Random General Questions

[AITpro Admin]

There are some general known issues/things about using SSL. The most important one is that SSL/HTTPS does not perform as well as HTTP. I believe the performance difference is fairly insignificant. Personally I do not feel it is necessary to encrypt an entire website. What I do feel is useful and important is to encrypt things that deal with “shops, carts, transactions and things of that nature that deal sensitive data should be encrypted”. The most important benefit is that that then end user will have more faith and trust that their data is encrypted/secured/safe.

[Hannah]

Thank you. With the movement on for encrypting the web and continuing brute force activity on many of the sites I manage, I wanted your expert opinion on this so I can advise my clients appropriately.

[AITpro Admin]

https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks

I do not believe SSL/HTTPS would make any difference with Brute Force Attacks.  BPS Pro JTC Anti-Spam|Anti-Hacker on the other hand is 100% effective at stopping all automated Brute Force Login attacks.  A CAPTCHA and spambot approach to Brute Force Login protection are the optimum methods for stopping Brute Force Attacks.

[Hannah]

Hi there. I am still trying to resolve this issue with newnapawineclub.com not responding to mobile devices. I’ve been working with the developer on this, and as of our last communication they said something is blocking access to the mobile stylesheets. I checked the security log after they told me this, and found several entries similar to this one. IP is my own, but the error is generated from other IPs as well. :

[403 GET Request: January 28, 2016 - 12:45 pm]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 68.186.108.49
Host Name: 68-186-108-49.dhcp.knwc.wa.charter.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://newnapawineclub.com/
REQUEST_URI: /wp-content/themes/agritourismo-theme/css/responsive/phonehorizontal.css?Thu%20Jan%2028%202016%2012:45:22%20GMT-0800%20(PST)
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1

I tried to whitelist the mobile stylesheets indicated by the security log entries, but apparently it would only accept scripts and not css? There are no other security plugins on the site that could be interfering with this. WP Touch is not installed, the theme is responsive on its own and only stopped responding after installing BPS Pro. The files are not being quarantined or anything, and I just re-ran the Pre-Flight and Setup Wizards and didn’t see anything unusual (but what do I know?). I expect BPS Pro to block direct access to the stylesheets (and one does get a 403 error when trying to navigate to one directly in a browser), but I’m not sure what to do about allowing them to be accessed when someone visits the site on a mobile device. Thanks again for your help with this one.

[AITpro Admin]

The parenthesis are triggering this security filter:  #RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]

1. Copy this modified code below to this BPS Root Custom Code text box:  CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
2. Click the Save Root Custom Code button.
3. Go to the BPS Setup Wizard page and run the Setup Wizards.

# BEGIN BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker. 
# Use BPS Custom Code to add or remove user agents temporarily or permanently from the 
# User Agent filters directly below or to modify/edit/change any of the other security code rules below.
RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] 
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
#RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE BPS QUERY STRING EXPLOITS

[Hannah]

You beauty!!! You are a genius. This quick and easy fix worked immediately – Thank you so much!

Hannah

[Krzysztof]

[Topic has been moved to this Topic]
Hello!

Today for the first time I had to use Wordfence to defend myself – after more than 3 years BPS Pro was not enough – I mean BPS Pro did the trick, there was no breach, the site was safe as usual, but the amount of traffic was getting to big and I had to use some sort of a tool to cut of bots trying to log in as the server was starting to “feel it”. I have received frequent logs on my email which meant that 500kb of log is full and a quick look showed that it was only a brute force on the login page.

Wordfence has a nice feature that it blocks a IP/user who posts wrong user name in the login field which did the trick. The bad IP’s are blocked for 10 days (I could set it up for even longer/less) and now the site is in it’s normal condition.

Maybe we could have something similar to the Wordfence solution? The tools in BPS Pro work OK but at some point without cutting off the traffic there is no chance in surviving.

