BPS Pro Alert! Your site may not be protected by BulletProof Security

Home Forums BulletProof Security Pro BPS Pro Alert! Your site may not be protected by BulletProof Security

This topic contains 14 replies, has 3 voices, and was last updated by  Chris Moon 2 years, 6 months ago.

Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
    Posts
  • #25982

    GR
    Participant

    I’m on Knownhost, and I’m trying to figure out why I can’t turn on Bulletproof mode for my root .htaccess file.  The admin bulletproof .htaccess goes in without a problem. I can activate root mode, but the root .htaccess file immediately reverts back to WordPress default.  Any suggestions as to what could be happening?

    #25984

    AITpro Admin
    Keymaster

    I assume the BPS Pro alert message you are seeing is the Alert message that I changed the title of this forum topic to?  Try these steps first:

    1. Go to the htaccess File Editor tab page.
    2. Click the Turn On AutoLock button.
    3. Run the Pre-Installation Wizard and Setup Wizard again.

    #25985

    GR
    Participant

    Ok, I am on the .htaccess tab, and I see the paragraph discussing the AutoLock button, but I see no actual AutoLock button anywhere.

    #25986

    AITpro Admin
    Keymaster

    Ok that means you have a DSO Server type and not a CGI Server type.  The AutoLock button is only displayed for CGI Server types.  Ok try these steps below and let me know if your root htaccess file is automatically changed again or not.

    1. Deactivate all of your other plugins except for BPS Pro.
    2. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    #25990

    GR
    Participant

    It still doesn’t work.  Knownhost insists that they are doing nothing to cause this.  The secure access info is not put into the public_html/.htaccess file.

    #25991

    AITpro Admin
    Keymaster

    I see that you installed BPS Pro on this site today.  Was this site hacked in the recent past before you installed BPS Pro?  It could also be a file permission or Ownership problem.  Go to the BPS Pro System Info page and copy and paste the system information in these boxes:  Website|Server|Opcode Cache|Accelerators|IP Info|Apache Modules|Directives, PHP Server|PHP.ini Info and File|Folder Permissions (CGI or DSO)|Script Owner User ID (UID)|File Owner User ID.  Send the System Info in an email to info at ait-pro dot com.

    #25993

    GR
    Participant

    There were some modified files injected, yes.  Server AV software and Sucuri.net scans clean now.   File perms and ownership look good.  Info sent.

    #25994

    AITpro Admin
    Keymaster

    All direct email troubleshooting steps did not resolve the problem.  Scheduled for login to this site between 7 and 8am PST tomorrow morning.

    #25995

    GR
    Participant

    PLEASE NOTE: If you’re going to do anything that will take the site down for more than 60 seconds, such as turn off installed plugins,  please wait until 3pm PST.

    #25996

    AITpro Admin
    Keymaster

    This site is completely clean of all hacker files and code. Reinstalling WordPress on the Updates page resolved the problem. That either means that hacker code still existed in one or more of the WordPress Core files that was replaced or that there was damage/corruption to one or more WordPress core files – most likely the former.

    #25998

    GR
    Participant

    Ok, so after all was said and done, all the usual steps failed to resolve the problem, and all we really know is that sometimes corrupted WordPress core files can cause the .htaccess file to constantly be rolled back to WordPress default.  Is that correct?

    #25999

    AITpro Admin
    Keymaster

    I meant to state “former” and not “latter”.  That has been corrected above.  The explanation that I sent to you via email has been posted below as it may be helpful for someone else in this same situation.

    Hackers typically place files and/or code all over the place (in WP Core files and elsewhere under a hosting account) so that when you do something like reinstall WordPress, another file with additional hacker code in it, typically wp-config.php, wp-blog-header.php, index.php, etc. automatically reinfects the site again. So the most logical explanation for why just reinstalling WordPress worked is you already removed the hacker files that automatically reinfect the site and the only hackers files/code left over, existed somewhere in WP Core files. When I used to dehack websites I would first take the site offline to prevent reinfection while finding and removing the hacker files that reinfect the site and then finally replace all standard WP Core files.

    #26003

    GR
    Participant

    Okay, that makes sense.  And it has to be said: BPS staff put at least 2 hours into email support and troubleshooting on my site to resolve this issue.   Big thanks to them for going the extra mile.

    It’s alarming that code which constantly restores a copy of .htaccess can be injected into core WordPress files, and has no known malware signature, but the good news is, I found the right people to fix it.

    #26004

    AITpro Admin
    Keymaster

    Yep, hackers are creating better code these days unfortunately.  In past years, I used to see mostly slapped together rough hacker code that did not have very good automation coding work done, but that has changed in the past couple of years and I am seeing much better hacker coding work in general and hacker automation coding work (automatically recreate/reinfect sites).  The other thing that I am seeing is much better hacker coding work at making the “hidden” hacker files undetectable to/by any scanners.  That is just the normal evolution of this thing and expected so it is good to always be a couple of steps ahead of what hackers are currently doing.

    Thanks for the Kudos!  Very much appreciated.

    #26764

    Chris Moon
    Participant

    [Topic merged into this relevant Topic]
    I am re-building a site after the DB was corrupted but having problems re-installing BPS Pro. Completely new installation of WP
    Themes: Thesis Theme activated – 2015 theme installed
    Plugins: Akismet; BPS Pro; Duplicator; MainWP Dashboard
    no content

    I have tried both with the setup wizard and manually. Error “BPS Pro Alert! Your site may not be protected by BulletProof Security
    The BPS version: BULLETPROOF PRO x.x SECURE .HTACCESS line of code was not found at the top of your Root htaccess file.” The new site is installed on my VPS where I have 12 other sites all with BPS Pro, duplicator and MainWP Child they all function perfectly so I don’t think it’s a problem with my server.

    regards,
    Chris Moon
    __________________

    It appears the BPS Pro plugin had been corrupted downloading and installing a new copy solved the problem

Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.