BPS Pro blocking external folder application – phpMyAdmin

Home Forums BulletProof Security Pro BPS Pro blocking external folder application – phpMyAdmin

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • June 27, 2019 at 8:54 pm #37604
    bbmedia
    Participant

    I am getting the following errors from the firewall when trying to use the phpmyadmin installation for a site.
    I have tried a number of things but nothing seems to work. My IP below is whitelisted.

    [403 GET Request: June 28, 2019 - 1:38 pm]
BPS Pro: 13.9
WP: 5.2.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 103.93.70.143
Host Name: 103.93.70.143
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 103.93.70.143
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /phpmyadmin/sql.php?db=uhexdnatnk&table=wp351_batch_result&pos=0&ajax_request=true&ajax_page_request=true&_nocache=1561693084980229657&token=%26T%26%24oRuLJ9%5B(%25WL%3D
QUERY_STRING: db=uhexdnatnk&table=wp351_batch_result&pos=0&ajax_request=true&ajax_page_request=true&_nocache=1561693084980229657&token=%26T%26%24oRuLJ9%5B(%25WL%3D
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15

    any ideas why BPS Pro is blocking an external application (phpMyAdmin) and how I can stop it doing so?

    June 28, 2019 at 8:25 am #37605
    AITpro Admin
    Keymaster

    What is being blocked is the parenthesis/round bracket code character in the Query String:  (%25WL%3D.

    You can either allow parentheses/round bracket code characters in Query Strings by doing the solution in this forum topic:  https://forum.ait-pro.com/forums/topic/mailchimp-tracking-code-causing-403/#post-13778

    Or you can create a RewriteRule bypass rule for the /phpmyadmin/ folder by doing the solution in this forum topic:  https://forum.ait-pro.com/forums/topic/custom-applications-outside-of-wordpress-3rd-party-apps/

    Additional Reference Forum Topic:  https://forum.ait-pro.com/forums/topic/htaccess-files-for-multiple-website-domains/

    July 2, 2019 at 2:23 am #37614
    bbmedia
    Participant

    Thanks I don’t think that as the issue though, because
    The first link I click is the database name and that link is this:

    https://thewhiskyclub.com.au/phpmyadmin/db_structure.php?server=1&db=uhexdnatnk

    and this is the first error.

    [403 GET Request: July 2, 2019 - 6:23 pm]
BPS Pro: 13.9
WP: 5.2.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 103.93.70.143
Host Name: 103.93.70.143
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 103.93.70.143
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /phpmyadmin/db_structure.php?server=1&db=uhexdnatnk&ajax_request=true&ajax_page_request=true&_nocache=1562055800969620559&token=GLj8Y%3Cm-P%5Bg%40%3FlI%27
QUERY_STRING: server=1&db=uhexdnatnk&ajax_request=true&ajax_page_request=true&_nocache=1562055800969620559&token=GLj8Y%3Cm-P%5Bg%40%3FlI%27
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:67.0) Gecko/20100101 Firefox/67.0

    Sometime it goes through and everything works correctly. If I then close the tab and shortly thereafter (minutes or even hours)  open a new one and try again, 100% it will block me. Good example is the attempt and error code below.

    Once blocked, nothing I do allows me in. as BPS blocks everything on in this app.  But if I leave it for long enough (like the next day)  it no longer blocks me.

    Anyway I have used the rewrite loop code to ignore the  ^phpmyadmin/ folder  and that works fine.

    cheers

    Garth

    July 2, 2019 at 7:52 am #37615
    AITpro Admin
    Keymaster

    I tested the Query String you posted in your first forum post and got a 403 error on my testing server because of the round bracket/parenthesis code character in the Query String.  What is being blocked in the second Security Log entry that you posted is the %27 url encoded value for the single quote code character – ‘.  My guess would be that several things in the random token string that is being generated are blocked by BPS root htaccess file security rules.  So the best method to use to allow any/all dangerous code characters used/created in the token string Query String by your phpMyAdmin 3rd party application would be the RewriteRule bypass rule for the /phpmyadmin/ folder method, which is what you are using.  So that should take care of the issue permanently.

    Or you can create a RewriteRule bypass rule for the /phpmyadmin/ folder by doing the solution in this forum topic:  https://forum.ait-pro.com/forums/topic/custom-applications-outside-of-wordpress-3rd-party-apps/

    July 3, 2019 at 10:42 pm #37623
    bbmedia
    Participant

    Yes, thanks, I created the RewriteRule bypass rule for the folder. Just what I needed.

    March 25, 2024 at 9:48 am #43676
    Emma Snow
    Participant

    [SPAM Comment Allowed – A+ for effort]

    It appears that your firewall is blocking access to phpMyAdmin due to a “Blocked/Forbidden Hacker or Spammer” event triggered by a GET request originating from IP address 103.93.70.143. The request was trying to access the sql.php script within phpMyAdmin with specific query parameters.

    Here are a few steps you can take to troubleshoot and resolve this issue:

    1. **Whitelist the IP Address:** Since your IP address is whitelisted, it shouldn’t be blocked by the firewall. However, double-check to ensure that the IP address being used is indeed the one you’ve whitelisted. Sometimes, IP addresses can change, so it’s worth verifying.

    2. **Check Firewall Rules:** Review your firewall rules to ensure that there are no rules inadvertently blocking access to phpMyAdmin or the specific sql.php script. Look for any rules related to the IP address in question or any generic rules that might be blocking access.

    3. **Review phpMyAdmin Configuration:** Check the configuration of phpMyAdmin itself to ensure that there are no restrictions or settings that might be causing the issue. Look for any IP-based restrictions or settings that could be interfering with access.

    4. **Inspect Logs:** Look for any additional logs or information provided by your firewall or server logs. This might give you more insight into why the request is being blocked and help you identify a solution.

    5. **Update Security Software:** Ensure that your security software, including your firewall and any security plugins for WordPress, is up to date. Sometimes, updates can include bug fixes or improvements that might resolve the issue.

    6. **Contact Support:** If you’re still unable to resolve the issue, consider reaching out to the support team for your firewall or hosting provider for further assistance. They may be able to provide additional insights or help you troubleshoot the issue more effectively.

    By following these steps, you should be able to identify and resolve the issue causing the firewall to block access to phpMyAdmin. For more information now you can visit: https://apkpure.es/

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.