Random General Questions

Home Forums BulletProof Security Pro Random General Questions

Viewing 15 posts - 316 through 330 (of 349 total)
  • Author
    Posts
  • #30475
    Steve
    Participant

    [Topic has been merged into this general Topic]
    I am Not sure this post applies here but i keep getting the same error resulting in the htaccess file not being written to correctly.

    There was a line “WORDPRESS WILL BREAK” that was missing the ## in front of it.
    It was commented out and now it loads.

    This now has to be reactivated….wp-admin Folder BulletProof Mode
    this has happened in 5 of my other sites. What can be done from this breaking my respective site/s?

    #30477
    AITpro Admin
    Keymaster

    @ Steve – I do not understand the issue/problem.  There is more code/text that is missing than the snippet of help text from the wp-admin htaccess file that you posted above.  The wp-admin htaccess file has this help text below at the top/start of the wp-admin htaccess file Query String Exploits code.  So to try and make some sense of your question do these things:  1. post your wp-admin htaccess file code so I can take a look at it.  2. Explain in specific detail what you were doing at the time the problem occurred.  3. Have you added any custom htaccess code to BPS wp-admin Custom Code and specifically in this wp-admin Custom Code text box:  CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS

    # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    ...
    ...
    ...
    # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    #30478
    Steve
    Participant

    see pic…….  http://screencast.com/t/ztksZ2R56txm
    this happens when i do a backup……….there are no hashmarks………..thus causing a 500 error. once i place the hashmark in Front of………..”OR WORDPRESS WILL BREAK”………..
    http://screencast.com/t/q9POpauNCpX7
    i gain access 2 my site.
    This happens when i do a BU of my site. How does 1 prevent this error from occurring? Note; I’m Not a code writer but have been doing this for over 12+ years. This stuff Should Not be happening.

    #30479
    AITpro Admin
    Keymaster

    @ Steve – Ok I see the problem. So now to figure what is causing the problem.

    The top of your wp-admin htacces file is this code and text:

    <Files *>
    order deny,allow
    deny from all
    allow from 98.253.67.84
    </Files>
    OR WORDPRESS WILL BREAK
    # RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
    # RewriteRule . /index.php [L] will break WordPress

    That code is not BPS htaccess code and somehow the help text that should be there is mostly gone except for the one snippet of help text that is no longer commented out because all the rest of the BPS code and help text that should be there is not there: “OR WORDPRESS WILL BREAK”

    This is what should be at the top of your BPS wp-admin htaccess file:

    # BULLETPROOF PRO 12.2 WP-ADMIN SECURE .HTACCESS
    
    # DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
    # RewriteRule ^(.*)$ - [F] works in /wp-admin without breaking WordPress
    # RewriteRule . /index.php [L] will break WordPress

    So it appears that you are using custom htaccess code in your wp-admin htaccess file. Did you add that code that is not BPS standard htaccess code? If not, do you have any plugins installed that would do something like that? I find it hard to believe that doing a backup would add non-BPS code in the wp-admin htaccess file and also strip out/delete existing BPS htaccess code.

    #30480
    AITpro Admin
    Keymaster

    @ Steve – If you would like for me to login to your website to figure out what is breaking everything then send a WordPress Administrator login to:  info at ait-pro dot com.  Please include the URL to your website.

    #30481
    AITpro Admin
    Keymaster

    @ Steve – Ok so actually what it looks like is something is overwriting existing code/text in the wp-admin file.  That coding mistake would happen by not using “append” when writing to a file.  ie instead of that non-BPS code being written above all existing file contents or after/below all file contents it is instead overwriting existing file contents starting from the top of the wp-admin htaccess file.  So maybe your backup plugin is inserting that code in the wp-admin htaccess file afterall. What is the name of the backup plugin that you are using?

    #30628
    Jan
    Participant

    [Topic has been merged into this general forum Topic]
    BPS is blocking wpremote on my sites.  I found this information, https://wordpress.org/support/topic/heads-up-need-confirmation-on-this-whitelist-skipbypass-code, but since it’s so old, I wondered if it still applies?  There is no .js file to add to whitelist for his plugin.

    If that doesn’t apply, what does work?

    Thanks.
    Jan

    #30630
    AITpro Admin
    Keymaster

    @ Jan – That forum topic had to do with an old problem that was fixed 3+ years ago.  BPS does not block the WP Remote plugin.  To completely eliminate that BPS Pro is causing this problem do the BPS Pro troubleshooting steps:   http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting  Note:  If you had added any additional custom htaccess code or Bonus Custom Code then that code could be causing the problem.  If you do step #1 and WP Remote is no longer blocked then check BPS Custom Code for any custom htaccess code that is causing the problem.

    #30679
    jenni101
    Participant

    @ ait-pro – thought you should know that recently your forum hasn’t been sending out email notifications on forum updates even when the ’email me notification’ box is ticked. Proably hasn’t worked for me for the last month I’d guess.

