2 Click Social Media Buttons – 403 error

[JB]

Hi Admin,

my Security Log is full of entries and i don´t know why. I added in the whitelist the plugin script: /2-click-socialmedia-buttons/js/social_bookmarks-min.js But every day there are more than one new entries from different IPs. Here is a log example:

[403 GET / HEAD Request: 27. Oktober 2014 - 19:23]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 141.30.247.XX
Host Name: 141.30.247.XX
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 141.30.247.XX
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://blog-XXXXXXX.de/on-site-befragung-reloaded-guete-von-befragungen-erhoehen/
REQUEST_URI: /wp-content/plugins/2-click-socialmedia-buttons/js/social_bookmarks-min.js?ver=1.6.4
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0

[AITpro Admin]

A Plugin Firewall whitelist rule needs to be added to the Plugin Firewall Whitelist Text area for this plugin. BPS Pro 9.8 will have Plugin Firewall automation that will do this automatically in real-time. Tentative release date for BPS Pro 9.8 is November 4 to 11.

/2-click-socialmedia-buttons/js/social_bookmarks-min.js

Plugin Firewall Setup Steps When Manually Adding Plugin Scripts To The Plugins Script/File Whitelist Text Area
1. Copy and paste plugin scripts/whitelist rules to the Plugins Script/File Whitelist Text Area.
2. Click the Save Whitelist Options button.
3. Click the Plugin Firewall BulletProof Mode Activate button.

The Setup Wizard should find, add and create all Plugin Firewall whitelist rules automatically, but it is a good idea to check your website with a Proxy after running the Setup Wizard. Checking your website with a Proxy after running the Setup Wizard. Checking your Security Log for any additional plugin scripts that need to be whitelisted in the Plugin Firewall. How to manually add Plugin Firewall whitelist rules to the Plugin Firewall Whitelist Text Area.

Plugin Firewall Testing Video Tutorial: http://forum.ait-pro.com/video-tutorials/#security-log-firewall

[JB]

The manually steps i followed but nothing changed – every day a lot of logs like the example above.

Here is my whitelist from the FW-Plugin:

/2-click-socialmedia-buttons/js/social_bookmarks-min.js, /subscribe2/extension/readygraph/assets/js/my-script.js, /all-in-one-seo-pack/quickedit_functions.js, /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js, /simple-lightbox/template-tags/item/tag.item.js

Any ideas?
nukleuz

[AITpro Admin]

First, this may be unrelated to the problem, but it is still a problem.  In this other Forum Topic you posted your server/Proxy is using an outdated Server Protocol.  Server Protocol HTTP/1.0 was phased out 15 years ago in 1999.  The new Server Protocol as of 1999 (15 years ago) is HTTP/1.1.  Hackers and Spammers still use old software/Proxies that use Server Protocol HTTP/1.0 because that old Server Protocol allows them to do nasty things that they cannot do with the new Server Protocol HTTP/1.1.  You should take care of that problem either way and update/upgrade your Proxy and configure it to use the new Server Protocol.

http://forum.ait-pro.com/forums/topic/403-error-in-security-log-monitoring-from-hoster/

For now deactivate/Turn Off the Plugin Firewall on this website.

I assume you have an Nginx frontend server/Proxy and have an Apache server handling the backend – php and htaccess?  Go to the BPS Pro System Info page and post this information about your website/server:

Server Type:
Operating System:
WP Filesystem API Method:
Server API:

[JB]

Your assuming is correct – NGINX for frontend and Apache for backend:

Server Type: Apache
Operating System: Linux
WP Filesystem API Method: direct
Server API: apache2handler DSO Host Server Type

[AITpro Admin]

Great!  Just wanted to confirm what I was seeing after scanning your server. When I scan your site remotely with the cURL Scanner Pro-Tool I see these Plugin Firewall whitelist rules:

/2-click-socialmedia-buttons/js/social_bookmarks-min.js, /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js

When I check your site physically with Google Developer Tools I only see a 403 error for the 2 Click Social Media Buttons plugin and not the Contact Form 7 plugin. What this means is the Plugin Firewall and whitelisting is working correctly.

Or if you currently have the Plugin Firewall turned Off/deactivated then that would be the same as doing BPS Pro Troubleshooting step #4 to isolate the source of the issue/problem, which would confirm that something in the root htaccess file is blocking something in the 2 Click Social Media Buttons plugin.

