Security Log – No log entries, Sucuri Security Plugin Blocks Logging

Home Forums BulletProof Security Free Security Log – No log entries, Sucuri Security Plugin Blocks Logging

This topic contains 21 replies, has 2 voices, and was last updated by  AITpro Admin 6 years, 8 months ago.

Viewing 15 posts - 1 through 15 (of 22 total)
  • Author
    Posts
  • #1714

    AITpro Admin
    Keymaster

    Split from another Topic since the question is a new question:

    I have the opposite problem.  Prior to a recent update, my log file had maybe 20 entries a day. After the update I haven’t had an entry since 1/31/13. I can’t imagine that’s accurate. I am sure that I have done something wrong, but I don’t know what.  I have read the various resources, but I am just not knowledgable enough to follow/understand what I should be doing to test my installation of BPS on my WordPress site.  Is there a really clear step-by-step process that I can follow?  Thanks so much!

    #1715

    AITpro Admin
    Keymaster

    Go to the htaccess File Editor tab page.

    Click on the Your Current Root htaccess File tab and scroll down in that file and look for this code.

    ErrorDocument 400 /wp-content/plugins/bulletproof-security/400.php
    ErrorDocument 401 default
    ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php
    ErrorDocument 404 /404.php

    Do you see this code in your Root .htaccess file?  Does it have a pound sign # in front of it?
    Is your WordPress installation a root website installation or is it a subfolder installation?
    A Root website installation is installed in the root of the Hosting account.
    A Subfolder website installation would be installed in a subfolder off the root – Example:  /some-folder

    #1765

    Jeff
    Member

    Thank you for all your help.  I did find those lines of code and there is NOT a pound sign in front of them.  I wouldn’t know how to install the WordPress in a subfolder.   I just followed the instructions from the WordPress folks several years ago. I did look and I believe that it is a root website installation.  I did not see any subfolder.  Also I should mention that BPS was loging all sorts of stuff, which I expected, until I did the most reecent update.  I hope I didn’t screw that part up!  Now I do have this entry in the file:
    BPS SECURITY / HTTP ERROR LOG============================================================
    But that’s all.

    #1766

    AITpro Admin
    Keymaster

    Well do a test to see if error logging is actually really working.  In your Browser type in this:  ;union after your website URL.  Example:  example.com/;union.
    If error logging is not working then you can try activating BulletProof Modes again.
    If it is still not working then something on your website is blocking/stopping/preventing BPS error logging.  Could be another plugin or could be something your web host is doing.

    #1769

    AITpro Admin
    Keymaster

    I just thought of something.  Since you said you had set up error logging before and automatic error logging only became available in this last release of BPS then what I suspect is that you set up error logging on your own and most likely you created your own 403 error document file somewhere on your website or maybe in your host control panel?

    And what exactly does this mean “Prior to a recent update, my log file had maybe 20 entries a day.”  What was the recent update?  WordPress update?  Plugin update?  Some other update?

    #1807

    Jeff
    Member

    I hope I can answer your questions accurately.  I did not knowingly create a 403 error document.  Is there a way that I can check that for you?  If so if you could guide me.  I did not intentional do that.  There was a BPS plugin update on or around 1/31/13.  I just updated the plugin through my wordpress control panel.  I did NOT do anything special however.  If I was supposed to put it in manitenance mode or anything like that, I didn’t. 
    I just recently installed the BPS plugin, I want to say around 1/26/13.  It had error logging at that time.  It was after I updated the plugin that the error logging stopped. 
    Thanks again for all of your help!

    #1809

    AITpro Admin
    Keymaster

    BPS .47.8 was released on 1-23-2013.  It is the first version with Security Logging / HTTP Error logging.  Ok so forget about the possibility of previously setting up error logging because most likely you did not do that on your own.  What is very strange to me is that there has not been another version release of BPS since 1-23-2013 so it could not have been the BPS plugin that you updated.  Maybe you are thinking of another plugin? What other plugins do you have installed on your website?

    Are you using a Proxy?  Your IP Addresses are different for your 2 posts:  1 from North Carolina and 1 from California.

    #1815

    Jeff
    Member

    I am in California.  I may have logged in from home or my office, but never NC.  I just go to the Help/Faq on the BPS menu and click the link and it opens a new browser window and takes me here.  I have the following security related plugins.  I must have confused an update from one of those recently, if it wasn’t BPS:
    BPS
    Login Lockdown
    Securi Security
    Wordfence Security
    Block Bad Queries
    WP Firewall 2
    WP Security Scan
    Do I possibly have a conflict with one of the above plugins? 
    Thanks again and I’m sorry to be your problem child!

    #1816

    AITpro Admin
    Keymaster

    Ok just checking on the Proxy thing since it could have possibly been related.  Not a big deal either way.  It is possible that one of these other plugins could be causing the issue.

    The only way to find out for sure is to deactivate them one by one and do a test then activate them again.

    use this test in your Browser:  example.com/;union test to trigger a 403 error.

    If you are using any of the WordPress Themes then this test above does not work and you will instead have to enter this in your website’s search window.  test’s  with an apostrophe s

    #1835

    Jeff
    Member

    I am not using a WP theme, so used the first example to test for a 403 error and logging.  I went to the very first plugin and deactivated it, then exited out of the admin panel, then tried the flyboywakesurf.com/;union etc test string.  I repeated this for every plugin I have installed.  On the very first interation, I immediately got a 404 error and then it seemed like wordpress was still churing and it came up with a 403 error page.  It took maybe 3 seconds after first displaying a 404 error page.
    There was no log entry.  Each successive iteration only generated a 404 error page and no 403.
    I did go through all of my plugin’s.  I believe, I don’t think I skipped any.
     

    #1836

    AITpro Admin
    Keymaster

    Hmm a 404 error and a huge delay between displaying a generic 403 error means something is definitely not working correctly on your particular website.  Something about your website is clearly overriding the BPS ErrorDocument directive in your Root .htaccess file.  It could be something your web host is doing at the Server itself.  What you will need to do now is look at your Server Logs or contact your web host and ask them to look at your Server Logs to see what the problem is.

    #1837

    AITpro Admin
    Keymaster

    What is your custom permalink structure?  You will find this on the WordPress Settings >>> Permalinks page.

    #1858

    Jeff
    Member

    My permalinks structure indicates: the radio button on “custom” is market and then in the firld behind my site name it shows:  /%postname%
    I hope that makes sense to you!
     

    #1859

    AITpro Admin
    Keymaster

    If you didn’t make a typo in your reply then your custom structure tag is missing the trailing slash.  it should be /%postname%/

    #1860

    AITpro Admin
    Keymaster

    Also I just happened to be fixing something on another site and I noticed that the Sucuri plugin has an option to add an .htaccess file in the wp-content folder.  There is no option to whitelist plugins or anything else and you cannot delete the .htaccess file from the plugin’s settings page.  If you have enabled this option then you will need to manually delete the .htaccess file in your wp-content folder via FTP.  This may or may not be related to the problem, but logically it could be.  I plan on fully testing the Sucuri plugin in a couple of days to see what the full impact is on BPS.

Viewing 15 posts - 1 through 15 (of 22 total)

You must be logged in to reply to this topic.