Home › Forums › BulletProof Security Pro › Image file 403 error, Images 403 error
Tagged: 403 error, image files, load balancer, mining, OpenOffice, proxy, scraping
- This topic has 10 replies, 4 voices, and was last updated 8 years, 4 months ago by
AITpro Admin.
-
AuthorPosts
-
Krzysztof
ParticipantHello,
If I upload a photo BPS is registering things like this:
[403 GET / HEAD Request: 18/06/2014 - 12:52] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 185.5.98.32 Host Name: vz13304.dahost.pl SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/2014/06/southampton-hamburg.jpg QUERY_STRING: HTTP_USER_AGENT: WordPress/3.9.1; https://www.infolotnicze.pl
This very strange. What can I do about it?
AITpro Admin
KeymasterWhen I check the image URL the image is displayed to me without any problems.
https://www.infolotnicze.pl/wp-content/uploads/2014/06/southampton-hamburg.jpgTroubleshooting: Check that your image files are actually displaying fine and you can ignore these 403 errors if they are displaying fine.
Possible causes:
A common known issue when retrieving images/image files is that something else that an image retrieval script is doing is blocked, but image retrieval is working fine. ie images are displayed fine and the only thing that is affected/blocked is whatever additional things are being done in the image retrieval script that may be in a plugin or theme. You would check that your image files are displaying correctly and if they are you can ignore these 403 errors.
The Server Protocol is HTTP/1.0 which usually indicates that an outdated Proxy is being used on your server. The new Server Protocol since 1999 is HTTP/1.1.
Your website/image files are being scraped/mirrored/mined. When image files are being scraped/mirrored/mined the 403 error will show all of your website information in the 403 error. That is just the nature of how scraping/mining/mirroring is done.
Your site’s DNS information indicates a that your site may be using a Proxy or Load Balancer.
Result = Array ( [0] => Array ( [host] => infolotnicze.pl [type] => A [ip] => 185.5.98.32 [class] => IN [ttl] => 3600 ) [1] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns3.home.pl [class] => IN [ttl] => 86400 ) [2] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns2.home.pl [class] => IN [ttl] => 86400 ) [3] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns.home.pl [class] => IN [ttl] => 86400 ) [4] => Array ( [host] => infolotnicze.pl [type] => SOA [mname] => dns.home.pl [rname] => admin.home.pl [serial] => 1367518678 [refresh] => 10800 [retry] => 3600 [expire] => 604800 [minimum-ttl] => 3600 [class] => IN [ttl] => 86400 ) [5] => Array ( [host] => infolotnicze.pl [type] => MX [pri] => 10 [target] => serwer1318169.home.pl [class] => IN [ttl] => 3600 ) ) Auth NS = Array ( [0] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns2.home.pl [class] => IN [ttl] => 86399 ) [1] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns.home.pl [class] => IN [ttl] => 86399 ) [2] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns.home.pl [class] => IN [ttl] => 86399 ) [3] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns2.home.pl [class] => IN [ttl] => 86399 ) [4] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns2.home.pl [class] => IN [ttl] => 86398 ) [5] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns.home.pl [class] => IN [ttl] => 86398 ) [6] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns3.home.pl [class] => IN [ttl] => 86397 ) [7] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns.home.pl [class] => IN [ttl] => 86397 ) [8] => Array ( [host] => infolotnicze.pl [type] => NS [target] => dns2.home.pl [class] => IN [ttl] => 86397 ) ) Additional = Array ( [0] => Array ( [host] => dns2.home.pl [type] => A [ip] => 62.129.252.40 [class] => IN [ttl] => 36819 ) [1] => Array ( [host] => dns.home.pl [type] => A [ip] => 62.129.252.30 [class] => IN [ttl] => 71540 ) [2] => Array ( [host] => dns2.home.pl [type] => A [ip] => 62.129.252.40 [class] => IN [ttl] => 2411 ) [3] => Array ( [host] => dns2.home.pl [type] => A [ip] => 62.129.252.41 [class] => IN [ttl] => 2411 ) [4] => Array ( [host] => dns.home.pl [type] => A [ip] => 62.129.252.30 [class] => IN [ttl] => 59098 ) [5] => Array ( [host] => dns3.home.pl [type] => A [ip] => 95.211.105.225 [class] => IN [ttl] => 54363 ) [6] => Array ( [host] => dns2.home.pl [type] => A [ip] => 62.129.252.40 [class] => IN [ttl] => 36819 ) [7] => Array ( [host] => dns.home.pl [type] => A [ip] => 62.129.252.30 [class] => IN [ttl] => 71540 ) [8] => Array ( [host] => dns2.home.pl [type] => A [ip] => 62.129.252.40 [class] => IN [ttl] => 36818 ) [9] => Array ( [host] => dns.home.pl [type] => A [ip] => 62.129.252.30 [class] => IN [ttl] => 71539 ) [10] => Array ( [host] => dns.home.pl [type] => A [ip] => 62.129.252.30 [class] => IN [ttl] => 71538 ) [11] => Array ( [host] => dns2.home.pl [type] => A [ip] => 62.129.252.40 [class] => IN [ttl] => 36817 ) [12] => Array ( [host] => dns3.home.pl [type] => A [ip] => 95.211.105.225 [class] => IN [ttl] => 71538 ) )ParticipantThe situation is like this:
one company is responsible for domain -nazwa.pl
one company is responsible for VPS server – the server IP is shown there I think
one company is responsible for mail service – home.plThe system is set like that so if there is an attack on the server like DDOS the mail service will still work normal – that is what I was told.