BPS Pro troubleshooting steps
http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

So what is happening is that the Security Log entry is misleading. What is actually blocking the 2 Click Social Media Buttons plugin is something in the root htaccess file and not the Plugin Firewall. Try this plugin skip/bypass rule below and let me know if it works or not. If it does not work then I will install the 2 Click Social Media Buttons plugin on a test site and find out what needs to be whitelisted in Custom Code.

1. Copy the code below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES

Note:  If your WordPress installation is a subfolder installation then add your WordPress folder name in the path.  Example:  /My-WordPress-Folder-Name/wp-content/plugins/easy-social-share-buttons/

# 2 Click Social Media Buttons skip/bypass
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/2-click-socialmedia-buttons/ [NC]
RewriteRule . - [S=13]

2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

[JB]

Hi Admin,

i added the Custom Code and will test a bit…  I will tell you if anything changed (empty logs).

[JB]

The log is still full after the custom code was added…

[AITpro Admin]

I have installed and tested the 2 Click Social Media Buttons plugin. This plugin only requires a Plugin Firewall whitelist rule and does not require any other whitelisting. It works normally without any errors after adding the Plugin Firewall whitelist rule. Do these steps below to delete and recreate the Plugin Firewall htaccess file.  If these steps do not fix the problem then I will need to login to this site to see what is wrong.  One thing that is odd is the the js script in this plugin loads as text/html instead of what it should be loading as text/javascript.  I think that is a separate unrelated problem with that plugin.

1. Click the Plugin Firewall BulletProof Mode Deactivate button.
2. Click the Save Whitelist Options button.
3. Click the Plugin Firewall BulletProof Mode Activate button.

[JB]

Hi Admin,

a very important notice i’ve forget to tell you is that i have that problem since the “500 Internal Server Error”.
Here is the link: http://forum.ait-pro.com/forums/topic/500-server-error/
Perhaps it could be a problem for this?!
I did the creation of a new fw .htaccess file you described above – i will see and tell you if the log shows the entries.

nukleuz

PS: Do i have to clean the custom code?
AND perhaps the PHP Error i get since the 500 Error could be a prob too?

[05-Nov-2014 08:00:09] PHP Warning:  copy(/var/www/vhosts/xyz.de/httpdocs/wp-content/languages/continents-cities-de_DE.mo): failed to open stream: Permission denied in /var/www/vhosts/xyz.de/httpdocs/wp-admin/includes/class-wp-filesystem-direct.php on line 217

[JB]

It would be great if could login to the page and take a look what´s wrong. There is one new entry in the log since new fw .htaccess creation.

Thanks

[AITpro Admin]

Yep, create a temporary Admin user account and send it to directly to edward at ait-pro dot com.  The php error means that either the Ownership  or file permissions for the /wp-content/languages/ folder are not allowing the language file to be automatically updated.  Several people have contacted us that have a German WordPress version installed and .po and .mo files are being sent to quarantine, which means WordPress automatic updates are updating the German language files automatically.  An AutoRestore folder exclude rule can be created so that the /languages/ folder is excluded from being checked by AutoRestore.  I have not seen this happening with any other WordPress language versions besides the German WordPress version.

[JB]

You got mail 😉

[AITpro Admin]

Yep got it.  We are wrapping up packaging BPS Pro 9.8 for release so I will be logging in in about 10 minutes.  Thanks.

[AITpro Admin]

The issue/problem is no longer occurring after doing these steps below.  I tested your site with Boom Proxy and 403 errors were no longer being logged.

1. Click the Plugin Firewall BulletProof Mode Deactivate button.
2. Click the Save Whitelist Options button.
3. Click the Plugin Firewall BulletProof Mode Activate button.

The php error has to do with Ownership of the /languages/ folder.  You are using open_basedir but the /languages/ folder is in the allowed/unrestricted paths that you are allowing for writing.  You will need to check that the /languages/ folder has the same Owner as all of your other WordPress folders.  It will be different since a writing problem is occurring so you will need to change Owner of the /languages/ folder to the same Owner as all of your other WordPress folders.  It is possible, but not likely that this is a permissions problem on the /languages/ folder so you should also check folder permissions.

[Author]

Posts