Security Log – Security Log entries

Home Forums BulletProof Security Pro Security Log – Security Log entries

This topic contains 7 replies, has 3 voices, and was last updated by  AITpro Admin 9 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #1823

    Giacomo
    Member

    Hi, yesterday installed the pro version and very happy with it. today though i am noticing a lot of entries in the security log… is referring to the javascript contained in a plugin folder needed for the plugin… it tells me 403 error, but the js are read by the browser. What do you think about it? Thank you

    >>>>>>>>>>> 403 Error Logged - February 6, 2013 - 11:41 pm <<<<<<<<<<<
    REMOTE_ADDR: 192.150.3.184
    Host Name: 192.150.3.184
    HTTP_CLIENT_IP: 
    HTTP_FORWARDED: 
    HTTP_X_FORWARDED_FOR: 
    HTTP_X_CLUSTER_CLIENT_IP: 
    REQUEST_METHOD: GET
    HTTP_REFERER: [removed the url cause is my company's website]
    REQUEST_URI: /wp-content/plugins/pagelines-sections/accordions/js/tinycolor-min.js?ver=3.5.1
    QUERY_STRING: 
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50
    #1826

    AITpro Admin
    Keymaster

    This is a plugin script that is being blocked by the Plugin Firewall.  Copy this plugin script path:  /pagelines-sections/accordions/js/tinycolor-min.js to the 

    Source:  http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

     

    #1830

    Giacomo
    Member

    Thanks, sorry i didn’t see the troublesooting post 🙂

    #1832

    AITpro Admin
    Keymaster

    No problem at all.  

    BPS Pro 5.6 has a new feature called Plugin Firewall Test Mode that will make the whole Plugin Firewall Whitelist thing much, much simpler and easier.  Right now it is a bit clunky.  So that help page will be changing quite a bit when BPS Pro 5.6 is released.

    The Search feature works really well for this BuddyPress Forum.  It is not the standard old search feature that does not produce good search results.  It is called the BuddyPress Global Unified Search Plugin and it works fantastic to give you only relevant search results.  😉

    #1834

    Giacomo
    Member

    Thanks again 🙂

    #36822

    Master Kim
    Participant

    This might be little bit different than the subject of this thread.
    I have two websites and please let me know user agents so that I can add them to Ignore|Not Log.

    [403 GET Request: 01/16/2019 - 12:13 AM]
    BPS Pro: 13.7
    WP: 5.0.3
    Event Code: PFWR-PSBR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 73.250.192.191
    Host Name: c-73-250-192-191.hsd1.md.comcast.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://saahm.net/wp-admin/admin.php?page=ss_reports
    REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.7
    QUERY_STRING: ver=13.7
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
    
    [403 GET Request: 2019 1 16 - 01:20 ]
    BPS Pro: 13.7
    WP: 5.0.3
    Event Code: UAEGWR-HPRA
    Solution: https://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/
    REMOTE_ADDR: 73.250.192.191
    Host Name: c-73-250-192-191.hsd1.md.comcast.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/bb-plugin/cache/603-layout.js?ver=e584f7f65ef69f8f25560a61c5c77d4b
    QUERY_STRING: ver=e584f7f65ef69f8f25560a61c5c77d4b
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

    Read Me does not explain how to get user agent/bot from the above security logs.

    Thank you for your kind help as always.

    #36823

    AITpro Admin
    Keymaster

    Security Log ignore by bot User Agent is for when the bot that is generating the Security Log entry is ok/safe.  The User Agents in both of the Security Log entries that you posted above are standard Browser User Agents and not bots.  So you would not want to ignore/whitelist those Browser User Agents since you would be ignoring/whitelisting all Firefox and Safari Browser visits to your website that generated a Security Log entry due to a problem or issue.  So basically you want to see these Security Log entries because the indicate a problem with the BPS Pro Plugin Firewall that needs to be fixed.  Do these steps below and let me know if you continue to see new Security Log entries being logged after doing the steps below.

    https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/

    Troubleshooting: Reset|Clear The Plugin Firewall (fixes most if not all Plugin Firewall issues/problems)
    Note: To find out if an issue/problem is related to or being caused by the Plugin Firewall do BPS Pro troubleshooting step #3 in the BPS Pro troubleshooting link: https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    Fix all general Plugin Firewall issues/problems:
    1. Go to the BPS Security Log page and click the Delete Log button to delete your current Security Log file contents.
    2. Go to the Plugin Firewall page.
    3. Click the Plugin Firewall BulletProof Mode Deactivate button.
    4. Delete (or cut if you want to add your existing whitelist rules back into the Plugins Script|File Whitelist Text Area) all of your Plugin Firewall whitelist rules out of the Plugins Script|File Whitelist Text Area.
    5. Click the Save Whitelist Options button.
    6. Click the Plugin Firewall Test Mode button.
    7. Check your site pages by clicking on all main website pages: contact form page, home page, login page, etc.
    8. Recheck the Plugins Script|File Whitelist Text Area (after 1 minute) and you should see new Plugin Firewall whitelist rules have been created.
    9. Change the AutoPilot Mode Cron Check Frequency to 15 minutes or whatever frequency time you would like to use.
    10. Click the Plugin Firewall Activate button.

    Fix all general Plugin Firewall issues/problems and Proxy server configuration mistakes:
    Note this fix also applies to using a VPN|Proxy when you are logged into your website.
    Additional steps to fix both general Plugin Firewall issues/problems and to compensate for an additional Proxy server configuration mistake (whitelist the Proxy IP Address). Note: This only applies to Proxy server issues/problems. Use the steps above unless specifically instructed to use these steps below to fix/whitelist a Proxy server IP address problem.

    1. Go to the BPS Security Log page and click the Delete Log button to delete your current Security Log file contents.
    2. Go to the Plugin Firewall page.
    3. Click the Plugin Firewall Additional Whitelist Tools accordion tab.
    4. Enter Proxy server IP address: xxx.xxx.xxx.xxx in the Whitelist by Hostname (domain name) and IP Address text box.
    5. Click the Save Hostname and IP Address Rules button.
    6. Click the Plugin Firewall BulletProof Mode Deactivate button.
    7. Delete (or cut if you want to add your existing whitelist rules back into the Plugins Script|File Whitelist Text Area) all of your Plugin Firewall whitelist rules out of the Plugins Script|File Whitelist Text Area.
    8. Click the Save Whitelist Options button.
    9. Click the Plugin Firewall Test Mode button.
    10. Check your site pages by clicking on all main website pages: contact form page, home page, login page, etc.
    11. Recheck the Plugins Script|File Whitelist Text Area (after 1 minute) and you should see new Plugin Firewall whitelist rules have been created.
    12. Change the AutoPilot Mode Cron Check Frequency to 15 minutes or whatever frequency time you would like to use.
    13. Click the Plugin Firewall Activate button.

    #36825

    AITpro Admin
    Keymaster

    Oops the second Security Log entry is indicating that BPS Pro UAEG is blocking this js file in your WordPress Uploads folder > /wp-content/uploads/bb-plugin/cache/603-layout.js.  To fix this problem use the whitelisting method that you would like to choose in the UAEG forum topic > help section > CUSTOM CODE UAEG Whitelisting Method.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.