bps-arq-ajax.js issue

Home Forums BulletProof Security Pro bps-arq-ajax.js issue

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #34738
    Qtwix
    Participant

    Hi,

    For many months I get errors in the security log like these:

    
    [403 GET Request: 7. Dezember 2017 - 6:01]
    BPS Pro: 13.4
    WP: 4.9.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 89.206.112.207
    Host Name: vpn-89-206-112-207.uzh.ch
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://fclandquart.ch/wp-admin/
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4
    QUERY_STRING: ver=13.4
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
    
    [403 GET Request: 7. Dezember 2017 - 6:01]
    BPS Pro: 13.4
    WP: 4.9.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 89.206.112.207
    Host Name: vpn-89-206-112-207.uzh.ch
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://fclandquart.ch/wp-admin/
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4
    QUERY_STRING: ver=13.4
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
    
    [403 GET Request: 7. Dezember 2017 - 6:01]
    BPS Pro: 13.4
    WP: 4.9.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 89.206.112.207
    Host Name: vpn-89-206-112-207.uzh.ch
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://fclandquart.ch/wp-admin/edit.php?post_type=page
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4
    QUERY_STRING: ver=13.4
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
    
    [403 GET Request: 7. Dezember 2017 - 6:01]
    BPS Pro: 13.4
    WP: 4.9.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 89.206.112.207
    Host Name: vpn-89-206-112-207.uzh.ch
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://fclandquart.ch/wp-admin/post.php?post=24&action=edit
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4
    QUERY_STRING: ver=13.4
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
    
    [403 GET Request: 7. Dezember 2017 - 6:02]
    BPS Pro: 13.4
    WP: 4.9.1
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 89.206.112.207
    Host Name: vpn-89-206-112-207.uzh.ch
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://fclandquart.ch/wp-admin/profile.php
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4
    QUERY_STRING: ver=13.4
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
    
    

    I already excluded the issue to be caused by:
    -> deactivating ModSec
    -> deactivating also any other plugin except of BPS Pro itself.

    In addition, I figured out that:
    -> The errors are only caused only if an editor logs in and edits a page from another ip then I use myself as an admin, which is the ip constantly changed as “public ip” in the .htaccess in the plugins folder.
    -> It also only happens, if the plugin firewall is activated. As soon as I deactivate the PFW, the issue does not appear anymore.

    Any idea about what could cause this issue?

    Thanks!

    #34747
    AITpro Admin
    Keymaster

    Sorry for the late reply.  We had some wild fires in our area.  Fortunately we were extremely lucky.  Stressful stuff.  Try clearing/resetting the Plugin Firewall by doing these steps > Troubleshooting: Reset|Clear The Plugin Firewall (fixes most if not all Plugin Firewall issues/problems) > https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/. Let me know if that works or not.

    #34777
    Qtwix
    Participant

    I followed the reset/clear steps but the issue is still present. While resetting however, there were some issues which I don’t know why they happend:

    • The BPS Pro layout was broken in Test mode with empty whitelist rules, so I switched to Activate using AutoPilot 1′ where the layout was correct.
    • Something which I already experienced before is, that some whitelist rules were created automatically, but some others where not. E.g. there were no js whitelist rules created for the layerslider also after several minutes after clearing/resetting. As I have experienced this before, I had already created a bunch of regex-rules using “plugin/(.*).js”. After some time without the rules being automatically created by the AutoPilot, I’ve copied all the rules back in, as the site is productive.
    • After copying the regex-rules back in, actually I wouldn’t expect any more rules to be crated, as nothing should get blocked anymore. But still there were some rules created, even if the according scripts were already whitelisted by a bluk-regex rule. E.g. I have a rule “/wordfence/js/(.*).js” but in addition, rules like /wordfence/js/wfpopover.js, /wordfence/js/wfdashboard.js, /wordfence/js/admin.ajaxWatcher.js were created from the AutoPilot, which I didn’t expect.

    Any suggestions would be very appreciated…

    #35154
    AITpro Admin
    Keymaster

    Ok for now keep the Plugin Firewall dectivated/turned off.  You can also check the main Plugn forum topic here for other possible known issues/problems > https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.