BFHS blocks SOME users (IP's) from validating their Serial Key

Home Forums BulletProof Security Free BFHS blocks SOME users (IP's) from validating their Serial Key

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • November 6, 2017 at 11:51 pm #34492
    Paul Mersel
    Participant

    Hi,

    I have customers validating their serial keys using Woocommerce Serial Key. While at first BPS blocked that process, a whitelist rule was created by yourselves and that fixed the issue.

    Sometimes however customers keep having problems. I found this in the log (xxx’s for privacy):

    
[403 GET Request: 07/11/2017 - 1:01 AM]
BPS: 2.8
WP: 4.8.3
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 162.156.35.xxx
Host Name: d162-156-35-xxx.bchsia.telus.net
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 162.156.35.xxx
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /?wc-api=validate_serial_key&serial=VWUVSA-XXXXX-49PSL2-4UXWAQ-YWHK7D-PTZAFH%20SBB%20CFF%20FFS%20Re%20620%20for%20TS2017%20(v4.0)&sku=2014-ENG-RE66-Platinum-V3.0&uuid=https://www.mersel.nl/
QUERY_STRING: wc-api=validate_serial_key&serial=VWUVSA-XXXXXX-49PSL2-4UXWAQ-YWHK7D-PTZAFH%20SBB%20CFF%20FFS%20Re%20620%20for%20TS2017%20(v4.0)&sku=2014-ENG-RE66-Platinum-V3.0&uuid=https://www.mersel.nl/
HTTP_USER_AGENT: NSIS_Inetc (Mozilla)

    This specific (Canadian) IP is getting blocked (Hacker/Spammer).

    Questions:

    1. Why is this (or some other specific IP) being blocked while 99% of the time there is no problem?
    2. How can I fix this?

    Thank you for your help.

    Paul Mersel

    November 7, 2017 at 7:50 am #34494
    AITpro Admin
    Keymaster

    I see a couple of potential causes for a problem:  SERVER_PROTOCOL: HTTP/1.0 means that outdated Proxy/Load Balancer software is in use or the person with IP address: 162.156.35.xxx is using an old version of Proxy software or this could be a bad bot.  If you are using the HTTP/1.0 Server Protocol Bonus Custom Code here > https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/ it would block that user/request.

    The Query Sting has several whitespaces: %20 = whitspaces. So it is possible that this BPS Root htaccess security rule is blocking that request (unlikely, but still possible): RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.