Google Apps Login plugin – 403 error

Home Forums BulletProof Security Free Google Apps Login plugin – 403 error

Tagged: 

This topic contains 7 replies, has 3 voices, and was last updated by  Alex Laxton 1 week, 3 days ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #36477

    RiverRockMedical
    Participant

    Previously working 2 months ago, now no longer working.
    Using google apps login plugin to login using google account, now 403 error.
    Disabled BPS Root Bulletproof mode in BPS settings, login working again.

    Security log:

    [403 GET Request: September 17, 2018 - 3:54 pm]
    BPS: 3.2
    WP: 4.9.8
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 38.140.187.242
    Host Name: 38.140.187.242
    SERVER_PROTOCOL: HTTP/2.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-login.php?state=360a9fde54%7C&code=4/XQA-pHQszWPI6uLRn3oSKTDGLLLsoxgdIw5SF28Wfile__Franl_0p7RanX80Vq5zgt_F8ml_A3cunflXRVPKmY&scope=https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&authuser=0&session_state=dc5779a19b247bfcdafa0bb6f6c33e717f3b5ccd..7186&prompt=consent
    QUERY_STRING: state=360a9fde54%7C&code=4/XQA-pHQszWPI6uLRn3oSKTDGLLLsoxgdIw5SF28Wfile__Franl_0p7RanX80Vq5zgt_F8ml_A3cunflXRVPKmY&scope=https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&authuser=0&session_state=dc5779a19b247bfcdafa0bb6f6c33e717f3b5ccd..7186&prompt=consent
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0

    attempting to add skip rule now for uri requests containing https://googleapis.com/auth … will post if it works (I’m a noob, so my solution may have unintended consequences – please advise for better options)

    https://riverrockmedical.com/wp-login.php?state=e38eced1c3%257Chttps%253A%252F%252Friverrockmedical.com%252Fwp-admin%252Fplugins.php%253Floggedout%253Dtrue&code=4/XQCk2lgppanl5OtuVgIrpDNqQhT-dCXp1M2xeq1HvR7WcMOiGGjVr-f91v2MMCBo_dIuLBMqi569qGsVmQ6eYRo&scope=https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&authuser=0&hd=riverrockmedical.com&session_state=96f1778250d12cf38831591719530be9219f56e0..e6bb&prompt=none#

    #36480

    AITpro Admin
    Keymaster

    Hmm not sure why this was not being blocked before and it is now since the Query String is simulating an RFI attack.  Do the steps in this forum topic to fix the issue https://forum.ait-pro.com/forums/topic/erroe-403-with-the-plugin-subscribe-to-comments-reloaded/#post-35497

    #36481

    RiverRockMedical
    Participant

    ok, my attempts at whitelist rule didn’t work:

    # Google Login plugin skip/bypass rule
    RewriteCond %{REQUEST_URI} google [NC]
    RewriteRule . - [S=17]
    

    Security Log:

    [403 GET Request: September 17, 2018 - 6:40 pm]
    BPS: 3.2
    WP: 4.9.8
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 72.48.183.117
    Host Name: 72-48-183-117.dyn.grandenetworks.net
    SERVER_PROTOCOL: HTTP/2.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=172638697662-s3fmr1b9mvtjcpjocssfiqvq09shd1jt.apps.googleusercontent.com&as=UV5o7yxDk3AKL7b3_umUaw&destination=https%3A%2F%2Friverrockmedical.com&approval_state=!ChQ4cExhbS1fSGgtSGcwdk9jdXJleRIfZzFFaWRKVk9TdmNYd0ktM2lWMU9TaWVuem4tZVhoWQ%E2%88%99ANKMe1QAAAAAW6GM44xOpiGvOvOCjpDdLMCgwyO0zl2w&oauthgdpr=1&xsrfsig=AHgIfE8sDMpsY3lh23DTDIa5iFn_uIow8g&flowName=GeneralOAuthFlow
    REQUEST_URI: /wp-login.php?state=e38eced1c3%257C&code=4/XQCGXpnfwX8tXj1oV10HFCJ0I9fxQgRG7St2GZXmtqhp3QYkgULdkNRmD9qgAABAVltfDdR6TflruVqdsWILK94&scope=https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=riverrockmedical.com&session_state=96f1778250d12cf38831591719530be9219f56e0..e6bb&prompt=none
    QUERY_STRING: state=e38eced1c3%257C&code=4/XQCGXpnfwX8tXj1oV10HFCJ0I9fxQgRG7St2GZXmtqhp3QYkgULdkNRmD9qgAABAVltfDdR6TflruVqdsWILK94&scope=https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email&authuser=0&hd=riverrockmedical.com&session_state=96f1778250d12cf38831591719530be9219f56e0..e6bb&prompt=none
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36
    

    please assist!

    #36482

    AITpro Admin
    Keymaster

    That’s because you are not using the correct type of whitelisting that is needed for this problem. The Query String is simulating an RFI attack. Do the steps in this forum topic to fix the issue https://forum.ait-pro.com/forums/topic/erroe-403-with-the-plugin-subscribe-to-comments-reloaded/#post-35497

    #36483

    RiverRockMedical
    Participant

    ok … um that crashed my whole site, 500 error. Not sure what went wrong?

    I copied and pasted the code into the BPS query section…

    #36484

    RiverRockMedical
    Participant

    actually, I’m just an idiot who can’t copy and paste correctly without hitting “paste” twice … your solution worked perfectly sir.

    Thank you so much!!

    #36486

    AITpro Admin
    Keymaster

    Great! Glad that worked.

    #38141

    Alex Laxton
    Participant

    Great I have seen coding and hoping that it could be work for me also. Because I have searched from many forums and got here the solution…

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.