Google Apps Login plugin – 403 error

Home Forums BulletProof Security Free Google Apps Login plugin – 403 error

Tagged: 

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • September 17, 2018 at 4:18 pm #36477
    RiverRockMedical
    Participant

    Previously working 2 months ago, now no longer working.
    Using google apps login plugin to login using google account, now 403 error.
    Disabled BPS Root Bulletproof mode in BPS settings, login working again.

    Security log:

    [403 GET Request: September 17, 2018 - 3:54 pm]
BPS: 3.2
WP: 4.9.8
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 38.140.187.242
Host Name: 38.140.187.242
SERVER_PROTOCOL: HTTP/2.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-login.php?state=360a9fde54%7C&code=4/XQA-pHQszWPI6uLRn3oSKTDGLLLsoxgdIw5SF28Wfile__Franl_0p7RanX80Vq5zgt_F8ml_A3cunflXRVPKmY&scope=https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&authuser=0&session_state=dc5779a19b247bfcdafa0bb6f6c33e717f3b5ccd..7186&prompt=consent
QUERY_STRING: state=360a9fde54%7C&code=4/XQA-pHQszWPI6uLRn3oSKTDGLLLsoxgdIw5SF28Wfile__Franl_0p7RanX80Vq5zgt_F8ml_A3cunflXRVPKmY&scope=https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&authuser=0&session_state=dc5779a19b247bfcdafa0bb6f6c33e717f3b5ccd..7186&prompt=consent
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0

    attempting to add skip rule now for uri requests containing https://googleapis.com/auth … will post if it works (I’m a noob, so my solution may have unintended consequences – please advise for better options)

    https://riverrockmedical.com/wp-login.php?state=e38eced1c3%257Chttps%253A%252F%252Friverrockmedical.com%252Fwp-admin%252Fplugins.php%253Floggedout%253Dtrue&code=4/XQCk2lgppanl5OtuVgIrpDNqQhT-dCXp1M2xeq1HvR7WcMOiGGjVr-f91v2MMCBo_dIuLBMqi569qGsVmQ6eYRo&scope=https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&authuser=0&hd=riverrockmedical.com&session_state=96f1778250d12cf38831591719530be9219f56e0..e6bb&prompt=none#

    September 17, 2018 at 4:31 pm #36480
    AITpro Admin
    Keymaster

    Hmm not sure why this was not being blocked before and it is now since the Query String is simulating an RFI attack.  Do the steps in this forum topic to fix the issue https://forum.ait-pro.com/forums/topic/erroe-403-with-the-plugin-subscribe-to-comments-reloaded/#post-35497

    September 17, 2018 at 4:45 pm #36481
    RiverRockMedical
    Participant

    ok, my attempts at whitelist rule didn’t work:

    # Google Login plugin skip/bypass rule
RewriteCond %{REQUEST_URI} google [NC]
RewriteRule . - [S=17]

    Security Log:

    [403 GET Request: September 17, 2018 - 6:40 pm]
BPS: 3.2
WP: 4.9.8
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 72.48.183.117
Host Name: 72-48-183-117.dyn.grandenetworks.net
SERVER_PROTOCOL: HTTP/2.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=172638697662-s3fmr1b9mvtjcpjocssfiqvq09shd1jt.apps.googleusercontent.com&as=UV5o7yxDk3AKL7b3_umUaw&destination=https%3A%2F%2Friverrockmedical.com&approval_state=!ChQ4cExhbS1fSGgtSGcwdk9jdXJleRIfZzFFaWRKVk9TdmNYd0ktM2lWMU9TaWVuem4tZVhoWQ%E2%88%99ANKMe1QAAAAAW6GM44xOpiGvOvOCjpDdLMCgwyO0zl2w&oauthgdpr=1&xsrfsig=AHgIfE8sDMpsY3lh23DTDIa5iFn_uIow8g&flowName=GeneralOAuthFlow
REQUEST_URI: /wp-login.php?state=e38eced1c3%257C&code=4/XQCGXpnfwX8tXj1oV10HFCJ0I9fxQgRG7St2GZXmtqhp3QYkgULdkNRmD9qgAABAVltfDdR6TflruVqdsWILK94&scope=https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=riverrockmedical.com&session_state=96f1778250d12cf38831591719530be9219f56e0..e6bb&prompt=none
QUERY_STRING: state=e38eced1c3%257C&code=4/XQCGXpnfwX8tXj1oV10HFCJ0I9fxQgRG7St2GZXmtqhp3QYkgULdkNRmD9qgAABAVltfDdR6TflruVqdsWILK94&scope=https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=riverrockmedical.com&session_state=96f1778250d12cf38831591719530be9219f56e0..e6bb&prompt=none
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36

    please assist!

    September 17, 2018 at 4:52 pm #36482
    AITpro Admin
    Keymaster

    That’s because you are not using the correct type of whitelisting that is needed for this problem. The Query String is simulating an RFI attack. Do the steps in this forum topic to fix the issue https://forum.ait-pro.com/forums/topic/erroe-403-with-the-plugin-subscribe-to-comments-reloaded/#post-35497

    September 18, 2018 at 12:04 pm #36483
    RiverRockMedical
    Participant

    ok … um that crashed my whole site, 500 error. Not sure what went wrong?

    I copied and pasted the code into the BPS query section…

    September 18, 2018 at 12:23 pm #36484
    RiverRockMedical
    Participant

    actually, I’m just an idiot who can’t copy and paste correctly without hitting “paste” twice … your solution worked perfectly sir.

    Thank you so much!!

    September 18, 2018 at 12:47 pm #36486
    AITpro Admin
    Keymaster

    Great! Glad that worked.

    November 8, 2019 at 3:17 am #38141
    Alex Laxton
    Participant

    Great I have seen coding and hoping that it could be work for me also. Because I have searched from many forums and got here the solution…

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.