Security Log – valid plugin js files are being blocked

Home Forums BulletProof Security Pro Security Log – valid plugin js files are being blocked

This topic contains 3 replies, has 2 voices, and was last updated by  AITpro Admin 6 years, 3 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #7047

    Timbo
    Participant

    Hi there,

    I have noticed the following in my Security Log:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - June 19, 2013 - 4:49 pm <<<<<<<<<<<
    REMOTE_ADDR: xxx.xxx.xxx.xxx
    Host Name: xxxxx
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: xxxxx
    REQUEST_URI: /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.32.0-2013.04.03
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
    >>>>>>>>>>> 403 GET or Other Request Error Logged - June 19, 2013 - 4:49 pm <<<<<<<<<<<
    REMOTE_ADDR: xxx.xxx.xxx.xxx
    Host Name: xxxxx
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: xxxxxx
    REQUEST_URI: /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.4.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

    The following exceptions exist in my Plugin Firewall Whitelist:

    /contact-form-7/includes/js/jquery.form.min.js, /contact-form-7/includes/js/scripts.js

    The “403 GET or Other Request Error” only appear intermittently, and I have not found a way to replicate, just to wait for usual web traffic to trigger the error.

    You thoughts would be very much appreciated.

    -Timbo

    #7056

    AITpro Admin
    Keymaster

    Most likely what is occurring is that someone is doing something shady if this is an intermittent issue/problem.  Logically if something is not configured correctly or setup correctly with the Plugin Firewall then this would be a constant problem and not intermittent.  Another possibility could have something to do with form processing from a specific page to another page – ie multi-part form processing.  Post the last part of the HTTP_REFERER log entry, which I think was something like /business-profile or /business-contact or something like that.

    #7119

    Timbo
    Participant

    I don’t think anything shady is happening. It’s a VERY low traffic website, and I can identify the IP addresses triggering the errors (i.e. myself or someone I know). The form isn’t even located on the pages that are generating the errors, the form is located on the Contact Us page.

    Also, it is not a multi-part form, just a simple (single page) Contact Us form.

    -Timbo

    #7120

    AITpro Admin
    Keymaster

    The poplularity or level of traffic of a website is never a factor with websites being targeted/probed/reconned or hacked.  Bots, crawlers, spiders, etc. are automated scripts that go wherever they go randomly.  The entire process is automated.  Even the process of hacking a website is automated most of the time.  A human hacker might visit a hacked website after it has been automatically hacked or may never visit the hacked website.

    Your IP may be included in blocked hacking attempt depending on the method of attack.  IP addresses can never be trusted since they are very easily faked.

    Without more information I cannot really tell you what is going on, but the fact that it is intermittent would typically mean one of these things:

    Intermittent NS or other Server Connectivity problems.

    Intermittent MySQL Server problems.

    Memory is maxing out on this website intermittently.

    Hacker, spammer, scraper bot is probing, reconnning, etc.

    If this was a consistent problem then it would most likely be either BPS Pro blocking something or another plugin conflict issue.  Since it is intermittent then it cannot be a BPS Pro issue because it would be consistently happening.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.