BPS and WP-Spamshield plugin conflict caused 403 error

Home Forums BulletProof Security Free BPS and WP-Spamshield plugin conflict caused 403 error

This topic contains 1 reply, has 2 voices, and was last updated by  AITpro Admin 1 year, 2 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #33131

    Paul Barrett
    Participant

    I had a problem with 403 page errors in an application.  BPS logs showed some active blocking. I also use the WP-SpamShield plugin.  Deactivating that plugin stopped the errors from occurring.

    Does BPS duplicate the functionality of WP-SpamShield.  If so I can safelt leave SpamShield deactivated.  If not please could you whitelist the plugin for me?

    Here are the entries from the security logs:

    [403 GET Request: 04 May 2017 - 18:12]
    BPS: 1.1
    WP: 4.7.4
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 86.145.193.102
    Host Name: host86-145-193-102.range86-145.btcentralplus.com
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 86.145.193.102
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://ourfamilyhistory.club/genealogy/admin_editplace.php?ID=3195
    REQUEST_URI: /genealogy/admin_places.php?message=Changes+to+place+St.+Mary+%26+St+Luke+Church%2C+St+Mary%5C%27s+Close%2C+Wolverhampton%2C+Stafford%2C+England+were+successfully+saved.
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36
    
    [403 GET Request: 04 May 2017 - 18:26]
    BPS: 1.1
    WP: 4.7.4
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 86.145.193.102
    Host Name: host86-145-193-102.range86-145.btcentralplus.com
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 86.145.193.102
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://ourfamilyhistory.club/genealogy/admin_editplace.php?ID=3133
    REQUEST_URI: /genealogy/admin_places.php?message=Changes+to+place+St.Ebbe%5C%27s%2C+Roger+Bacon+Lane%2C+Oxford%2C+Oxfordshire%2C+England+were+successfully+saved.
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36
    
    [403 GET Request: 04 May 2017 - 18:30]
    BPS: 1.1
    WP: 4.7.4
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 86.145.193.102
    Host Name: host86-145-193-102.range86-145.btcentralplus.com>
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 86.145.193.102
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://ourfamilyhistory.club/genealogy/admin_editplace.php?ID=3200
    REQUEST_URI: /genealogy/admin_places.php?message=Changes+to+place+St.Michael%5C%27s+and+All+Angels%5C%27+Church%2C+12+Park+Road%2C+Abingdon%2C+Berkshire%2C+England+were+successfully+saved.
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36

    Hope I have provided all teh information you need and that you can help me out.
    Regards

    Paul Barrett

    #33135

    AITpro Admin
    Keymaster

    @ Paul Barret – The solution for these 403 errors is here:  https://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939  Note the the apstrophe/single quote character is the most dangerous coding characters to use in Query Strings.  Other BPS Query String Exploits security rules will still prevent an SQL Injection attack against your website even when using the solution in the link I posted above.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.