website migration files quarantined after Dev Server went live

Home Forums BulletProof Security Pro website migration files quarantined after Dev Server went live

This topic contains 34 replies, has 2 voices, and was last updated by  AITpro Admin 2 months, 3 weeks ago.

Viewing 5 posts - 31 through 35 (of 35 total)
  • Author
    Posts
  • #37918

    AITpro Admin
    Keymaster

    The host was looking at the server log file for server errors and not the PHP Error Log for php errors.  The BPS PHP Error Log is located on the BPS Pro > P-Security > PHP Error Log page.  The physical PHP Error Log file is here:  /wp-content/bps-backup/logs/bps_php_error.log.  Let your web host techs know that if they want to find a php error log for a website then they can check phpinfo(), which gives them the path to the php error log file for a website and all other configuration information about a particular PHP server.

    The BPS server log 403 errors are intentional.  BPS checks if ModSecurity is installed on a host server and what version of ModSecurity is installed on a host server.  ModSecurity CRS breaks numerous things in BPS and BPS Pro (and of course 1,000’s of other WordPress Plugins and Themes).  We are currently in round 2 of ModSecurity CRS Proofing BPS and BPS Pro > https://forum.ait-pro.com/forums/topic/xampp-mod-security-setup-owasp-modsecurity-core-rule-set-setup/#post-37778

    #37919

    Michael
    Participant

    Things have quieted down, thanks again.
    I’m still getting caught up after the site launch.

    Could you help me with the exact steps you did to lock down the .htaccess file so I can reproduce?

    #37920

    AITpro Admin
    Keymaster

    You don’t need to reproduce the problem.  Your web host is imposing a limitation/restriction for the root htaccess file, which is the root htaccess file permissions cannot be changed.  If you try to change the root htaccess file permissions your web host will automatically take your website down and display this error message below.  So this is not something you can change or “fix” since this is a security measure limitation/restriction that your web host is imposing.

    Forbidden
    You don’t have permission to access / on this server.
    Server unable to read htaccess file, denying access to be safe

    #37921

    Michael
    Participant

    I want to lock the .htaccess file still though, and am just a little spread thin, can you tell me the steps please?

    #37922

    AITpro Admin
    Keymaster

    If you are asking if it is possible to lock your root htaccess file on your particular web host then the answer is no because your particular web host does not allow that.  If you are asking for the steps to reproduce the problem scenario for testing then the steps are below.

    Important:  Before you do the steps below be ready to get your website back up once your web host takes your website down.

    Login to your web host control panel > open your file manager tool and navigate to your WordPress root installation folder (the folder where the root htaccess file is and your wp-config.php file is).
    Open another Browser tab > login to your website.
    Go to BPS Pro AutoRestore and turn AutoRestore Off.
    Go to the B-Core > htaccess File Editor tab page > click the Lock htaccess File button.  Your website will crash at this point.
    Go to the Browser tab that has your web host control panel opened in it and delete the root htaccess file.  Your website will come back up at this point.
    Go to the B-Core > Security Modes page and click the Root Folder BulletProof Mode Activate button.
    Go to BPS Pro AutoRestore and turn AutoRestore back On.

Viewing 5 posts - 31 through 35 (of 35 total)

You must be logged in to reply to this topic.