BPS Pro blocking external folder application – phpMyAdmin

Home Forums BulletProof Security Pro BPS Pro blocking external folder application – phpMyAdmin

This topic contains 4 replies, has 2 voices, and was last updated by  bbmedia 1 month, 2 weeks ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #37604

    bbmedia
    Participant

    I am getting the following errors from the firewall when trying to use the phpmyadmin installation for a site.
    I have tried a number of things but nothing seems to work. My IP below is whitelisted.

    [403 GET Request: June 28, 2019 - 1:38 pm]
    BPS Pro: 13.9
    WP: 5.2.2
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 103.93.70.143
    Host Name: 103.93.70.143
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 103.93.70.143
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /phpmyadmin/sql.php?db=uhexdnatnk&table=wp351_batch_result&pos=0&ajax_request=true&ajax_page_request=true&_nocache=1561693084980229657&token=%26T%26%24oRuLJ9%5B(%25WL%3D
    QUERY_STRING: db=uhexdnatnk&table=wp351_batch_result&pos=0&ajax_request=true&ajax_page_request=true&_nocache=1561693084980229657&token=%26T%26%24oRuLJ9%5B(%25WL%3D
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15

    any ideas why BPS Pro is blocking an external application (phpMyAdmin) and how I can stop it doing so?

    #37605

    AITpro Admin
    Keymaster

    What is being blocked is the parenthesis/round bracket code character in the Query String:  (%25WL%3D.

    You can either allow parentheses/round bracket code characters in Query Strings by doing the solution in this forum topic:  https://forum.ait-pro.com/forums/topic/mailchimp-tracking-code-causing-403/#post-13778

    Or you can create a RewriteRule bypass rule for the /phpmyadmin/ folder by doing the solution in this forum topic:  https://forum.ait-pro.com/forums/topic/custom-applications-outside-of-wordpress-3rd-party-apps/

    Additional Reference Forum Topic:  https://forum.ait-pro.com/forums/topic/htaccess-files-for-multiple-website-domains/

    #37614

    bbmedia
    Participant

    Thanks I don’t think that as the issue though, because
    The first link I click is the database name and that link is this:

    https://thewhiskyclub.com.au/phpmyadmin/db_structure.php?server=1&db=uhexdnatnk

    and this is the first error.

    [403 GET Request: July 2, 2019 - 6:23 pm]
    BPS Pro: 13.9
    WP: 5.2.2
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 103.93.70.143
    Host Name: 103.93.70.143
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 103.93.70.143
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /phpmyadmin/db_structure.php?server=1&db=uhexdnatnk&ajax_request=true&ajax_page_request=true&_nocache=1562055800969620559&token=GLj8Y%3Cm-P%5Bg%40%3FlI%27
    QUERY_STRING: server=1&db=uhexdnatnk&ajax_request=true&ajax_page_request=true&_nocache=1562055800969620559&token=GLj8Y%3Cm-P%5Bg%40%3FlI%27
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:67.0) Gecko/20100101 Firefox/67.0

    Sometime it goes through and everything works correctly. If I then close the tab and shortly thereafter (minutes or even hours)  open a new one and try again, 100% it will block me. Good example is the attempt and error code below.

    Once blocked, nothing I do allows me in. as BPS blocks everything on in this app.  But if I leave it for long enough (like the next day)  it no longer blocks me.

    Anyway I have used the rewrite loop code to ignore the  ^phpmyadmin/ folder  and that works fine.

    cheers

    Garth

    #37615

    AITpro Admin
    Keymaster

    I tested the Query String you posted in your first forum post and got a 403 error on my testing server because of the round bracket/parenthesis code character in the Query String.  What is being blocked in the second Security Log entry that you posted is the %27 url encoded value for the single quote code character – ‘.  My guess would be that several things in the random token string that is being generated are blocked by BPS root htaccess file security rules.  So the best method to use to allow any/all dangerous code characters used/created in the token string Query String by your phpMyAdmin 3rd party application would be the RewriteRule bypass rule for the /phpmyadmin/ folder method, which is what you are using.  So that should take care of the issue permanently.

    Or you can create a RewriteRule bypass rule for the /phpmyadmin/ folder by doing the solution in this forum topic:  https://forum.ait-pro.com/forums/topic/custom-applications-outside-of-wordpress-3rd-party-apps/

    #37623

    bbmedia
    Participant

    Yes, thanks, I created the RewriteRule bypass rule for the folder. Just what I needed.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.