Prayer Engine Plugin

Home Forums BulletProof Security Free Prayer Engine Plugin

This topic contains 1 reply, has 2 voices, and was last updated by  AITpro Admin 4 years, 8 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #10312

    jena
    Participant

    I am getting this security log again.

    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - October 2, 2013 - 4:47 am <<<<<<<<<<<
    REMOTE_ADDR: 103.3.206.133
    Host Name: 103.3.206.133
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http: //findhopetoday.com/prayer-requests/
    REQUEST_URI: /wp-content/plugins/prayerengine_plugin/includes/updateprayer.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Firefox/24.0

    I have whitelisted under “CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES: Add personal plugin/theme skip/bypass rules here” like this

    # Plugin script skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/prayerengine_plugin/includes/updateprayer\.php [NC]
    RewriteRule . - [S=19]

    And under TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE like this

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Remote File Inclusion (RFI) security rules
    # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F]
    # 
    # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
    RewriteCond %{REQUEST_URI} (ajaxlinks\.php|updateprayer\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
    RewriteCond %{HTTP_REFERER} ^.*missionwebs.org.*
    RewriteRule . - [S=1]

    So what else needs to done for this?

    #10318

    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    Change the skip/bypass rule to this correct skip/bypass rule for the entire plugin folder and NOT just the up updateprayer.php file.  That type of skip/bypass rule is used for Theme timthumb skip/bypass rules.

    # Plugin script skip/bypass rule
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/prayerengine_plugin/ [NC]
    RewriteRule . - [S=19]
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.