bps-arq-ajax.js issue

[Qtwix]

Hi,

For many months I get errors in the security log like these:

[403 GET Request: 7. Dezember 2017 - 6:01]
BPS Pro: 13.4
WP: 4.9.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 89.206.112.207
Host Name: vpn-89-206-112-207.uzh.ch
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://fclandquart.ch/wp-admin/
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4
QUERY_STRING: ver=13.4
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

[403 GET Request: 7. Dezember 2017 - 6:01]
BPS Pro: 13.4
WP: 4.9.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 89.206.112.207
Host Name: vpn-89-206-112-207.uzh.ch
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://fclandquart.ch/wp-admin/
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4
QUERY_STRING: ver=13.4
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

[403 GET Request: 7. Dezember 2017 - 6:01]
BPS Pro: 13.4
WP: 4.9.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 89.206.112.207
Host Name: vpn-89-206-112-207.uzh.ch
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://fclandquart.ch/wp-admin/edit.php?post_type=page
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4
QUERY_STRING: ver=13.4
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

[403 GET Request: 7. Dezember 2017 - 6:01]
BPS Pro: 13.4
WP: 4.9.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 89.206.112.207
Host Name: vpn-89-206-112-207.uzh.ch
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://fclandquart.ch/wp-admin/post.php?post=24&action=edit
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4
QUERY_STRING: ver=13.4
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

[403 GET Request: 7. Dezember 2017 - 6:02]
BPS Pro: 13.4
WP: 4.9.1
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 89.206.112.207
Host Name: vpn-89-206-112-207.uzh.ch
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://fclandquart.ch/wp-admin/profile.php
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.4
QUERY_STRING: ver=13.4
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

I already excluded the issue to be caused by:
-> deactivating ModSec
-> deactivating also any other plugin except of BPS Pro itself.

In addition, I figured out that:
-> The errors are only caused only if an editor logs in and edits a page from another ip then I use myself as an admin, which is the ip constantly changed as “public ip” in the .htaccess in the plugins folder.
-> It also only happens, if the plugin firewall is activated. As soon as I deactivate the PFW, the issue does not appear anymore.

Any idea about what could cause this issue?

Thanks!

[AITpro Admin]

Sorry for the late reply.  We had some wild fires in our area.  Fortunately we were extremely lucky.  Stressful stuff.  Try clearing/resetting the Plugin Firewall by doing these steps > Troubleshooting: Reset|Clear The Plugin Firewall (fixes most if not all Plugin Firewall issues/problems) > https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/. Let me know if that works or not.

[Qtwix]

I followed the reset/clear steps but the issue is still present. While resetting however, there were some issues which I don’t know why they happend:

• The BPS Pro layout was broken in Test mode with empty whitelist rules, so I switched to Activate using AutoPilot 1′ where the layout was correct.
• Something which I already experienced before is, that some whitelist rules were created automatically, but some others where not. E.g. there were no js whitelist rules created for the layerslider also after several minutes after clearing/resetting. As I have experienced this before, I had already created a bunch of regex-rules using “plugin/(.*).js”. After some time without the rules being automatically created by the AutoPilot, I’ve copied all the rules back in, as the site is productive.
• After copying the regex-rules back in, actually I wouldn’t expect any more rules to be crated, as nothing should get blocked anymore. But still there were some rules created, even if the according scripts were already whitelisted by a bluk-regex rule. E.g. I have a rule “/wordfence/js/(.*).js” but in addition, rules like /wordfence/js/wfpopover.js, /wordfence/js/wfdashboard.js, /wordfence/js/admin.ajaxWatcher.js were created from the AutoPilot, which I didn’t expect.

Any suggestions would be very appreciated…

[AITpro Admin]

Ok for now keep the Plugin Firewall dectivated/turned off.  You can also check the main Plugn forum topic here for other possible known issues/problems > https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

[Author]

Posts