2 Click Social Media Buttons – 403 error

[JB]

Thanks a lot for support!!!
I will change the owner and check the errors.
nukleuz

[JB]

Hi Admin,
since you made the changes the log is full of 2click-socialmedia-button entries (10-15 entries)… What can i/we do?
nukleuz

[AITpro Admin]

If the problem was fixed and has now returned again then that would mean something has changed or the Security Log entries are blocked hackers or spammers trying to exploit something in this plugin. The first thing to check is – is the plugin working correctly? The next thing to check would be the IP addresses or hostnames in the Security Log entries. I will look at the frontend of your site again and see if the 403 errors have returned again. If I am seeing them again then I will need to login to your site and see what is causing the problem to return since it was fixed/working correctly. I will post a follow up post shortly after checking the frontend of your site.

[AITpro Admin]

I have checked the frontend of your website and I am not seeing 403 errors.  I am seeing the 2 Click Social Media buttons and they are working correctly. I was able to use the Google +1 button successfully and post to +1. So what the means is 1 of these 3 things below is true.

1. A hacker or spammer is doing something shady that is being blocked and logged.
2. The plugin is doing some additional things that are being blocked, which you can disregard if everything is working correctly.
3. If everything is not working correctly then an additional whitelist rule may need to be created.

[JB]

Hi,

i don´t think that we solved the problem because a few hours later the first log comes again. I searched a bit in the logfile and found 2 logs which were made by 2 visitors i know. Your test/check for 403 errors are not be in the log but some other visitors get them – the log told that. After you logged in and made the changes until today i made nothing in WP and BPS-Pro. No changes/updates anywhere.

Today – some hours ago – i updated some plugins and BPS-Pro from 9.7 to 9.8 the very manually way.
So my knowledge of what i can do is at the end… 😉

[AITpro Admin]

I am seeing the 2 Click Social Media buttons and they are working correctly. I was able to use the Google +1 button successfully and post to +1.

What this means above is that the 2 Click Social Media Buttons plugin is working correctly.
Post some of the IP addresses in the 403 errors in your Security Log and I will tell you if they belong to hackers or spammers.

Also the 403 errors could be bad bots that are being blocked.  The thing to focus on is the plugin is working correctly for legitimate users so we can look at if the Security Log entries are for blocked hackers, spammers, bad bots, scrapers, harvesters, etc etc etc etc etc.

[JB]

OK, i start with 5 IP´s from the latest log entries:

80.128.71.214
149.172.105.144
84.185.42.162
176.198.180.38
46.59.254.73

Greets

[AITpro Admin]

80.128.71.214 – does not go to a legitimate website – most likely a Bot
149.172.105.144 – does not go to a legitimate website – most likely a Bot
84.185.42.162 – does not go to a legitimate website – most likely a Bot
176.198.180.38 – does not go to a legitimate website – most likely a Bot
46.59.254.73 – does not go to a legitimate website – most likely a Bot

[AITpro Admin]

Here is something you can do so that you will know that the 2 Click Social Media Buttons plugin is working correctly.  Have someone else click on the Social buttons and post socially to Google +1 or any of the other social buttons you want to test.

[AITpro Admin]

And disregard the IP address info above.  Those IP addresses would be Public ISP IP addresses so they would not tell you whether or not the Request was legitimate or done by a hacker, spammer, miner, scraper, harvester, Bot, etc etc etc.  Just have someone else test the social buttons so that you have confirmation that they are working correctly and then you can disregard the Security Log entries as either being something bad that is being blocked, which is what BPS does or some additional non-important thing is being blocked.  If the plugin is working correctly then there is nothing further you would need to do.

[JB]

OK i understand, so all these logs are bots and not users/visitors like you and me.
And if i checked the frontend  i can´t see 403 errors and the logfile is still empty.

So it is ok that these logs are in there!?

I will ask some friends to test the social media buttons…

Thanks!

[AITpro Admin]

We get over 500,000 log entries per month on our websites.  Do we look at all of those log entries?  Maybe just a brief glance, but we do not spend more than 5 minutes looking at each log file.  That would be a full-time job.  The important thing is if the plugin is working correctly or not.  I have a feeling that this plugin is doing several things and one of those things is being blocked because it is bad.  If it turns out that whatever is being blocked does something that is needed then an additional whitelist rule can be created.  After you have someone test this plugin then you will know if everything is working.  If something is not working then let me know and I will look into this further.

[JB]

Hi Admin,

it´s me again – i have a log entry which is defenatly produced by myself so i think there is something wrong and yes i did the 5 steps: Create, Save, Activate the FW-Rules again. Everytime when i was in the office i produce the log like:

[403 GET / HEAD Request: 26. November 2014 - 08:49]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 89.204.139.176
Host Name: 89.204.139.176
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 89.204.139.176
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://blog-xxxxxx.de/
REQUEST_URI: /wp-content/plugins/2-click-socialmedia-buttons/js/social_bookmarks-min.js?ver=1.6.4
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53

nukleuz

[AITpro Admin]

The problem that I immediately see is that the Server Protocol is HTTP/1.0 which was phased out 15 years ago in 1999. Looks like the Nginx Proxy needs to be upgraded and configured to use the new Server Protocol HTTP/1.1 as of 1999 – 15 years ago.  This problem may or may not be causing the /2-click-socialmedia-buttons/js/social_bookmarks-min.js script to be blocked or not whitelisting this plugin script successfully.  It may just be that you need to whitelist the additional Proxy IP addresses for your Nginx proxy.  Or the errors could mean nothing. ie a nuisance error if everything is working correctly and the Security Log entry is being logged simply because you are using an outdated Server Protocol.  I imagine there are lots of other problems that you are not aware of by using that outdated Server Protocol.

Use the Plugin Firewall Additional Whitelist “Allow from” tool and add any additional IP address or host names that need to be added for your Proxy.

[JB]

OK, i think one more reason for moving the sites to a new, faster and updated server. But i will try to whitekist the NGINX-Proxy…

[Author]

Posts