriteRule ^example-folder/.*$ - [L]
    RewriteRule ^/wp-content/uploads/bb-plugin/cache/7172-layout.js?ver=a1d3869e9df6cdc4be634d507ec278e6/.*$ - [L]
    # END WHITELIST
    #
    # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY
    RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$ [NC]
    RewriteRule ^(.*)$ - [F]
    
    # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg
    <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$">
    Order Allow,Deny
    Deny from all
    </FilesMatch>
    
    Terry
    #34561
    AITpro Admin
    Keymaster

    Terry Chadban – At this point send me an Admin login to this site so we can get this problem resolved:  info at ait-pro dot com.

Viewing 7 posts - 16 through 22 (of 22 total)
  • You must be logged in to reply to this topic.