[AITpro Admin]

@ Krzysztof – Hmm yeah we have looked at adding something like that and it does not really work any better than what BPS Pro is already doing, but thanks for the suggestion.  Our sites sometimes are attacked at a rate of 1,000 login attempts per second and there is no noticeable website or server performance drain on any of our sites while the attack is occurring.  BPS Pro simply just handles any size of attack whether it is gigantic or barely anything.

[TJ]

[Topic has been moved to this general questions Topic]
I finished my website locally on Mamp using the free layers theme from Obox and in readiness of uploading it to my webhost, installed bulletproof security. Tried to edit layout on a page (either by clicking customize on the top left or via the dashboard) and it kept loading a ‘no posts found’ page instead of the editor. Tried clicking customize-same issue as above. I deactivated and uninstalled the bulletproof plugin and reinstalled WP but the problem persists. Same issue with starting a new page and trying to edit that. I’ve gone through all your troubleshooting and deactivated all the other plugins that weren’t being used and it’s still showing the ‘no posts’ page when I click customize. Layers and layers updater are the latest version (updated as of 28 Feb, 2016.

Please help.
Cheers

[AITpro Admin]

@ TJ – Choose the BPS free plugin complete uninstallation option to completely remove/delete BPS and to completely eliminate that BPS is causing this issue/problem.

Uninstall Options
1. An Uninstall Options link is located on the WordPress Plugins page under the BulletProof Security plugin.
2. Clicking the Uninstall Options link loads a jQuery UI Dialog Form with 2 BPS plugin uninstall options.
3. If you are upgrading to BPS Pro, select the BPS Pro Upgrade Uninstall option and click the Save Option button or just click the Close button below and do a normal plugin uninstall.
4. If you want to completely delete the BPS plugin, all files, Custom Code and BPS database settings, select the Complete BPS Plugin Uninstall option and click the Save Option button.

[AITpro Admin]

@ TJ – The issue/problem could be that your Apache server httpd.conf file needs to be configured so that it allows processing of .htaccess files.  See this StackOverflow topic for what to check and the solution:   http://stackoverflow.com/questions/4675429/getting-wordpress-permalinks-working-on-a-mamp-install

[jenni101]

[Topic has been moved to this Topic]
Hi,
Not sure where this problem comes in, but the setup wizard didn’t resolve it!
Problem: blank pages (but header shows) on only SOME pages after recent updates and then a backup directory and db

Details: Before i restored it I had updated lots of plugins (individually) including BPS Pro on 21/03/16, and all initially seemed fine, even Buddy press. Then I found some pages weren’t working – just a header showing, but no page content or footer. After some trial and error i couldn’t find how to fix it, so decided to restore back to my full backup of 18-03-16 (back up done via my cPanel wizard and downloaded to local pc). But the same problem remained….

Since March 21st my hosting support team have tried to restore it using my backups and recently their ones done via the server, but the same problem remains – some pages are just blank! So their latest restore was from a home directory of 18-03-16 and a db of 19-03-16.

eg of blank pages: hub central; contact; photo skills > ISO; etc. while other pages are fine eg: home; membership; knowledge base etc

The only issue i can see is a recurrent php error since restore of backups:

[24-Mar-2016 01:31:26 UTC] PHP Fatal error:  Call to undefined function vc_shortcode_custom_css_has_property() in /home/mysite/public_html/wp-content/themes/kleo/vc_templates/vc_column_inner.php on line 42

I’ve also resaved permalinks, kept ARQ set to OFF so it doesn’t quarantine files, and run the pre-setup wizard and set-up wizard with nothing showing as a problem.

If you have any chance of looking at this on my site I’d really appreciate it as my hosting support team and I are at a bit of a loss as to how to fix it, and as it looks like whatever backup I try to restore it with is likely to cause the same problem.

Could the php error be the cause? as Visual composer works on some pages fine… but would account for others being blank too. f so, does it need to be fixed via the Visual composer plugin or is it a problem on my site?

