Constant Contact 403 Error

Home Forums BulletProof Security Free Constant Contact 403 Error

This topic contains 3 replies, has 2 voices, and was last updated by  AITpro Admin 6 years, 8 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #1651

    AITpro Admin
    Keymaster

    Email Question:

    not sure what api we have on our server. our blog and main site are hosted by Media Temple. we were having hacking problems, until i installed your awesome BPS Security plugin. But, our marketing dept sends out email blasts using constant contact. the blog links in that email are getting “403 Forbidden You don’t have permission to access”. i’ve looked everywhere and can’t find a solution. if i turn off BPS then the links work. any help will be greatly appreciated! Shane

    #1652

    AITpro Admin
    Keymaster

    What I suspect is that the links in the emails contain dangerous coding characters such as the single quote coding character.  Post one of the links that is being blocked.

    #1653

    imiloaadmin
    Member

    Thank you for the quick response!  here’s the original obfuscated constant contact link:

    r20.rs6.net/tn.jsp?e=0016fCIgyAgergeLw_NUb0i54rFT3RTTMBhBZ9mkTiVQnVjn51HgbZPtsYOXV-LDtR8tCPaPZNHXBdb8IV2tynvZ8DxeCfGUfSS301KFm3pmSI7VB7j3UCOeOEgEjN01WZACxfua0wV_C0Ouz6vNbBrAP3KRb4hjRv4Tzb8v0Qlf50VzkiX0_GHzwwk43LTkd-EvLWHgoaOAg_wbpX1XkQCXy8TCfWeZb5aX7XqbY5VuAx2p63HsX60I7kXPKk5WHTgPu2CtO-E3w7XosYiO7nSbIYhoHUbugzz9VYCtiSiIBOmJgqB8p0A9Am7dyECdctxSC8ejHCZmFpTB3wuxOMcrdCqZnYS8xZBhMO0dgXHI2xOwYtHobSXOFN1QJO3Mz3dxB5my2jojKDTcbHKkQf_WpuoxQcks2GlHIlHK12dnrA=

    which translates to this, in the browser address bar:

    blog.imiloahawaii.org/general-information/margaret-shiba-imiloas-new-director-of-institutional-advancement/?utm_source=%27Imiloa+Astronomy+Center+-+February+2013+News&utm_campaign=February+2013+Kilolani&utm_medium=email

    if i remove the section past the last “/”, the link works. if i turn of BPS, both links work without any changes made. i checked your 403 forbidden page and i don’t see any keyword that’s on that page in the links to the blog. thanks again for your help.

    #1655

    AITpro Admin
    Keymaster

    The %27 is the single quote coding character / Apostrophe urlencoded.  BPS will definitely block this.  You can either remove the single quote from the URL or you can edit these security filters shown in the link below if you want to allow the single quote coding character

    http://forum.ait-pro.com/forums/topic/apostrophe-single-quote-code-character/#post-6939

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.