Security Log – iThemes js Script Blocked, Security Log entries, Uploads htaccess File

Home Forums BulletProof Security Pro Security Log – iThemes js Script Blocked, Security Log entries, Uploads htaccess File

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #1080
    AITpro Admin
    Keymaster

     Email Question: 

    Question.

    Everything looks really perfect with the new upgrade.

    But I’m noticing an issue in the security log and I’m not sure … 1. what is causing this to get logged,   2.  how I can not have it logged (unless there’s a real problem being picked up,   3.  what you suggest?  What do you think is happening and is there something I can do to avoid this recurrence?

    Here’s a sample of what keeps showing up:

    >>>>>>>>>>> 403 Error Logged - January 16, 2013 - 8:35 pm <<<<<<<<<<<
    REMOTE_ADDR: 68.39.81.155
    Host Name: c-68-39-81-155.hsd1.nj.comcast.net
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: [domain name removed for security/privacy]/online-website-start-up-form/
    REQUEST_URI: /wp-content/uploads/it-file-cache/builder-core/script.js
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
    
    >>>>>>>>>>> 403 Error Logged - January 16, 2013 - 8:35 pm <<<<<<<<<<<
    REMOTE_ADDR: 68.39.81.155
    Host Name: c-68-39-81-155.hsd1.nj.comcast.net
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: [domain name removed for security/privacy]/online-website-start-up-form/
    REQUEST_URI: /wp-content/uploads/it-file-cache/builder-core/javascript-footer.js
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
    
    >>>>>>>>>>> 403 Error Logged - January 16, 2013 - 8:37 pm <<<<<<<<<<<
    REMOTE_ADDR: 68.39.81.155
    Host Name: c-68-39-81-155.hsd1.nj.comcast.net
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: [domain name removed for security/privacy]/online-website-start-up-form/
    REQUEST_URI: /wp-content/uploads/it-file-cache/builder-core/script.js
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
    
    >>>>>>>>>>> 403 Error Logged - January 16, 2013 - 8:37 pm <<<<<<<<<<<
    REMOTE_ADDR: 68.39.81.155
    Host Name: c-68-39-81-155.hsd1.nj.comcast.net
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: [domain name removed for security/privacy]/online-website-start-up-form/
    REQUEST_URI: /wp-content/uploads/it-file-cache/builder-core/javascript-footer.js
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
    
    #1081
    AITpro Admin
    Keymaster

    This is the primary reason the new Security Log page was created in B-Core – to have folks notice any problems quickly on their website and not for the purpose of checking to see how many hacking attempts were blocked.  😉

    What these 403 Errors are indicating is that your Theme is storing javascript files in your /uploads folder.  I looked up /it-file-cache and this is something that iThemes does.  So what you need to do is allow js scripts in your uploads folder.  To do that you will need to edit your Uploads .htaccess file by following these steps below:

    1.  Go to the B-Core Edit/Upload/Download Tab page.

    2.  Click on the “Your Current Uploads htaccess File” Tab.

    3.  Scroll down in your Uploads .htaccess file until you come to the section of .htaccess code that lists file extension types:

    (7z|as|bat|bin|cgi|chm|chml|class|cmd|com|command|dat|db|db2|db3|dba|dll|DS_Store|exe|gz|hta|htaccess|htc|htm|html|htx|idc|ini|ins|isp|jar|jav|java|js|jse|jsfl|json|jsp|jsx|lib|lnk|out|php|phps|php5|php4|php3|phtml|phpt|pl|py|pyd|pyc|pyo|rar|shtm|shtml|sql|swf|sys|tar|taz|tgz|tpl|vb|vbe|vbs|war|ws|wsf|xhtml|xml|z|zip)

    4.  Remove/delete js| from this code above to allow js files in your /uploads folder to be opened/accessed.

    5.  Click the Update File button to save your editing changes.

    The security risk is very low to nil to allow js file extensions.

    #1097
    Gary M. Gordon
    Participant

    Ed,
    As always, you’re work and continued help is superb.  Your support is outstanding and I continue to thank you for all of your exellent work and your expertise on the issue of WordPress (and server) security.
    Your answer was perfect.
    That was exactly what I was expecting and your answer was short and to the point.
    Thanks again,Gary Gordon
    http://www.webuildfreewebsites.com/http://www.whatshouldibe.me/

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.