Home › Forums › BulletProof Security Free › Prayer Engine Plugin
Tagged: Prayer Engine Plugin
- This topic has 1 reply, 2 voices, and was last updated 11 years, 2 months ago by AITpro Admin.
-
AuthorPosts
-
jenaParticipant
I am getting this security log again.
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - October 2, 2013 - 4:47 am <<<<<<<<<<< REMOTE_ADDR: 103.3.206.133 Host Name: 103.3.206.133 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http: //findhopetoday.com/prayer-requests/ REQUEST_URI: /wp-content/plugins/prayerengine_plugin/includes/updateprayer.php QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Firefox/24.0
I have whitelisted under “CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES: Add personal plugin/theme skip/bypass rules here” like this
# Plugin script skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/prayerengine_plugin/includes/updateprayer\.php [NC] RewriteRule . - [S=19]
And under TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE like this
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE # Use BPS Custom Code to modify/edit/change this code and to save it permanently. # Remote File Inclusion (RFI) security rules # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F] # # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php) RewriteCond %{REQUEST_URI} (ajaxlinks\.php|updateprayer\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).* RewriteCond %{HTTP_REFERER} ^.*missionwebs.org.* RewriteRule . - [S=1]
So what else needs to done for this?
AITpro AdminKeymasterUPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.
Change the skip/bypass rule to this correct skip/bypass rule for the entire plugin folder and NOT just the up updateprayer.php file. That type of skip/bypass rule is used for Theme timthumb skip/bypass rules.
# Plugin script skip/bypass rule RewriteCond %{REQUEST_URI} ^/wp-content/plugins/prayerengine_plugin/ [NC] RewriteRule . - [S=19]
-
AuthorPosts
- You must be logged in to reply to this topic.