Home › Forums › BulletProof Security Pro › Beaver Builder – 403 error – UAEG blocking js scripts
Tagged: 403 error, Beaver Builder, UAEG, Uploads Anti-Exploit Guard
- This topic has 21 replies, 4 voices, and was last updated 7 years ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
Terry Chadban – The older fix in this forum topic may still actually work, but if not use the newer fix listed in this topic.
Terry ChadbanParticipantI have already tried the ‘solutions’ under https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ with no success. Either ARQ or UAEG is overwriting the whitelisted folder I added. I have isolated the problem to the Root Folder because when I deactivated the Root Folder Bulletproof Mode Beaver Builder started working.
The only custom code now in Root Folder is the TimThumb and BPS Query Strings code which is added by default, I have removed all the code I added, which was the same custom code which you present as bonus scripts, the Brute Force and Bottom Hotlinking codes which I have added to every other website with no problems.
But as soon as I re-activate Root Folder Bulletproof Mode, Beaver Builder hangs and the same alerts come back. I need Beaver Builder to work on this website so it is BPS Pro that will be going if I can’t get them working together, but obviously I would prefer to keep BPS Pro rather than go back to iThemes Security or Wordfence if possible.
Terry
AITpro AdminKeymasterTerry Chadban – The problem is being caused by the BPS POST Attack Protection Bonus Custom Code. Most likely this whitelist rule would work:
page_id=(.*)_builder
. Important Notes: Your BPS POST Attack Protection Bonus Custom Code should be added to this BPS Custom Code text box: 8. CUSTOM CODE WP REWRITE LOOP START and you would need to include your standard BPS WP REWRITE LOOP START. So the end block of code(s) would look something like this example code below.# WP REWRITE LOOP START RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # BPS POST Request Attack Protection RewriteCond %{REQUEST_METHOD} POST [NC] ... ... ... # Query String Whitelist rule for Beaver Builder RewriteCond %{REQUEST_URI} !^.*page_id=(.*)_builder(.*) [NC] RewriteRule ^(.*)$ - [F]
Terry ChadbanParticipantI have applied the following rules in 8. Custom Code WP Rewrite Loop Start:
# WP REWRITE LOOP START RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # BPS POST Request Attack Protection RewriteCond %{REQUEST_METHOD} POST [NC] # Query String Whitelist rule for Beaver Builder RewriteCond %{REQUEST_URI} !^.*page_id=(.*)_builder(.*) [NC] RewriteRule ^(.*)$ - [F]
reactivated Bulletproof Mode and even did a complete new Setup, and still getting the following alerts:
BPS PRO SECURITY LOG ===================== ===================== [403 GET Request: November 13, 2017 - 1:24 pm] BPS Pro: 13.3.3 WP: 4.8.3 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 50.28.105.92 Host Name: peter.uswebhost.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: POST HTTP_REFERER: https://mybizaus.com/wp-cron.php?doing_wp_cron=1510539845.4635488986968994140625 REQUEST_URI: /wp-cron.php?doing_wp_cron=1510539845.4635488986968994140625 QUERY_STRING: doing_wp_cron=1510539845.4635488986968994140625 HTTP_USER_AGENT: WordPress/4.8.3; https://mybizaus.com [403 GET Request: November 13, 2017 - 1:24 pm] BPS Pro: 13.3.3 WP: 4.8.3 Event Code: UAEGWR-HPRA Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ REMOTE_ADDR: 27.96.200.58 Host Name: 27-96-200-58-cpe.spintel.net.au SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://mybizaus.com/?page_id=46&fl_builder REQUEST_URI: /wp-content/uploads/bb-plugin/cache/46-layout-draft.js QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 [403 POST Request: November 13, 2017 - 1:24 pm] BPS Pro: 13.3.3 WP: 4.8.3 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 27.96.200.58 Host Name: 27-96-200-58-cpe.spintel.net.au SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: POST HTTP_REFERER: https://mybizaus.com/?page_id=46&fl_builder REQUEST_URI: /?page_id=46&fl_builder QUERY_STRING: page_id=46&fl_builder HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data [403 GET Request: November 13, 2017 - 1:25 pm] BPS Pro: 13.3.3 WP: 4.8.3 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 50.28.105.92 Host Name: peter.uswebhost.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: POST HTTP_REFERER: https://mybizaus.com/wp-cron.php?doing_wp_cron=1510539907.8256819248199462890625 REQUEST_URI: /wp-cron.php?doing_wp_cron=1510539907.8256819248199462890625 QUERY_STRING: doing_wp_cron=1510539907.8256819248199462890625 HTTP_USER_AGENT: WordPress/4.8.3; https://mybizaus.com
The IP addresses are mine, and the domain’s. Do I need to include the full WP Rewrite Loop, or just the Loop Start as you said above and which I did?
Terry
AITpro AdminKeymasterTerry Chadban – Try removing (cut and paste somewhere – Notepad, Notepad++, etc) the POST Attack Protection Bonus Custom Code just to make sure that is what is causing the problem. Resave your Custom Code changes and activate Root BulletProof Mode again. Let me know if that temporarily works and then we can work from there.
Terry ChadbanParticipantThis morning when I tried to log in to wp-admin I got a ‘403 Forbidden’ error from BPS Pro, obviously I have been flagged as a hacker even though my IP address was supposedly whitelisted! So I spat the dummy and deleted and re-installed BPS Pro and ran the Setup Wizard again.
This time I got this code installed in 8. Custom Code:
# WP REWRITE LOOP START RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # BPS POST Request Attack Protection RewriteCond %{REQUEST_METHOD} POST [NC] # Query String Whitelist rule for Beaver Builder RewriteCond %{REQUEST_URI} !^.*page_id=(.*)_builder(.*) [NC] RewriteRule ^(.*)$ - [F]
which has improved things a bit, in that the BB page will load, but options are still hanging and IPs getting blocked. Here is what I currently have in UAEG Custom Code:
# BULLETPROOF PRO UPLOADS FOLDER .HTACCESS # # BPS LiteSpeed mod_rewrite # # BEGIN WHITELIST # Examples of whitelisting are commented out below. To create whitelist rules you would delete the # sign in front # of the whitelist rule you want to use and add the actual filename or folder name you want to whitelist. # Whitelist a specific js file in the uploads folder: example.js #RewriteRule ^example.js$ - [L] # Whitelist an entire folder in the uploads folder: /uploads/example-folder/ #RewriteRule ^example-folder/.*$ - [L] RewriteRule ^/wp-content/uploads/bb-plugin/cache/7172-layout.js?ver=a1d3869e9df6cdc4be634d507ec278e6/.*$ - [L] # END WHITELIST # # FORBID THESE FILE EXTENSIONS FROM BEING ACCESSED OR EXECUTED REMOTELY RewriteCond %{REQUEST_URI} ^.*\.(7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z)$ [NC] RewriteRule ^(.*)$ - [F] # FORBID PHP FILES DISGUISED AS AN IMAGE FILE - example.php.jpg - example.PHP.jpg <FilesMatch "\.(php|PHP|\.+(php)|\.+(PHP)).*$"> Order Allow,Deny Deny from all </FilesMatch> Terry
AITpro AdminKeymasterTerry Chadban – At this point send me an Admin login to this site so we can get this problem resolved: info at ait-pro dot com.
-
AuthorPosts
- You must be logged in to reply to this topic.