Home › Forums › BulletProof Security Pro › PHP file download when accessing site
Tagged: ModSecurity
- This topic has 18 replies, 2 voices, and was last updated 5 years, 3 months ago by AITpro Admin.
-
AuthorPosts
-
AbZu2Participant
Returning from my vacation I found that I couldn’t access my site or log in as admin. Clueless why this should have happened. Nothing had been done to the site.
When trying to access my site abzu.com a file is downloaded: https://prnt.sc/oyq34c
Had this problem before but the steps that were used to solve the problem before are not working now. Have checked that the PHP handler code in .htaccess corresponds to the PHP version installed. It is. This was the problem before. Have tried one of the steps offered previously to delete the AutoRestore file in phpMyAdmin hoping that would restore my site.
4. Login to PhpMyAdmin.
5. Do a search in this WordPress Database Table: xx_options for this BPS Pro AutoRestore option setting name: bulletproof_security_options_ARCM.
6. Delete the bulletproof_security_options_ARCM database option setting. AutoRestore will now be turned Off.No luck. Contacted tech support on my server BlueHost and they have yet been able to restore my site. Previously it was done by replacing the core files and restoring. No luck this time. 🙁
AITpro AdminKeymasterSounds like your web host did some server changes/updates/upgrades. If files are being downloaded instead of being processed then yes the problem is that your php/php.ini handler code in your root htaccess file is either incorrect or no longer used anymore by your particular web host. You may also be having a couple of different problems on your website. ie php/php.ini handler htaccess code is incorrect and WP Core files were quarantined due to a forced WordPress update by BlueHost.
BlueHost still appears to use php/php.ini handler htaccess code > https://my.bluehost.com/hosting/help/htaccess-php-handlers
Do these steps below:
1. Use FTP or your web host control panel file manager and rename the /bulletproof-security/ plugin folder to /_bulletproof-security/.
2. Login to your web host control panel and check the PHP version that your website is currently using.
3. Edit your Root htaccess file and add the correct php/php.ini handler htaccess code for your PHP version. Delete any other php/php.ini handler htaccess code that you find in your Root htaccess file.
4. See if you can now login to your website go to the WordPress Plugins page and click the Must-Use link at the top of the Plugins page. If AutoRestore is turned Off you will see – “AutoRestore is turned Off” in green font under the BPS Pro MU Tools must-use plugin. If AutoRestore is not turned Off then click the “Turn Off AutoRestore” link.
5. Rename the /_bulletproof-security/ plugin folder back to /bulletproof-security/.
6. If you can login to your website then go the BPS Pro Quarantine page and check if files have been quarantined or not and let me know that in your forum reply.
7. Copy the new php/php.ini handler htaccess code that you added to your Root htaccess file to this BPS Root Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
8. Click the Save Root Custom Code button. Note: If your web host has ModSecurity CRS installed and you are unable to save your Custom Code then click the Encrypt Custom Code button first and then click the Save Root Custom Code button.AbZu2ParticipantWhen I contacted BlueHost one of the first comments I made was to confirm that the PHP version matched the PHP handler info in my .htaccess file. They said it did but I decided to check for myself and found out that it does not.
The entry in .htaccess is:
# CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE # Use PHP7.0 as default AddHandler application/x-httpd-ea-php70 .php AddHandler application/php-70 .php
Checking in phpMyAdmin the version is 7.2.7 Seems the PHP was updated without my request
So, my question is, can I simply edit the current handler code in .htaccess without going through the suggested steps 1-6
to:# Use PHP7.2.7 as default AddHandler application/x-httpd-ea-php7.2.7 .php AddHandler application/php-7.2.7 .php
I notice that the handler info from the link you provided for BlueHost differs slightly from the current handler syntax:
# Use PHP7 as default AddHandler application/x-httpd-php70 .php
vs the current:
AddHandler application/x-httpd-ea-php70 .php
which is correct ¿?
As mentioned I deleted the bulletproof_security_options_ARCM file and therefore assume that I do not have AutoRestore activated. Will activate it once i get back into my WP admin page.
