plugin firewall whitelist rules different on different sites

Home Forums BulletProof Security Pro plugin firewall whitelist rules different on different sites

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #19602
    jenni101
    Participant

    Hi there,

    Thought I should give some feedback to you so you can check this out….

    background: we have a root install wp site with BPS pro and a sub-folder install wp site (as an addon domain) with it’s own BPS install. The main root install site has heaps more plugins, and the addon domain has fewer but the same plugins as the main root installed site. BUT the firewall plugin whitelist does not have the same core whitelist rules for the same plugins in both.

    I’ve only looked at this recently, when 2 customer said that our CAPTCHA wasn’t working on our main site contact form. So I re-ran the pre-install and install wizard in our main site BPS, but it produced no additions for the contact whitelist rules. I then ran the cURL scan in the main site – again no additional rules. Yet when i look at our addon domain’s whitelist it has whitelist rules for the exact same contact form plugins that are in our main site.

    So our main site plugin white list has this:

    /dopwgg/libraries/gui/css/jquery.js, /dopwgg/frontend-ajax.php, /ubermenu/core/js/ubermenu.min.js, /dopwgg/libraries/js/jquery.mousewheel.js, /dopwgg/libraries/js/jquery.jscrollpane.min.js, /dopwgg/assets/js/jquery.dop.WallGridGallery.js, /dynamic-to-top/js/libs/jquery.easing.js, /dynamic-to-top/js/dynamic.to.top.min.js, /ubermenu-sticky/ubermenu.sticky.js

    And our addon domain plugin whitelist has this:

    /si-contact-form/captcha/securimage_show.php, /si-contact-form/includes/fscf-scripts.js, /si-contact-form/includes/fscf-placeholders.min.js, /mailchimp-for-wp/assets/js/placeholders.min.js

    Yet both site have the same FSC contact form and MailChimp form!

    So my concern is why did one site pick this up and the other one didn’t? (And as an aside, both site picked them up on a previous install.) And my solution has been to copy the ones from my addon domain into my main site domain whitelist rules – but surely BPS should have picked them up?

    Is this just a weird glitch, or perhaps something for review?
    Cheers.

    #19607
    AITpro Admin
    Keymaster

    Do you have BPS Pro 9.9 installed?  Is Plugin Firewall AutoPilot Mode turned On?

    #19645
    jenni101
    Participant

    Yes to both questions and I’ve just double checked on both sites. And I re-ran the setup wizards and cURL scanner after I’d updated everything on my site.

    #19646
    AITpro Admin
    Keymaster

    Ok now post a link to both sites so I can check the frontend of the sites.  If you do not want to post a link here publicly then send the links to info at ait-pro dot com.

    #19647
    jenni101
    Participant

    No probs – the sites are http://www.trevorpenfold.com and http://www.perfectplanetpublishing.co.nz. As I have already manually added in the extra whitelist rules to the trevorpenfold.com site (the ones that were missing), do you want me to remove them again before you look at them?

    #19648
    AITpro Admin
    Keymaster

    Nope I am just looking at the frontend to see if anything could be interfering with things.  Do you have Security Logging turned on on both sites?

    #19649
    jenni101
    Participant

    Yes, login security is on, on both sites.

    #19650
    AITpro Admin
    Keymaster

    Everything looks good and I don’t see anything that would interfere with the cURL scanner on this website:  http://www.trevorpenfold.com

    Remotely scanning your site with the Pro-Tools cURL Scanner tool I get these Plugin Firewall whitelist rules below.  The Pro-Tools cURL scanner code is the same code that is used in the Setup Wizard.

    /dopwgg/libraries/gui/css/jquery.js, /si-contact-form/captcha/securimage_show.php, /dopwgg/frontend-ajax.php, /ubermenu/core/js/ubermenu.min.js, /dopwgg/libraries/js/jquery.mousewheel.js, /dopwgg/libraries/js/jquery.jscrollpane.min.js, /dopwgg/assets/js/jquery.dop.WallGridGallery.js, /dynamic-to-top/js/libs/jquery.easing.js, /dynamic-to-top/js/dynamic.to.top.min.js, /ubermenu-sticky/ubermenu.sticky.js, /si-contact-form/includes/fscf-scripts.js
    #19651
    AITpro Admin
    Keymaster

    Oh and I meant to mention that I also manually checked your website’s Source Code.  There are no plugin scripts for Mailchimp that need to whitelisted.  I found some CSS scripts, but only php, js and swf scripts need to be whitelisted and not css scripts.

    #19653
    jenni101
    Participant

    Yes, that includes the ones i added in manually, copied from the whitelist in the perfectplanet site – as both sites have the same contact form (fscf) and mailChimp contact form (though i can’t now see the one for the mailChimp plugin: /mailchimp-for-wp/assets/js/placeholders.min.js).

    If you like i can remove those again from trevorpenfold site to see if you can pick them up, but running the setup wizard and the cURL scanner didn’t pick them up from within trevorpenfold site.

    #19654
    AITpro Admin
    Keymaster

    Maybe mailchimp no longer has any frontloading plugin scripts.  It doesn’t hurt to add it, but neither the cURL scanner or me manually checking your website’s Source Code found any mailchimp frontloading scripts because none exist / there are not any / mailchimp no longer has frontloading plugin scripts that need to be whitelisted.

    No that’s fine.  I just wanted to check to make sure everything is working correctly and it is.

    #19655
    AITpro Admin
    Keymaster

    Oh and yeah some host servers block the cURL Scanner in the Wizard and the Pro-Tools cURL Scanner so if you have one of those web hosts then the Plugin Firewall AutoPilot Mode will kick in and add any new Plugin Firewall whitelist rules automatically.  That was one of the primary reasons for creating AutoPilot Mode – web hosts that block cURL scans.  And if your particular host is also blocking Plugin Firewall AutoPilot Mode then that leaves someone with contacting us to scan their website remotely since our host servers do not block any of these things.  😉

    #19657
    jenni101
    Participant

    Great – thanks for that.

Viewing 13 posts - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.