Images not displaying, timthumb theme images, thumbnail images

Home Forums BulletProof Security Free Images not displaying, timthumb theme images, thumbnail images

This topic contains 39 replies, has 5 voices, and was last updated by  AITpro Admin 4 years, 3 months ago.

Viewing 15 posts - 1 through 15 (of 40 total)
  • Author
    Posts
  • #3825

    Dear Forum,
    I installed & set-up the Bulletproof Security Free plugin and since then, images are not displaying on my site. The log file reports this error: Can you please assist?

    >>>>>>>>>>> 403 GET or Other Request Error Logged - April 5, 2013 - 06:49 <<<<<<<<<<<
    REMOTE_ADDR: 62.31.116.70
    Host Name: cpc1-croy17-2-0-cust69.croy.cable.virginmedia.com
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //www.superhumansecret.com/the-10-superhuman-commandments/
    REQUEST_URI: /wp-content/themes/itheme2/themify/img.php?src=http: //www.superhumansecret.com/wp-content/uploads/2013/04/The-10-SuperHuman-Commandments-www.superhumansecret.com_.jpg&w=622&h=274
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31

    Thank-you.

    #3828

    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    OPTION 1:  Add the img.php file name as shown below in the TimThumb/MISC File Skip/Bypass rule to whitelist the img.php file.  Go to the htaccess File Editor tab page, click on “Your Current Root htaccess file tab”, scroll down in your root .htaccess file until you find this code, add img\.php| and click the Update File button to save your changes.

    IMPORTANT!!! Clear your Browser cache and clear your caching plugin cache.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Remote File Inclusion (RFI) security rules
    # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F]
    # 
    # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
    RewriteCond %{REQUEST_URI} (img\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
    RewriteCond %{HTTP_REFERER} ^.*example.com.*
    RewriteRule . - [S=1]

    If the code above works then to add/save the code above permanently to BPS Custom Code do these steps:

    IMPORTANT!!! Clear your Browser cache and clear your caching plugin cache.

    1.  Copy the code above to this Custom Code text box:  CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE: Add additional Referers and/or misc file names. IMPORTANT! Change the HTTP_REFERER example.com domain name to your actual domain/website’s name.
    2. Save your new custom code by clicking the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    OPTION 2: If the skip/bypass/whitelist rule above does not work then add this skip/bypass rule to Custom Code.

    IMPORTANT!!! Clear your Browser cache and clear your caching plugin cache after doing all of the steps below.

    1. Copy this .htaccess code below to the Custom Code CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:
    Add personal plugin/theme skip/bypass rules here
     text box
    2. Save your new custom code by clicking the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    NOTE: If your WordPress installation is in a subfolder then add your WordPress subfolder name in the path.
    Example:  /my-wordpress-installation-folder-name/wp-content/themes/…

    # Theme Thumbnailer script skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/themes/itheme2/themify/img\.php [NC]
    RewriteRule . - [S=13]
    #3839

    Thank-you so much for your prompt response.

    I added the
    img\.php|

    to the line of code that you instructed within the root htaccess file and the site is now working correctly.

    All images are now displaying as normal.

    Thank-you.

    #3840

    AITpro Admin
    Keymaster

    Great!  Thanks for confirming all is well.

    #4054

    Matt
    Participant

    I am having the same issue with some of my pictures.

    Here is error code.

    HTTP_REFERER: http: //dean-smithrealty.com/9904-bellflower-way-knoxville-hardin-valley-real-estate
    REQUEST_URI: /wp-content/themes/SmoothV4.1/thumbnail.php?src=http://dean-smithrealty.com/wp-content/uploads/agents/no-agent-photo.jpg&w=146&h=196&zc=1&q=70&cropfrom=topcenter
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.15 Safari/537.36

    I tried using the above solutions with changing theme info and img\.php to thumbnail\.php to no avail.

    Any help is appreciated.

    #4059

    AITpro Admin
    Keymaster

    One of the 2 fixes will work so double check that you have added/created them correctly.  Also you need to clear both your Browser cache and plugin cache for whatever caching plugin you are using.

    #4060

    Matt
    Participant

    Got it to work. Thanks

    #4061

    AITpro Admin
    Keymaster

    Great! Thanks for confirming all is well.

    #9284

    AITpro Admin
    Keymaster

    [Post was Manually Moved to this relevant Forum Topic]

    How to solve these kind of security log.How to white list these kind of errors.

