Home › Forums › BulletProof Security Free › Loads of 403 GET or Other Request Error
- This topic has 28 replies, 6 voices, and was last updated 11 years, 4 months ago by
AITpro Admin.
-
AuthorPosts
-
imxproducts
ParticipantDone,
Additionally see the wordfence scan log for the following
This file may contain malicious executable codeFilename: wp-content/plugins/bulletproof-security/admin/tools/tools.php
File type: Not a core, theme or plugin file.
Issue first detected: 11 mins ago.
Severity:Critical
Status
New
This file is a PHP executable file and contains an eval() function and base64() decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.AITpro Admin
KeymasterSee this Topic regarding the Wordfence false flag error for the tools.php file.
http://forum.ait-pro.com/forums/topic/wordfence-scan-bps-tools-php/ParticipantRegarding the Wordfence false flag error for the tools.php fi
Thank you for the clarification.
Awesome to see someone who actually supports his products.KeymasterI am unable to login. Your CAPTCHA is displaying blank in the hover tooltip so I assume you are using the method of not displaying the CAPTCHA in the hover tooltip. Please send me the CAPTCHA. Thanks.
ParticipantYou should have it now. Sorry I am a Nimnal sometimes
KeymasterUPDATE (more of a personal note in case I come across this again):
Noticed that there were a pool of IP addresses being used.
10.xxx.xxx.49
10.xxx.xxx.52
10.xxx.xxx.53Manually edited the Plugin Firewall .htaccess file and added: Allow from 10.xxx.xxx. to whitelist all IP addresses in this subnet range and: Allow from 184.106.55.86 to whitelist the website/Server IP. Additional options need to be added to the Plugin Firewall Whitelist Tools to save DB options permanently: additional IP’s and domain names.
———————————————–
The problem appears to be either a DNS or Proxy Server misconfiguration issue. I can get the Plugin Firewall working for a second, but it breaks after a second or so due to whatever the issue/problem is on this particular site. A 10 network IP address is not valid on the Internet and is ONLY used / allowed / valid for Internal Networks: http://en.wikipedia.org/wiki/Private_networkYour website/Server IP address is a 10 Private Network IP which is not valid
Server / Website IP Address: 10.xxx.xxx.xx
What is interesting to me are these things. Hosted by Rackspace, but the Name Server is a Go Daddy Name Server??? Maybe there is a DNS mistake going on??? Also are you using Go Daddy Website Accelerator?
ignitespayment.com Is Hosted by RackSpace
Hosting: RackSpace host the domain ignitespayment.com
WHOIS: Click Here
IP Address: 184.106.55.86
Name Servers: ns64.domaincontrol.com, ns63.domaincontrol.comsilas88
ParticipantI am getting 403’s when I try to use BING Webmaster SEO Analyzer: http://www.bing.com/webmaster/diagnostics/seo/Analyzer
The strange thing is it occasionally worked earlier today (at least on one of my pages), however now it’s not working at all (403’s instead). The error is not logged every time in the BPS log, even though I get a 403 notice on the Bing Analyzer page. The logged REQUEST_URI is always an image. (I tried commenting out the hotlinking code – no change). Here is an example from the log (edited for privacy)…>>>>>>>>>>> 403 GET or Other Request Error Logged - 11 December 2013 - 17:06 <<<<<<<<<<< REMOTE_ADDR: 88......edited for privacy... Host Name: h88.....edited for privacy... SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.bingsandbox.com/webmaster/diagnostics/seo/SeoRenderAnalyzedPage?url=http%3A%2F%2Fwww.mydomain.com%2F&wmkt=.....edited for privacy... REQUEST_URI: /wp-includes/images/rss.png QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
KeymasterI tested the Bing SEO Analyzer tool on this Forum Topic and the main URL for this Forum site. It worked fine without any errors.
ParticipantOK, thanks. That info helps, it must be something in my custom code.
KeymasterYep, most likely that is it. This is becoming more common since adding all the new BPS Custom Code text boxes. We will be adding a new step by step logical troubleshooting progression and one of the steps will be to…
Copy and paste all of your Custom Code into a Notepad or Notepad++ text doc on your computer and then delete custom code in the Custom Code text boxes, save your changes and activate BulletProof Mode again. The problems with listing this as troubleshooting step are going to be things like: if someone has php/php.ini handler code, if someone is using a caching plugin and added caching code, etc. Most likely to be safe the troubleshooting step should primarily focus on this Custom Code text box only:
ParticipantWell, that’s very strange, now it works for me also! ?!
Keymaster@ silas88 – The Bing Fairy must have been hovering around your website to mess with you. LOL 🙂
ParticipantWell I don’t understand what’s going on at all! I was able to run the Bing SEO analyzer last night (my time) but this morning it doesn’t work. Also, at the time when it worked last night there are 403 reports in the BPS log relating to images only (now that I think back there were no images in the Bing SEO view), but when it doesn’t work there is a notice on the Bing page but there are no reports in the BPS log! ???
Bing notice….”The request returned code: HTTP/1.1 403 Forbidden”
BPS log>>>>>>>>>>> 403 GET or Other Request Error Logged - 11 December 2013 - 23:30 <<<<<<<<<<< REMOTE_ADDR: ....XXXXXXXXX.... Host Name: ....XXXXXXXXX.... SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.bingsandbox.com/webmaster/diagnostics/seo/SeoRenderAnalyzedPage?url=http%3A%2F%2Fwww.....XXXXXXXXX.... REQUEST_URI: //wp-content/uploads/XXXXX1608132314124.jpg QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko >>>>>>>>>>> 403 GET or Other Request Error Logged - 11 December 2013 - 23:30 <<<<<<<<<<< REMOTE_ADDR: ....XXXXXXXXX.... Host Name: ....XXXXXXXXX.... SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.bingsandbox.com/webmaster/diagnostics/seo/SeoRenderAnalyzedPage?url=http%3A%2F%2Fwww....XXXXXXXXX.... REQUEST_URI: /wp-content/themes/xxxxxx/images/xxxxxxxxxx_1608131676324opt.svg QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
I do have some custom code that is time related but that’s just for wp-login
<Files "wp-login.php"> Order Allow,Deny Allow from mydomain.com xx.xx.xxx.xx env=allow # define access times - note these are in the servers' time zone RewriteEngine On RewriteCond %{THE_REQUEST} HTTP/1\.0 [OR] RewriteCond %{TIME_HOUR} >23 [OR] RewriteCond %{TIME_HOUR} <08 RewriteRule ^wp-login\.php - [F] </Files>My php.ini sets the time to my local time. I’ll spend time later to relook at this, but for the moment I am baffled. Regarding your comments re debugging custom code, I agree this is one of the biggest challenges. If there are problems with headers or caching then instead of removing the WP Super Cache code I force a rebuild of the cache. What might be useful for debugging is if the custom code could be saved and restored in sections (headers & caching, hotlinking code, plugin tweaks, etc), at the moment a back up of the whole htaccess is the only option. Also, if each custom code section could insert a notice or flag in the log to indicate which section initiated the 403 / 404 this would help with debugging. Otherwise I use the standard technique of removing half of the suspect code and test, then retest with the other half, and so on until I find the culprit section.
KeymasterI retested again and chose a page with image files on it and did not see any errors so none of the standard BPS .htaccess code blocks the Bing Sandbox iframe.
I think the smartest thing would be to add a DB Export / Import option. The Security log entry usually tells you what the problem is. ie by looking at the log entry you can see why something was blocked. In this particular case I do not see the cause of the error.
-
AuthorPosts
- You must be logged in to reply to this topic.