Stats plugin – admin @ 2x.php file, @2x images, Retina, Responsive

[AITpro Admin]

UPDATE: The solution is here: http://forum.ait-pro.com/forums/topic/problem-maybe-with-displaying-stats-in-admin-bar/page/3/#post-26494

Yes, you can ignore them since Retina images display fine.  We barely ever look at our Security Log files on all of our websites because each day there are 1,000’s of blocked attacks logged every single day and it would be a full-time job to look at Security Log entries.  Realistically the only time you need to look at your Security Log is when you are troubleshooting something specifically, otherwise do not waste your time checking the Security Log since BPS is already handling everything (blocking hackers, spammers, miners, scrapers, etc etc etc).  Security Logging and Security Log file handling is completely automated.  When your Security Log reaches the maximum size setting you have chosen then it is automatically zipped, emailed to you and replaced with a new blank Security Log file.

If you have Security Log Alerts set to display in your Dashboard on the S-Monitor page then turn them off or they will drive you crazy.  If you are troubleshooting something then you can turn Security Log Alerts back on temporarily and then turn them off again.

[impart]

Ok, thank you! Great support as always

[impart]

Hi, please have a look at the last few posts again. I was right, sadly. The delivery of retina pictures does not work. The reason why this worked with the logo of the website is because this is handled through the theme and there is only an @2x version. You should have received an @2x@2x version. But nevermind about the logo, as you said this is working but now I tried it with a regular picture while developing and this clearly does not work, it is again logged in the security log and the @2x version is not delivered to retina screens.

[403 GET|HEAD Request: 18. November 2015 - 18:22]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 178.xxx.xxx.xx
Host Name: hosted-by.leaseweb.com
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 178.xxx.xxx.xx
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://impure-art.com/de/256789765-2/
REQUEST_URI: /wp-content/uploads/2015/11/FAQ_2560px@2x.jpg
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Android 5.0.2; Tablet; rv:42.0) Gecko/42.0 Firefox/42.0

[AITpro Admin]

UPDATE: The solution is here: http://forum.ait-pro.com/forums/topic/problem-maybe-with-displaying-stats-in-admin-bar/page/3/#post-26494

When you say it does not work have you literally and physically checked if it is working or not?  You cannot go by the Security Log entry because typically what is occurring is several different things and one of those things is blocked, but NOT image retrieval/display.  Example:  Let’s say you have a plugin or something else installed that is doing 5 different things related to displaying retina images and 1 of those thing violates a security rule and is actually dangerous and should be blocked.  That 1 thing will be blocked (unless you whitelist/allow whatever that is), but the 4 other things and most importantly image retrieval/display would not be blocked.  So the question is are the images being displayed correctly for your retina device?  And of course since the BPS Security Log logs all 403 errors whether or not BPS is blocking something then it is possible that a security measure installed on your host server is blocking something and BPS is just logging that.

[impart]

Of course I checked this ;). The image displayed on the retina screen should be FAQ_2560@2x.jpg, but it is FAQ_2560px.jpg

The only thing related to retina images is WPRetina2x with retina.js enabled which does the following :
“The Retina JS method is the 100% JS solution. The HTML loads the normal images, then if a retina device is detected, the retina images will be loaded. Images will be loaded twice, then will be as many requests as there are images (to check if the retina files exist). It’s not the best for performance but it’s not terrible neither. This method is used by many major websites on Internet such as Apple.”

[AITpro Admin]

UPDATE: The solution is here: http://forum.ait-pro.com/forums/topic/problem-maybe-with-displaying-stats-in-admin-bar/page/3/#post-26494

Ok so what you need to do now is some BPS troubleshooting steps to determine if BPS is blocking this and if so which BPS security feature that is.  Do each troubleshooting step and then test after doing each step to isolate exactly what is causing the block.
http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

[impart]

aha 🙁 to be honest I cannot link 99% of these cases to mine, so should I just do the htaccess thing which means completely put standard htaccess back and then look step by step if it works?

[AITpro Admin]

UPDATE: The solution is here: http://forum.ait-pro.com/forums/topic/problem-maybe-with-displaying-stats-in-admin-bar/page/3/#post-26494

I have no idea if this particular problem is related to something specific on your site (plugin, server config, Proxy, custom htaccess code) or if the block is occurring because of how your device is trying to get 2x images.  There is not enough information yet to determine anything.  You would need to do all of the BPS troubleshooting steps as a starting point.  Doing the troubleshooting steps will begin the process of getting information about the problem to determine what the problem is.

[impart]

I did only deactivate root folder bulletproof mode and this did the trick, @2x file delivered without any issue. The only custom code I have in there is from you and W3TC. What now?

[AITpro Admin]

UPDATE: The solution is here: http://forum.ait-pro.com/forums/topic/problem-maybe-with-displaying-stats-in-admin-bar/page/3/#post-26494

Ok great.  Now you need to eliminate any/all BPS Bonus Custom Code.  The first thing that I see is that your SERVER_PROTOCOL is using HTTP/1.0 which is fairly common issue with older Proxy servers config/code, which need to be updated to HTTP/1.1.  If you are using the Bonus Custom Code in this forum topic: http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/ that blocks Server Protocol HTTP/1.0 then delete that Bonus Custom Code and do all of the Custom Code steps and test again.  If that code is not the problem then use the Custom Code Export tool and export all of your Custom Code and then click the Delete button to delete all of your Custom Code.  You will probably see errors about W3TC caching code not being found.  Go ahead and deactivate the W3TC plugin  and do all of the Custom Code steps and test again.  At this point you will be using only the standard BPS root htaccess code and not any W3TC htaccess code.  Let me know if the problem is occurring or not.

[impart]

my mobile provider also is listed as HTTP/1.0… The other server I use is a VPN service but there is no code that blocks these requests, the custom code from you is which we did for easy social share buttons. going on…. give feedback
[BPS root htaccess code deleted]

[AITpro Admin]

Let me know what the testing results are when you have completed all the steps in my previous reply.

[impart]

removing W3TC code and your custom code didn’t help anything. if deactivating root folder bulletproof again works flawless, so it is reproducable

[AITpro Admin]

UPDATE: The solution is here: http://forum.ait-pro.com/forums/topic/problem-maybe-with-displaying-stats-in-admin-bar/page/3/#post-26494

Ok now eliminate that a security filter in the BPS Query String Exploits code is causing the problem by doing these steps below and test.

1. Copy the modified BPS Query String Exploits code below to this BPS Root Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker.
# Use BPS Custom Code to add or remove user agents temporarily or permanently from the
# User Agent filters directly below or to modify/edit/change any of the other security code rules below.
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE BPS QUERY STRING EXPLOITS

[impart]

does not work

[Author]

Posts