NativeChurch Theme – mp3 and pdf Download – 403 error

[Rene]

I have recently installed BPS Free.  On my website users need to be able to download Mp3’s and PDF’s, but when they try it redirects them to a 403 Error page. I have searched the forum for possible solutions, tried a few that I thought would work, but still no luck.

The entry below is the last entry of the Security log, after I tried to download an Mp3 file. Please can you advise me of how to proceed to fix this error.

Thank you in advance.

[403 GET / HEAD Request: June 22, 2014 - 9:53 pm]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 105.208.227.66
Host Name: 105-208-227-66.access.mtnbusiness.co.za
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.christiancentre.co.za/?sermons=ephesians-chapter-2-v-1-10/
REQUEST_URI: /wp-content/themes/NativeChurch/download/download.php?file=http://www.christiancentre.co.za/wp-content/uploads/sermons/2014.05.25_Marius.mp3
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0

[AITpro Admin]

UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

It appears that the download script is part of/built into the NativeChurch Theme.  The Request URI is simulating an RFI hacking attempt against your website.

Try whitelisting the download.php file in the BPS RFI security code.
1.  Copy the modified TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE code below to this BPS Root Custom Code text box:  CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
2.  Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

IMPORTANT!!!:  Edit the code below after copying it to the BPS Custom Code text box and replace “example.com” with your actual website domain name.

# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
# 
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (download\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*example.com.*
RewriteRule . - [S=1]

[Rene]

Thank you for the quick response. I shall try this let you know if it fixed the issue.

[Rene]

Thank you so much… this worked perfectly 🙂

[Author]

Posts