    #30680
    AITpro Admin
    Keymaster

    @ jenni101 – There are 2 main issues/problems that occur with automated emails.  Automated emails in general are becoming less reliable each year due to anti-spam measures used on host mail servers that block or reject automated emails as spam and bbPress/BuddyPress randomly does not to send emails for some reason. This year the percentage of automated emails that are rejected/blocked by anti-spam measures is around 35%.  Last year it was 30%.  The year before that was 25%.  So logically if this problem continues to get worse then next year 40% of automated emails will be rejected/blocked as spam and the year after that 45%….

    Last year we decided to create an email-less automated BPS Pro purchase system and email-less BPS Pro Get Activation Key tools because we were spending a lot of time handling failed automated BPS Pro purchase and Activation Key emails.  Now when someone purchases BPS Pro, a user account is automatically created for them and they can login, get their Download-Request Key without having to rely on getting an email, which was failing (being rejected/blocked by host mail server anti-spam measures) 30% of the time.  If BPS Pro Activation Key emials are being blocked/rejected then someone can get their Activation Keys in the BPS Pro Download area on the ait-pro.com site.  We were spending 2 hours per day dealing with blocked/rejected automated emails.  Since implementing an automated email-less BPS Pro purchase system and Activation Key system we have had 0 problems after 1 year and are no longer wasting time on handling rejected/blocked email issues/problems.  Unfortunately, automated emails are no longer a reliable method of communication these days due to host mail server anti-spam measures.

    #30683
    jenni101
    Participant

    That’s a good solution you’ve found. I just try to remember to check back in the forum regularly, but with so much other ‘stuff’ happening these days it’s easy to forget!

    PS: I did actually get an email notification for your reply this time!!!

    #30684
    jenni101
    Participant

    OK another random Q:

    I keep finding this in my security log:

    [Internal Usage: upgrader_pre_install Filter Triggered]
    [WP Automatic|Shiny Update Plugin|Theme: ARQ was turned Off: August 25, 2016 - 3:27 pm]
    [Internal Usage: upgrader_post_install Filter Triggered]
    [WP Automatic|Shiny Update Plugin|Theme: ARQ wp-content File Backup Completed: August 25, 2016 - 3:27 pm]
    [WP Automatic|Shiny Update Plugin|Theme: ARQ was turned back On: August 25, 2016 - 3:27 pm]

    which i guess is related to the new WP version…. BUT I have disabled ALL auto updates for my site so don’t understand why this is happening.

    Any ideas?

    #30685
    AITpro Admin
    Keymaster

    @ jenni101 – BPS Pro 12+ logs WP Automatic Updates and WP Shiny Updates in the Security Log.  See the links below for more detailed info.

    http://www.ait-pro.com/aitpro-blog/5265/bulletproof-security-pro/whats-new-in-bulletproof-security-pro-12/
    http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#automation

    #30707
    jenni101
    Participant

    Thanks – understand now 🙂

    #30870
    Immerse
    Participant

    I don’t understand this; I’m getting sec errors that appear to be about bps. I looked for similar posts here but found nothing relevant. I have no plugin whitelists – it’s a site I’m using to test stuff and it has been online about a couple of hours, with just a few basic plugins and a theme installed. What would be causing this? They appeared after I clicked the pro tools curl scan.

    They appeared in an earlier install on the same site but that was after I’d installed and then removed bps free. I assumed I’d cocked up and deleted the entire site and database to start afresh.

    It’s unlikely to be hosting related as I have bps pro on (from memory) 4 other sites on the same server, and I’ve never seen this on them.

    [403 GET Request: 8th September 2016 - 11:08 am]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: xxxxxxxxxxxxxxx
    Host Name: xxxxxxxxxxxxxxx
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://xxxxxxxxxxxxxxx/xxxxxxxxxx/wp-admin/admin.php?page=bulletproof-security/admin/core/core.php
    REQUEST_URI: /xxxxxxxxxxxxxxx/wp-content/plugins/bulletproof-security/admin/js/bps-ui-tabs.js?ver=12.3
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
    
    [403 GET Request: 8th September 2016 - 11:08 am]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: xxxxxxxxxxxxxxx
    Host Name: xxxxxxxxxxxxxxx
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://xxxxxxxxxxxxxxx/xxxxxxxxxx/wp-admin/admin.php?page=bulletproof-security/admin/core/core.php
    REQUEST_URI: /xxxxxxxxxxxxxxx/wp-content/plugins/bulletproof-security/admin/js/bps-ui-dialog.js?ver=12.3
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
    
    [403 GET Request: 8th September 2016 - 11:08 am]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: xxxxxxxxxxxxxxx
    Host Name: xxxxxxxxxxxxxxx
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://xxxxxxxxxxxxxxx/xxxxxxxxxx/wp-admin/admin.php?page=bulletproof-security/admin/core/core.php
    REQUEST_URI: /xxxxxxxxxxxxxxx/wp-content/plugins/bulletproof-security/admin/js/bps-ui-accordion.js?ver=12.3
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Viewing 15 posts - 316 through 330 (of 349 total)
  • You must be logged in to reply to this topic.