The images are shown properly – the message is registered only during uploading a photo while creating a post and puting that image into te post and as post miniature.
I can ask about the server protocol but whom should I ask? The people from the domain, server or the mail service?
KeymasterOk let me rephrase this so that you see that there is not a problem at all. You are able to upload image files. You are able to view image files. You are seeing a 403 error logged. The 403 error can be ignored because everything is working correctly. The 403 error is what I refer to/call a “nuisance” error since everything is working correctly. You can just ignore these 403 errors – they do not affect or negatively impact anything.
ParticipantRoger! 😉
Anonymous
Inactive[Topic has been merged into this similar relevant Topic]
Hi! I found in my security log that BPS blocked the access for some images in a webpage. This is the code:
[403 GET / HEAD Request: dicembre 24, 2014 - 10:01 am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 92.107.221.221 Host Name: 221-221.107-92.cust.bluewin.ch SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/2012/05/star.png QUERY_STRING: HTTP_USER_AGENT: OpenOffice/4.0.1
I also founded this thread where is said to ignore the errors if the images are displaying fine: http://forum.ait-pro.com/forums/topic/bps-thinks-my-own-server-is-an-attacker/
My images are displaying fine, so I’ll ignore this errors, but I wonder if there is a method to avoid this sort of false-alerts, because I want be alerted only for real problems. Is there a sort of whitelist or something else to filter this messages?
Thanks.
Keymaster@ Ricarrdo – I may split this into a separate OpenOffic Topic at some point depending on if I find other similar cases of this. Taking the general logic in this forum topic a step further here is the scenario that is occurring. Besides image retrieval several other things may be happening and one of those things is being blocked for whatever reason. The Security Log entry does not show exactly what that might be, but since image retrieval is actually working correctly then just ignore these log entries.
Vamsi
Participant[Topic has been merged into this relevant Topic]
Hi
I am using 2 custom icons (png files) for a plugin of mine from the uploads folder. Everytime the page with the plugin is activated, it is being logged as a security error. Can you please tell me how to configure the tool to plugin to ignore access to these 2 files.
[403 GET / HEAD Request: January 9, 2015 - 8:14 am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: xxx.xxx.xxx.xxx Host Name: xxx.xxx.xxx.xxx SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://xxx.com/office-locations/ REQUEST_URI: /wp-content/uploads/location-icon.png QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) [403 GET / HEAD Request: January 9, 2015 - 8:14 am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: xxx.xxx.xxx.xxx Host Name: xxx.xxx.xxx.xxx SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://xxx.com/office-locations/ REQUEST_URI: /wp-content/uploads/Doctor-icon.png QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Thanks
VamsiKeymaster@ Vamsi – Are the images displaying correctly or are they actually being blocked? The BPS root htaccess file and BPS UAEG do not block .png file types. If the images are displaying correctly then that means that something in the method used to retrieve the image files is doing something that is being blocked, but image retrieval is working fine.
ParticipantThank You Admin.
The images are being displayed as expected. Is there anything you can suggest on how I can find out what is causing this error?
Thanks
VamsiKeymasterThis would be considered a nuisance error and you can just ignore it, but if you want to find out what code is causing the error then you would need to look at whatever code is used for displaying the image. ie if the code is in a plugin then you would look at the plugin’s code and find the specific code that is used for displaying the icon image files. Most likely the code is doing something that is not a WordPress standard method for displaying icon image files or some method that is not a good coding standard practice in general. Typically plugins have their own image folder within the plugin itself and then use standard link code for images displayed on pages and for the WordPress menu icons you would use standard WordPress menu code like this below.
add_menu_page(__('BulletProof Pro Security Settings', 'bulletproof-security'), __('BPS Pro', 'bulletproof-security'), 'manage_options', 'bulletproof-security/admin/login/login.php', '', plugins_url('bulletproof-security/admin/images/bps-icon-small.png') ); -
AuthorPosts
- You must be logged in to reply to this topic.