Home › Forums › BulletProof Security Free › Server default php error log file quarantined
- This topic has 20 replies, 2 voices, and was last updated 10 years, 5 months ago by AITpro Admin.
-
AuthorPosts
-
jenaParticipant
The server default error log file keeps on quarantined. /home/maginabl/public_html/error_log How to prevent this?
AITpro AdminKeymasterYou would create an AutoRestore Exclude rule for this file.
1. Go to the AutoRestore page >>> click on the Add / Exclude Static Files tab page >>> click on the Blue Read Me help button and look for this help text below on how to exclude an individual file from being checked by AutoRestore/Quarantine.
Exclude An Individual File option
Best Recommend use is to select the Exclude An Individual File option to exclude individual WordPress files ONLY from being checked by the ARQ Cron. Example Use: You have a plugin installed that regularly writes some content to a log file – /wp-content/plugins/example-plugin/Log-file.txt. Because the log file is being changed regulary the ARQ Cron will autorestore and quarantine that log file each time the file changes. To exclude that log file from being checked by the ARQ Cron you would select the Exclude An Individual File option and enter the path to the file that you want excluded in the Enter an Exclude Folder or File Path text box – /xxxxx/xxxxx/wp-content/plugins/example-plugin/Log-file.txt and click the Exclude button.jenaParticipantAlso I have problem with plugin firewall white list rules. When I add this rule it show error
/wpmu-theme-usage-info/js/(.*).js
Error: One or more of your Whitelist rules are not valid
AITpro AdminKeymasterOops yep this is a error checking mistake in the Plugin Firewall error pattern check. The dots (.) should be escaped and they are not escaped. The -info portion of your whitelist rule is what is triggering this error since the pattern check is matching “-info” and should only be matching “.info”. I will make this correction and upload a new BPS Pro zip file and post back here when that new zip file is available for download and installation – USING ONLY the BPS Pro upload zip installer and NOT the WordPress upload zip installer to install the new BPS Pro zip file.
$pattern2 = '/(\bver=\b|\bpage=\b|\bsrc=\b|\bwww\b|\bhttp\b|\bhttps\b|\bhref\b|\b.com\b|\b.net\b|\b.org\b\b.biz\b|\b.info\b|\b.gov\b|\b.edu\b)/';
Plugin Firewall whitelist rule Error check code Correction will be this:
$pattern2 = '/(\bver=\b|\bpage=\b|\bsrc=\b|\bwww\b|\bhttp\b|\bhttps\b|\bhref\b|\b\.com\b|\b\.net\b|\b\.org\b\b\.biz\b|\b\.info\b|\b\.gov\b|\b\.edu\b)/';
AITpro AdminKeymasterA new BPS Pro zip file has been uploaded to the Secure Download area with this code correction added. Download the zip file and install it using the BPS Pro upload zip installer – DO NOT use the WordPress upload zip installer.
jenaParticipantAnother problem I have in one site not all is that each time I add whitelist by pass rules to custom code section and create secure htaccess file it removes super cache code.
AITpro AdminKeymasterIt is recommended that you add WP Super Cache .htaccess cache code to BPS Pro Custom Code so that it is saved permanently. See this Forum Topic link: http://forum.ait-pro.com/forums/topic/where-is-the-log/#post-2715
jenaParticipantAlso get this error while creating secure htaccess file
[10-Sep-2013 20:23:32 UTC] PHP Warning: copy(/home/sdatt/public_html/wp-content/bps-backup/autorestore/wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess) [function.copy]: failed to open stream: No such file or directory in /home/sdatt/public_html/wp-content/plugins/bulletproof-security/admin/options.php on line 1434
AITpro AdminKeymasterYou can disregard the error. It occurs when the this backup folder – /wp-content/bps-backup/autorestore/wp-content/plugins/bulletproof-security/admin/htaccess/ does not actually exist due to creating the AutoRestore plugins folder Exclude rule. This error will be suppressed in the next BPS Pro version.
jenaParticipantAlso we get lots of login security alerts. A User Account Has Been Locked How to blacklist these ips?
AITpro AdminKeymasterBlocking by IP address does not really work since there are millions of IP addresses that are used by spammers and hackers. If hackers are finding legitimate user account names/Author URLs on your websites and trying to login with those user account names then you need to look at this Forum Topic link below and will need to NOT expose legitimate user accounts/Author URLs on the frontend of your website.
http://forum.ait-pro.com/forums/topic/revealing-the-admin-or-editor-user-name-and-not-knowing/
jenaParticipantAnd for this new version of BPS Pro I didn’t get what you mean by install it using the BPS Pro upload zip installer – DO NOT use the WordPress upload zip installer. If I copy these files through ftp will it be ok?
AITpro AdminKeymasterThat is the hard way to do it, but yes you can do an FTP file upload.
Using the BPS Pro Upload Zip installer
1. Download the zip file from the AITpro Secure Download Area to your computer.
2. Click on the BPS Pro Install / Backup menu.
3. Click the Choose file button, select the BPS Pro zip file from your computer, click the Upload zip file button and click the Install zip now button.jenaParticipantNow this whitelist rule show invalid
/buddypress-mobile/themes/default/(.*).js,
AITpro AdminKeymasterIn this particular case change this whitelist rule since the “themes” folder check is important and should not be changed in the BPS Plugin Firewall error checking code.
/buddypress-mobile/(.*).js,
-
AuthorPosts
- You must be logged in to reply to this topic.