I assume this is the folder you are referring to in step 1 https://prnt.sc/oyrpco
Thnaks for your kind reply
AITpro AdminKeymasterI’m not sure if the BlueHost php handler help page has been updated recently. So do these steps below, which will automatically add the correct BlueHost php handler htaccess code for your PHP version at the very top of your Root htaccess file.
If you are currently unable to login to your website then use your web host control panel file manager and delete your Root htaccess file. When you change your PHP version in your web host control panel I am pretty sure a new Root htaccess file will be created with your new php handler htaccess code in it.
1. Go to the BPS Pro > B-Core > htaccess File Editor tab page > Click the Unlock htaccess File button.
2. Login to your web host control panel and do the BlueHost steps below for changing your PHP version.- Locate the Software section, then click on the MultiPHP Manager icon.
Note: Legacy users will need to locate the Programming section, then click on the PHP Config icon. - Select the version of PHP you would like to use; 7.0, 7.1, 7.2, or 7.3.
Note: Legacy accounts support PHP versions 7.0 through 7.3. - Click Save Changes or Apply to finish the update
3. In the BlueHost steps above change your PHP version to 7.0 first and then change it to 7.2.7 to automatically generate new PHP 7.2.7 php handler htaccess code at the very top of your Root htaccess file.
4. Go to the htaccess File Editor tab page > click the Your Current Root htacces File tab > copy the BlueHost php handler htaccess code at the top of your Root htaccess file into this BPS Root Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
5. Click the Save Root Custom Code button. Note: If your web host has ModSecurity CRS installed and you are unable to save your Custom Code then click the Encrypt Custom Code button first and then click the Save Root Custom Code button.
6. Go to the BPS Pro Setup Wizard page and run the Pre-Installation Wizard and the Setup Wizard.AbZu2ParticipantDecided to try reverting my PHP version to 7.0 so it would match my PHP handler info in .htaccess. It worked and at least my site loads and I can access my admin page and BPS options. When I loaded my admin page I had a series of BPS related alerts: https://prnt.sc/oytyyk
Question: If I simply ran the setup wizards disregarding the mentioned alerts would I be up and running or create some unwanted scenarios ? TIA
AITpro AdminKeymasterYou need to add your php handler htaccess code in BPS Root Custom Code and then you can run the Setup Wizard.
4. Go to the htaccess File Editor tab page > click the Your Current Root htacces File tab > copy the BlueHost php handler htaccess code at the top of your Root htaccess file into this BPS Root Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
5. Click the Save Root Custom Code button. Note: If your web host has ModSecurity CRS installed and you are unable to save your Custom Code then click the Encrypt Custom Code button first and then click the Save Root Custom Code button.
6. Go to the BPS Pro Setup Wizard page and run the Pre-Installation Wizard and the Setup Wizard.AbZu2ParticipantMy current CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:
# Use PHP7.0 as default AddHandler application/x-httpd-ea-php70 .php AddHandler application/php-70 .php # BEGIN WEBSITE SPEED BOOST # Time cheat sheet in seconds # A86400 = 1 day # A172800 = 2 days # A2419200 = 1 month # A4838400 = 2 months # A29030400 = 1 year # Test which ETag setting works best on your Host/Server/Website # with Firefox Firebug, Firephp and Yslow benchmark tests. # Create the ETag (entity tag) response header field # This is probably not the optimum choice to use. #FileETag MTime Size # Remove the ETag (entity tag) response header field # This is most likely the optimum choice to use. Header unset ETag FileETag none <IfModule mod_expires.c> ExpiresActive on # ExpiresByType overrides the ExpiresDefault... # cache expiration time of 2 days|A172800. ExpiresDefault A172800 ExpiresByType image/jpg A4838400 ExpiresByType image/jpeg A4838400 ExpiresByType image/gif A4838400 ExpiresByType image/png A4838400 ExpiresByType image/bmp A4838400 ExpiresByType image/x-icon A4838400 ExpiresByType image/svg+xml A4838400 ExpiresByType text/javascript A4838400 ExpiresByType text/x-javascript A4838400 ExpiresByType text/css A4838400 ExpiresByType text/html A4838400 ExpiresByType application/x-font-ttf A4838400 ExpiresByType application/x-font-woff A4838400 ExpiresByType font/opentype A4838400 ExpiresByType application/x-shockwave-flash A4838400 ExpiresByType application/x-javascript A4838400 ExpiresByType application/javascript A4838400 ExpiresByType video/mp4 A4838400 ExpiresByType video/ogg A4838400 ExpiresByType video/webm A4838400 </IfModule> <IfModule mod_headers.c> <FilesMatch "\.