BPS and WP-Spamshield plugin conflict caused 403 error

Home Forums BulletProof Security Free BPS and WP-Spamshield plugin conflict caused 403 error

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • May 4, 2017 at 2:11 pm #33131
    Paul Barrett
    Participant

    I had a problem with 403 page errors in an application.  BPS logs showed some active blocking. I also use the WP-SpamShield plugin.  Deactivating that plugin stopped the errors from occurring.

    Does BPS duplicate the functionality of WP-SpamShield.  If so I can safelt leave SpamShield deactivated.  If not please could you whitelist the plugin for me?

    Here are the entries from the security logs:

    [403 GET Request: 04 May 2017 - 18:12]
BPS: 1.1
WP: 4.7.4
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 86.145.193.102
Host Name: host86-145-193-102.range86-145.btcentralplus.com
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 86.145.193.102
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://ourfamilyhistory.club/genealogy/admin_editplace.php?ID=3195
REQUEST_URI: /genealogy/admin_places.php?message=Changes+to+place+St.+Mary+%26+St+Luke+Church%2C+St+Mary%5C%27s+Close%2C+Wolverhampton%2C+Stafford%2C+England+were+successfully+saved.
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36

[403 GET Request: 04 May 2017 - 18:26]
BPS: 1.1
WP: 4.7.4
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 86.145.193.102
Host Name: host86-145-193-102.range86-145.btcentralplus.com
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 86.145.193.102
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://ourfamilyhistory.club/genealogy/admin_editplace.php?ID=3133
REQUEST_URI: /genealogy/admin_places.php?message=Changes+to+place+St.Ebbe%5C%27s%2C+Roger+Bacon+Lane%2C+Oxford%2C+Oxfordshire%2C+England+were+successfully+saved.
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36

[403 GET Request: 04 May 2017 - 18:30]
BPS: 1.1
WP: 4.7.4
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 86.145.193.102
Host Name: host86-145-193-102.range86-145.btcentralplus.com>
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 86.145.193.102
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://ourfamilyhistory.club/genealogy/admin_editplace.php?ID=3200
REQUEST_URI: /genealogy/admin_places.php?message=Changes+to+place+St.Michael%5C%27s+and+All+Angels%5C%27+Church%2C+12+Park+Road%2C+Abingdon%2C+Berkshire%2C+England+were+successfully+saved.
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36

    Hope I have provided all teh information you need and that you can help me out.
    Regards

    Paul Barrett

    May 5, 2017 at 3:11 am #33135
    AITpro Admin
    Keymaster

    @ Paul Barret – The solution for these 403 errors is here:  https://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939  Note the the apstrophe/single quote character is the most dangerous coding characters to use in Query Strings.  Other BPS Query String Exploits security rules will still prevent an SQL Injection attack against your website even when using the solution in the link I posted above.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.