ZimmWriter for WordPress blocked

Home Forums BulletProof Security Pro ZimmWriter for WordPress blocked

Viewing 15 posts - 1 through 15 (of 16 total)
1 2
  • Author
    Posts
  • January 26, 2024 at 2:48 am #43449
    john
    Participant

    I am trying to run a desktop app via rest api. It keeps showing a 403 error. Is there a setting with BPS that will allow it?

    January 26, 2024 at 4:52 am #43450
    AITpro Admin
    Keymaster

    Go to the BPS Security Log page > copy the Security Log entry that shows what is being blocked > paste that Security Log entry in your forum reply.

    January 26, 2024 at 5:56 am #43451
    john
    Participant

    [total count of Security Log events deleted]

    Please open the Security Log to view Security Log events

    January 26, 2024 at 6:25 am #43452
    AITpro Admin
    Keymaster

    Go to the BPS Pro Logs|Info menu > Security Log page > click the View Log button

    January 26, 2024 at 6:33 am #43453
    john
    Participant

    It will not let me copy/paste that much here

    January 26, 2024 at 6:36 am #43454
    AITpro Admin
    Keymaster

    Just copy any Security Log events that are related to the REST API or copy the last 20 or so log entries.

    January 26, 2024 at 6:41 am #43455
    AITpro Admin
    Keymaster

    I see that you have the LiteSpeed Cache plugin installed on your site. BPS does not block the REST API unless you have added additional Bonus Custom Code. See this forum topic for more info > https://forum.ait-pro.com/forums/topic/issues-with-wordpress-rest-api-and-header-rewrite-problem/

    January 26, 2024 at 6:51 am #43456
    john
    Participant
    [403 POST Request: January 26, 2024 1:46 pm]
BPS Pro: 17.4
WP: 6.1.4
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 2603:900b:3f0:8390:ddab:4089:dc76:5228
Host Name: 2603-900b-03f0-8390-ddab-4089-dc76-5228.inf6.spectrum.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: POST
HTTP_REFERER:
REQUEST_URI: /wp-json/wp/v2/posts
QUERY_STRING:
HTTP_USER_AGENT: ZimmWriter/cURL
REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data

[403 POST Request: January 26, 2024 1:46 pm]
BPS Pro: 17.4
WP: 6.1.4
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 2603:900b:3f0:8390:ddab:4089:dc76:5228
Host Name: 2603-900b-03f0-8390-ddab-4089-dc76-5228.inf6.spectrum.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: POST
HTTP_REFERER:
REQUEST_URI: /wp-json/wp/v2/posts
QUERY_STRING:
HTTP_USER_AGENT: ZimmWriter/cURL
REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data
    January 26, 2024 at 7:45 am #43457
    john
    Participant

    How do I allow one of these to go through?

    January 26, 2024 at 10:39 am #43460
    john
    Participant

    Should I copy this line: HTTP_USER_AGENT or REMOTE_ADDR:?

    Then add it to the whitelist box?

    January 26, 2024 at 3:41 pm #43462
    AITpro Admin
    Keymaster

    Are you using the POST Protection bonus custom code in BPS Custom code?  If so, then delete that BPS POST Protection code in BPS Custom Code.  These are POST requests that are being blocked.

    January 26, 2024 at 3:47 pm #43464
    john
    Participant

    I have no idea.

    January 26, 2024 at 3:49 pm #43466
    AITpro Admin
    Keymaster

    Send a WordPress Administrator login to your website to > info@ait-pro.com

    January 26, 2024 at 3:55 pm #43468
    john
    Participant

    sent…THANK YOU!

    January 26, 2024 at 4:31 pm #43469
    AITpro Admin
    Keymaster

    I changed the forum title so that someone else with this same problem will find it.  So yes the solution is to comment out the User Agent nuisance filter line of code and also to edit the other User Agent line of htaccess code as shown below.

    1. Copy this modified code below to this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Setup Wizard page and run the Setup Wizards.

    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS
# The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
# Good sites such as W3C use it for their W3C-LinkChecker.
# Use BPS Custom Code to add or remove user agents temporarily or permanently from the
# User Agent filters directly below or to modify/edit/change any of the other security code rules below.
#RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
  • Author
    Posts
Viewing 15 posts - 1 through 15 (of 16 total)
1 2
  • You must be logged in to reply to this topic.