Prayer Engine Plugin

Home Forums BulletProof Security Free Prayer Engine Plugin

Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • October 2, 2013 at 9:36 am #10312
    jena
    Participant

    I am getting this security log again.

    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - October 2, 2013 - 4:47 am <<<<<<<<<<<
REMOTE_ADDR: 103.3.206.133
Host Name: 103.3.206.133
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http: //findhopetoday.com/prayer-requests/
REQUEST_URI: /wp-content/plugins/prayerengine_plugin/includes/updateprayer.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Firefox/24.0

    I have whitelisted under “CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES: Add personal plugin/theme skip/bypass rules here” like this

    # Plugin script skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/prayerengine_plugin/includes/updateprayer\.php [NC]
RewriteRule . - [S=19]

    And under TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE like this

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
# 
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (ajaxlinks\.php|updateprayer\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*missionwebs.org.*
RewriteRule . - [S=1]

    So what else needs to done for this?

    October 2, 2013 at 9:47 am #10318
    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    Change the skip/bypass rule to this correct skip/bypass rule for the entire plugin folder and NOT just the up updateprayer.php file.  That type of skip/bypass rule is used for Theme timthumb skip/bypass rules.

    # Plugin script skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/prayerengine_plugin/ [NC]
RewriteRule . - [S=19]
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.