ZimmWriter for WordPress blocked

Home Forums BulletProof Security Pro ZimmWriter for WordPress blocked

  • This topic has 15 replies, 2 voices, and was last updated 1 month ago by john.
Viewing 15 posts - 1 through 15 (of 16 total)
  • Author
    Posts
  • #43449
    john
    Participant

    I am trying to run a desktop app via rest api. It keeps showing a 403 error. Is there a setting with BPS that will allow it?

    #43450
    AITpro Admin
    Keymaster

    Go to the BPS Security Log page > copy the Security Log entry that shows what is being blocked > paste that Security Log entry in your forum reply.

    #43451
    john
    Participant

    [total count of Security Log events deleted]

    Please open the Security Log to view Security Log events

    #43452
    AITpro Admin
    Keymaster

    Go to the BPS Pro Logs|Info menu > Security Log page > click the View Log button

    #43453
    john
    Participant

    It will not let me copy/paste that much here

    #43454
    AITpro Admin
    Keymaster

    Just copy any Security Log events that are related to the REST API or copy the last 20 or so log entries.

    #43455
    AITpro Admin
    Keymaster

    I see that you have the LiteSpeed Cache plugin installed on your site. BPS does not block the REST API unless you have added additional Bonus Custom Code. See this forum topic for more info > https://forum.ait-pro.com/forums/topic/issues-with-wordpress-rest-api-and-header-rewrite-problem/

    #43456
    john
    Participant
    [403 POST Request: January 26, 2024 1:46 pm]
    BPS Pro: 17.4
    WP: 6.1.4
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 2603:900b:3f0:8390:ddab:4089:dc76:5228
    Host Name: 2603-900b-03f0-8390-ddab-4089-dc76-5228.inf6.spectrum.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: POST
    HTTP_REFERER:
    REQUEST_URI: /wp-json/wp/v2/posts
    QUERY_STRING:
    HTTP_USER_AGENT: ZimmWriter/cURL
    REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data
    
    [403 POST Request: January 26, 2024 1:46 pm]
    BPS Pro: 17.4
    WP: 6.1.4
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 2603:900b:3f0:8390:ddab:4089:dc76:5228
    Host Name: 2603-900b-03f0-8390-ddab-4089-dc76-5228.inf6.spectrum.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: POST
    HTTP_REFERER:
    REQUEST_URI: /wp-json/wp/v2/posts
    QUERY_STRING:
    HTTP_USER_AGENT: ZimmWriter/cURL
    REQUEST BODY: BPS Security Log option set to: Do Not Log POST Request Body Data
    #43457
    john
    Participant

    How do I allow one of these to go through?

    #43460
    john
    Participant

    Should I copy this line: HTTP_USER_AGENT or REMOTE_ADDR:?

    Then add it to the whitelist box?

    #43462
    AITpro Admin
    Keymaster

    Are you using the POST Protection bonus custom code in BPS Custom code?  If so, then delete that BPS POST Protection code in BPS Custom Code.  These are POST requests that are being blocked.

    #43464
    john
    Participant

    I have no idea.

    #43466
    AITpro Admin
    Keymaster

    Send a WordPress Administrator login to your website to > info@ait-pro.com

    #43468
    john
    Participant

    sent…THANK YOU!

    #43469
    AITpro Admin
    Keymaster

    I changed the forum title so that someone else with this same problem will find it.  So yes the solution is to comment out the User Agent nuisance filter line of code and also to edit the other User Agent line of htaccess code as shown below.

    1. Copy this modified code below to this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Setup Wizard page and run the Setup Wizards.

    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS
    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker.
    # Use BPS Custom Code to add or remove user agents temporarily or permanently from the
    # User Agent filters directly below or to modify/edit/change any of the other security code rules below.
    #RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F]
Viewing 15 posts - 1 through 15 (of 16 total)
  • You must be logged in to reply to this topic.