(js|css|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|gif|jpg|jpeg|png|swf|webm)$"> Header append Cache-Control "public" </FilesMatch> <FilesMatch "\.(txt|html)$"> Header append Cache-Control "proxy-revalidate" </FilesMatch> <FilesMatch "\.(php|cgi|pl|htm|xml)$"> Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform" Header set Pragma "no-cache" </FilesMatch> </IfModule> <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css text/javascript AddOutputFilterByType DEFLATE application/javascript application/x-javascript AddOutputFilterByType DEFLATE application/x-httpd-php application/x-httpd-fastphp AddOutputFilterByType DEFLATE application/xml application/xhtml+xml application/xml-dtd AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml AddOutputFilterByType DEFLATE font/otf font/opentype application/font-otf application/x-font-otf AddOutputFilterByType DEFLATE font/ttf font/truetype application/font-ttf application/x-font-ttf AddOutputFilterByType DEFLATE image/svg+xml # Drop problematic browsers BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html # Make sure proxies don't deliver the wrong content Header append Vary User-Agent env=!dont-vary </IfModule> # END WEBSITE SPEED BOOST
Q. Do I replace the above contents with my current BlueHost php handler htaccess code or append it somewhere. TIA
AITpro AdminKeymasterUse your new php handler htaccess code ONLY.
AbZu2ParticipantSaving the root custom code was not possible >>
Not Acceptable!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.> click the Encrypt Custom Code button first and then click the Save Root Custom Code button.
Fail to see the Encrypt Custom Code option. Where is it located ¿?
AITpro AdminKeymasterYep, very common ModSecurity CRS problem. ModSecurity CRS causes dozens of problems for BPS Pro and 1000’s of problems for 1,000’s of other Plugins and Themes. The good news is we spent the past two weeks ModSecurity Proofing BPS and BPS Pro > https://forum.ait-pro.com/forums/topic/xampp-mod-security-setup-owasp-modsecurity-core-rule-set-setup/#post-37778. We just released BPS Pro 14.1 recently > https://www.ait-pro.com/aitpro-blog/5567/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-14-1/. If you do not see a BPS Pro upgrade notice on the WordPress Plugins page then use the manual BPS Pro upgrade steps > https://forum.ait-pro.com/forums/topic/bulletproof-security-pro-bps-pro-upgrade-installation-methods/. There are still many other less critical things that ModSecurity CRS breaks in BPS and BPS Pro that we will complete in BPS 3.7 and BPS Pro 14.2.
AbZu2ParticipantI have the BlueHost php handler info added to the BPS Root Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
Unable to save it for the mentioned reason. I assume that the encryption option is included in the new BPS Pro version 14.1 Is it safe to update BPS with my current unsaved situation ?
AITpro AdminKeymasterYes, BPS Pro 14.1 is ModSecurity Proofed and includes Encryption and Decryption to evade/bypass ModSecurity CRS. Yes, you need to upgrade to BPS Pro 14.1 in order to be able to save your Custom Code. BPS Pro upgrades are always safe to do no matter what state your website is in.
AbZu2ParticipantI have the activation key I used last time to download the zip file from the BPS download area It’s not being accepted. What do I need to do to obtain a valid request key?
Ahh. Managed to get the update to show in my plug ins folder by performing a forced manual upgrade check. All good.
AITpro AdminKeymasterBPS Pro Download-Request Keys are used to Download BPS Pro and to Request BPS Pro Activation Keys. BPS Pro Activation Keys are used to Activate BPS Pro on a website.
AbZu2ParticipantSetup wizards ran without a glitch. Thanks for the help. All seems well.
- Locate the Software section, then click on the MultiPHP Manager icon.
-
AuthorPosts
- You must be logged in to reply to this topic.