    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://transtechacademy.com/gallery/
    REQUEST_URI: /wp-content/themes/grandcollege_v1-08/stylesheet/ie-style.php?path=http://transtechacademy.com/wp-content/themes/grandcollege_v1-08
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;  SV1;  .NET CLR 1.1.4322;  .NET CLR 2.0.50727;  .NET CLR 3.0.04506.648)
    
    REMOTE_ADDR: 98.137.207.233
    Host Name: h105.hlfs.bf1.yahoo.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://ginaparrisentertainment.com/
    REQUEST_URI: /wp-content/themes/GinaParis/thumb.php?src=http://ginaparrisentertainment.com/files/2012/03/Parris_Gina-01a_4.jpg&w=77&h=60&zc=1&q=80&bid=3
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp) NOT Firefox/3.5
    
    REMOTE_ADDR: 198.50.154.235
    Host Name: 198.50.154.235
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://caribbeanthings.com/register/
    REQUEST_URI: /?s=search…
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
    #9288

    AITpro Admin
    Keymaster

    These themes are simulating RFI hacking attempts against your website and BPS is blocking these simulated RFI hacking attempts. To tell BPS to allow these simulated RFI hacking attempts do the steps below:

    IMPORTANT!!! Clear your Browser cache and clear your caching plugin cache.

    1. Copy this .htaccess code below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES:.
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    NOTE: If your WordPress installation is in a subfolder then add your WordPress subfolder name in the path.
    Example:  /my-wordpress-installation-folder-name/wp-content/themes/…

    # Theme Thumbnailer script skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/themes/GinaParis/thumb\.php [NC] 
    RewriteRule . - [S=14]
    # Theme style script skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/themes/grandcollege_v1-08/stylesheet/ie-style\.php [NC] 
    RewriteRule . - [S=13]

    The 3rd error is a spammer or hacker that was blocked by BPS Pro.  The spammer or hacker is doing recon/probes on your website looking for vulnerabilities/exploits.  IP Address:  198.50.154.235 is a known spammer or hacker IP address.

    #9396

    jena
    Participant

    For this kind of errors where HTTP_REFERER is blank Do we need to whitelist the url or these are all hacker attack?

    >>>>>>>>>>> 403 GET or Other Request Error Logged - September 5, 2013 - 4:21 am <<<<<<<<<<<
    REMOTE_ADDR: 217.8.253.206
    Host Name: tylerhost.co.uk
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /deepfocus-theme-documentation/wp-content/themes/DeepFocus/timthumb.php?src=http://flickr.com.yenimynet.tk/xp.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
    #9398

    AITpro Admin
    Keymaster

    Yes, you are correct.  The blank Referer means that this RFI hacking recon/probe/attack came from an external website and NOT your website.  The other thing to note/check is is the Request URI showing a link to a file/theme/plugin on your website or is this just a random recon/probe/attack looking for this theme/plugin/file on your website.  Most likely you do not have the DeepFocus Theme installed on your website.

    #9440

    jena
    Participant

    I have already added this rule

    # Theme style script skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/themes/grandcollege_v1-08/stylesheet/ie-style\.php [NC] 
    RewriteRule . - [S=20]
    
    But it still shows the same log entry again.
    
    REMOTE_ADDR: 164.82.32.13
    Host Name: 164.82.32.13
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //transtechacademy.com/celebrating-champions-making-an-investment/
    REQUEST_URI: /wp-content/themes/grandcollege_v1-08/stylesheet/ie-style.php?path=http://transtechacademy.com/wp-content/themes/grandcollege_v1-08
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
    #9441

    AITpro Admin
    Keymaster

    Ok then try this next, but instead of whitelisting img.php file shown is this example you would want to whitelist the ie-style.php file:  http://forum.ait-pro.com/forums/topic/images-not-displaying-after-bulletproof-security-free-plugin-was-enabled-and-configured/#post-3828

    I see that this skip rule is #20 [S=20].  Do you already have skip rules for #13 through #19 below this #20 skip rule.  Skip rules must be in descending order and they must be in sequence 20, 19, 18, 17, 16, 15, 14, 13, etc.

    Example:

    xxxx
    RewriteRule . - [S=20]
    xxxx
    RewriteRule . - [S=19]
    xxxx
    RewriteRule . - [S=18]
    xxxx
    RewriteRule . - [S=17]
    ...
    ...
    ...
    xxxx
    RewriteRule . - [S=13]
    #9442

    AITpro Admin
    Keymaster

    Was having some SQL Server issues with Go Daddy on the 50. Network due to SQL Server maintenance.  Seems to be resolved now.

Viewing 15 posts - 1 through 15 (of 40 total)

You must be logged in to reply to this topic.