Home › Forums › BulletProof Security Pro › Cannot Turn Off Security Log
- This topic has 17 replies, 2 voices, and was last updated 8 years, 11 months ago by
Bill Justesen.
-
AuthorPosts
-
Bill Justesen
ParticipantI’ve tried turning off error logging on a couple of sites, but it simply keeps turning back on. I’ll reset the last modified time, delete the log, and then turn off error logging only to come to the site a few hours later and have it turned on again. I confirm it is off by the status:
Security Log Status: Error Logging is Turned Off
Possible bug?
ParticipantIt didn’t take long to start filling up again. The status still shows as off, but the log is generating events.
AITpro Admin
KeymasterThe title of the Forum topic was changed. We are trying to get away from using “error logging” when referring to the Security Log since this is misinterpreted by a lot of folks as meaning these are errors that need to be fixed. 😉
Clicking the Security Logging On or Off options directly writes code to your root .htaccess file. This is not done or handled in any way via the WP Database. If Security Logging is On again after a period of time then that would mean that something is changing or altering your root .htaccess file code. Is your Root .htaccess file locked? Are you using any other plugins that write to the root .htaccess file and add .htaccess code and have the capability to unlock and lock your root .htaccess file. The point is something is altering your root .htaccess file if Security Logging is turned On after you previously turned it Off.
KeymasterVisually manually check your Root .htaccess file on the htaccess File Editor page. I did just find a bug, but what the bug would do would be to permanently turn Off security logging so that it could not be turned on again. Looks like a variable name changed in the last BPS Pro version and it was not updated to the new variable name.
Security Logging On .htaccess code should look like this: ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php ErrorDocument 401 default ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php ErrorDocument 404 /404.php And Security Logging Off .htaccess code should look like this: #ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php #ErrorDocument 401 default #ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php #ErrorDocument 404 /404.php
Participant.htaccess is protected with 0404 (-r—–r–) permissions via the F-lock function of BPS Pro. Even though it is locked and logging turned off, it is still writing events to it and showing alerts in the WP Dashboard.
And I don’t have any other security plugins besides Wordfence (free version), but I don’t think that would write to the .htaccess file.
I see that the error logging should be off in the current .htaccess file so I’m not sure why it is still tracking:
#ErrorDocument 400 //bulletproof-security/400.php #ErrorDocument 401 default #ErrorDocument 403 //bulletproof-security/403.php #ErrorDocument 404 /404.php
KeymasterYes, the last version of Worfence does create .htaccess code – Worfence Falcon does write caching .htaccess code to the root .htaccess file and it does cause several problems for BPS and BPS Pro. If you are using Falcon then you will need to copy the Wordfence .htaccess code out of your Root .htaccess file and paste it to this BPS Pro Custom Code text box: CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
Click the Save Root Custom Code button.
Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.Personal opinion do not use Wordfence Falcon and use our Speed Boost Cache code or use a plugin that specializes in Cache like W3TC or WP Super Cache, Quick Cache, etc.
Results of Benchmark and conflict testing for Wordfence Falcon
http://wordpress.org/support/topic/compatibility-with-wordfence-5-and-falcon#post-5433944The cause for the Security Logging bug is a very dumb thing. The Security Log On and Off Form code was moved to a different location in the security-log.php file. The variable was below the Form processing code – meaning the variable value would be blank in the Form processing code since variable was below/after the Form processing code. That bug has just been fixed and will be included in BPS Pro 8.4.
ParticipantI’m not sure where to find Falcon. I’ve checked the Wordfence options and did a search for the phrase “Falcon” and couldn’t locate it. I did find the word “cache” but only in reference to add a debugging comment.
Nor could I find the words Falcon, Wordfence, or cache in my .htaccess file.
KeymasterOk now check BPS Pro Custom Code and make sure there are no Custom Text boxes that have ErrorDocument code in them. Then click the activate Root folder BulletProof Mode button. Since there is a bug with turning Security Logging off and on in BPS Pro 8.3 then go to the htaccess File Editor and manually comment out the ErrorDocument lines of code with pound signs. At this point Security Logging should be turned off and you should not be seeing new log entries with timestamps of the current time or now.
ParticipantDone. Let’s hope it works for a while.
KeymasterOh too funny. I think I know what is happening. Login Security Logging (not THE Security Log) is set to log events and probably JTC Anti-Spam / Anti-Hacker is also set to log events. You would need to turn those off. At some point we will add a “Master Switch” for this.
The current focus for Security Logging is improving security logging solution targeting so that has the highest priority. Once that is completed then we will back track and add some sort of master turn off option.
ParticipantI just turned off JTC Anti-Spam logging, but there isn’t a way to turn off Login Security & Monitoring logging as the only two options are Log Only Account Lockouts and Log All Account Logins. I did turn off the Login Security feature to see if that will turn it all off.
KeymasterChoose the Log Only Account Lockouts option setting. The task list shows that this feature request was rejected 3 times. Not sure why that is? Logically I assume that having an Off option setting would do more harm then good. Most tasks get rejected when they would significantly increase our support/troubleshooting time so I guess that is why. I’ll add it to the task list again. Maybe it will be accepted or maybe not.
ParticipantGAH! It’s still logging. If you’d like login credentials, I’d be happy to provide.
[403 GET / HEAD Request: April 18, 2014 - 12:27 pm] Event Code: PFWR-PSBR-HPR Solution: http:// forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 174.23.29.203 Host Name: 174-23-29-203.slkc.qwest.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http:// [redacted].com/ REQUEST_URI: /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
ParticipantOK that makes sense. I can live with it logging the account lockouts.
KeymasterYep, send the login info directly to Ed – edward[at]ait-pro[dot]com. Thanks.
-
AuthorPosts
- You must be logged in to reply to this topic.