Custom login page – unable to login – 403 error

Home Forums BulletProof Security Free Custom login page – unable to login – 403 error

Tagged: 

This topic contains 3 replies, has 2 voices, and was last updated by  AITpro Admin 6 months, 3 weeks ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #33619

    Bea
    Participant

    Hi – have an issue with a 403 I cannot quite clear –

    New install single domain single site.
    BPS – when users attempt to login cannot with a 403

    Troubleshooting –  Only when Root is deactivated can they login as expected.
    There is no custom code entered as yet (new site) with the exception of what appears to have been automatically placed

    11. CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE:
    12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS: 

    Log :

    [403 GET Request: July 11, 2017 3:03 am]
    BPS: 2.2
    WP: 4.7.3
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 58.108.174.177
    Host Name: static-58-108-174-177.optusnet.com.au
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /?login=http://site.international
    QUERY_STRING: login=http://site.international
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    #33623

    AITpro Admin
    Keymaster

    The custom login page Request is simulating an RFI hacking attempt.  Do the steps below.

    1. Edit your existing 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS htaccess code and comment out these 3 security rules below with # signs as shown below.
    2. Click the Save Root Custom Code button.
    3. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
    # RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    # RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
    #34470

    Bea
    Participant

    Hi again – the issue has reappeared and I wonder if you could please assist.
    I have the 3 strings above commented out.
    It is oddly not logging all of the attempts from eg an admin IP

    [403 GET Request: October 28, 2017 1:46 am]
    BPS: 2.8
    WP: 4.8.1
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 58.108.174.177
    Host Name: static-58-108-174-177.optusnet.com.au
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://site.org/
    REQUEST_URI: /wp-login.php?action=logout&redirect_to=http%3A%2F%2Fsite.org%2F&_wpnonce=31b2e8bfb4
    QUERY_STRING: action=logout&redirect_to=http%3A%2F%2Fsite.org%2F&_wpnonce=31b2e8bfb4
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
    
    But has a load of others as well.
    
    [403 GET Request: October 27, 2017 6:16 pm]
    BPS: 2.8
    WP: 4.8.1
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 66.249.79.157
    Host Name: crawl-66-249-79-157.googlebot.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-login.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    #34471

    AITpro Admin
    Keymaster

    Are you still using a Custom Login page?  These 403 error log entries appear to be attempts to login to the standard/normal WordPress login page. You can disregard the Google Bot 403 error.  I’m not sure why that is occurring since obviously the Google Bot should not be trying to login to your website.  Are you using any IP address blocking custom code in BPS Custom Code for your WordPress Login page?

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.