FS Poster Plugin

Home Forums BulletProof Security Pro FS Poster Plugin

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #44715
    Louis
    Participant

    I got this error in my Security login, and I use this plugin, I tried the Whitelisting Plugin but it doesn’t remain. Was wondering how I can get it Whitelisted so the plugin can function properly and post steady.

    [403 POST Request: February 1, 2025 - 2:26 am]
    BPS Pro: 17.4
    WP: 6.7.1
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: GDPR Compliance On
    Host Name: pool-99-228-59-33.cpe.net.cable.rogers.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: POST
    HTTP_REFERER: https://extremedealsoftheday.com/wp-admin/admin.php?page=fs-poster
    REQUEST_URI: /wp-json/fs-poster/v1/channels
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
    REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data
    #44716
    AITpro Admin
    Keymaster

    Add the fs-poster whitelist rule above the elementor whitelist rule in the wp-admin Custom Code text box > 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
    Click the save wp-admin Custom Code button.
    Go to the Setup Wizard page, run the Pre-Installation Wizard and Setup Wizard.

    Note: If you have more plugins that are doing this bizarre method of sending plugin page Query Strings from admin.php to wp-json then it would probably be smarter to whitelist the wp-json Request URI. I assume some other plugin or theme is doing this and not the actual plugins themselves.

    # fs-poster wp-admin plugin skip/bypass rule
    RewriteCond %{QUERY_STRING} page=fs-poster(.*) [NC]
    RewriteRule . - [S=3]
    
    # Elementor wp-admin plugin skip/bypass rule
    RewriteCond %{QUERY_STRING} page=e-form-submissions(.*) [NC]
    RewriteRule . - [S=2]
    #44718
    Louis
    Participant

    Yes, you are correct about other plugins. For example, I just saw that after trying to create some 301 redirects with the SEOPress plugin, it also seems to be using the wp-json Request URI.

    As I just got this in my Security log, so it’s probably best to whitelist the wp-json Request URI as you recommended.

    How would I whitelist the wp-json Request URI correctly ?

    [403 GET Request: February 2, 2025 - 5:45 pm]
    BPS Pro: 17.4
    WP: 6.7.1
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: GDPR Compliance On
    Host Name: pool-99-228-59-33.cpe.net.cable.rogers.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: GDPR Compliance On
    HTTP_FORWARDED: GDPR Compliance On
    HTTP_X_FORWARDED_FOR: GDPR Compliance On
    HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
    REQUEST_METHOD: GET
    HTTP_REFERER: https://extremedealsoftheday.com/wp-admin/post-new.php?post_type=seopress_404&post_title=womens-thermal&prepare_redirect=1&key=5&redirect_to=clothes-for-women%2Fwomens-thermal
    REQUEST_URI: /wp-json/seopress/v1/search-url?url=https://extremedealsoftheday.com/clothes-for-women/womens-thermal/
    QUERY_STRING: url=https://extremedealsoftheday.com/clothes-for-women/womens-thermal/
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
    #44719
    AITpro Admin
    Keymaster

    You can try this, but if it doesn’t work then just deactivate wp-admin BulletProof Mode. Add this above skip rule #3, save and run the Wizards. A post is being sent to wp-json and then a redirect simulating an RFI hacking attempt is occurring. Very scary code.

    # skip/bypass rule for wp-json
    RewriteCond %{REQUEST_URI} ^/wp-json/(.*) [NC]
    RewriteRule . - [S=4]
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.