Many thanks – trying not to panic too much as it’s been down now for 3 days… j

PS: I’ve taken the liberty of adding you in as an admin user and will email you the login details separately just in case you’re able to take a look at it for me…

[AITpro Admin]

@ jenni101 – The problem does not sound like it is related to or caused by BPS Pro.  To completely eliminate BPS Pro use the BPS Pro troubleshooting steps:  http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting and turn off or deactivate all BPS Pro features.  To do standard WordPress and plugin troubleshooting do things like:  reinstall WordPress, deactivate all plugins, switch your Theme, etc.  We are no longer allowed to login to sites to fix problems that are not directly related to BPS Pro, but we are allowed to login to verify that BPS Pro is not causing the problem.  So at least I can have someone do that for you.  I have scheduled someone to login to your site tomorrow morning at 8am PST time.

[jenni101]

Thanks – much appreciated and totally understand your position.

I realise that asking you to check my site is way beyond what is acceptable – but I’m on the verge of panic mode as I’ve been trying to restore my backup for 3 days now with the help of our hosting support team AND trying to move house – with the prospect of our internet being off for a few days soon… aghhhhh! But totally my fault for thinking I could ‘just’ sort out the updates before we moved… A lesson learned.

I’ve also rechecked the BPS Pro trouble shooting steps by deactivating bits of BPS Pro – but no better 🙁 So I’ve turned everything on again and left the front end of the site in MM via our theme options.

And whenever I load one of the broken pages the same php error is registered – which presumably is a good pointer as to what the problem is? But if I uploaded my backup home directory and db (via cPanel wizard) then I don’t understand why it’s showing these errors, as it wasn’t doing so before and the site was working fine? So totally stumped!

I look forward to your comments. Thanks j

[BCW]

[Topic has been moved to this Topic]
I only seem to have 4 existing codes in my .htaccess file, but can’t figure out where to put them…Can I just put this whole file into the top custom code box? My current wp-admin.htaccess file looks the same as wpadmin-secure.access files. Do I need to do anything with them?

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.2.16]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL
# BEGIN W3TC Browser Cache
<IfModule mod_deflate.c>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json
<IfModule mod_mime.c>
# DEFLATE by extension
AddOutputFilter DEFLATE js css htm html xml
</IfModule>
</IfModule>
# END W3TC Browser Cache
# BEGIN W3TC Page Cache core
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* - [E=W3TC_ENC:_gzip]
RewriteCond %{HTTP_COOKIE} w3tc_preview [NC]
RewriteRule .* - [E=W3TC_PREVIEW:_preview]
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} =""
RewriteCond %{REQUEST_URI} \/$
RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle) [NC]
RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" -f
RewriteRule .* "/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" [L]
</IfModule>
# END W3TC Page Cache core
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
#BEGIN GZIP COMPRESSION BY THEMIFY BUILDER
<IfModule mod_deflate.c>
#add content typing
AddType application/x-gzip .gz .tgz
AddEncoding x-gzip .gz .tgz
# Insert filters
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE image/svg+xml
# Drop problematic browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>
# END GZIP COMPRESSION
## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 week"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/html "access plus 1 minute"
ExpiresByType text/plain "access plus 1 month"
ExpiresByType text/x-component "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/javascript "access plus 1 months"
ExpiresByType application/x-javascript "access plus 1 months"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType application/ld+json "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType text/xml "access plus 0 seconds"
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType video/webm "access plus 1 month"
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/font-woff "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
ExpiresByType application/x-font-ttf "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
</IfModule>
#Alternative caching using Apaches "mod_headers", if its installed.
#Caching of common files - ENABLED
<IfModule mod_headers.c>
<FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|ico|txt|html|htm)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(js|css|xml|gz)$">
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
# Set Keep Alive Header
<IfModule mod_headers.c>
Header set Connection keep-alive
</IfModule>
# If your server don`t support ETags deactivate with "None" (and remove header)
<IfModule mod_expires.c>
<IfModule mod_headers.c>
Header unset ETag
</IfModule>
FileETag None
</IfModule>
## EXPIRES CACHING ##
#END GZIP COMPRESSION BY THEMIFY BUILDER

[Author]

Posts