Server default php error log file quarantined

Home Forums BulletProof Security Free Server default php error log file quarantined

This topic contains 20 replies, has 2 voices, and was last updated by  AITpro Admin 4 years, 9 months ago.

Viewing 15 posts - 1 through 15 (of 21 total)
  • Author
    Posts
  • #9521

    jena
    Participant

    The server default error log file keeps on quarantined. /home/maginabl/public_html/error_log  How to prevent this?

    #9522

    AITpro Admin
    Keymaster

    You would create an AutoRestore Exclude rule for this file.

    1.  Go to the AutoRestore page >>> click on the Add / Exclude Static Files tab page >>> click on the Blue Read Me help button and look for this help text below on how to exclude an individual file from being checked by AutoRestore/Quarantine.

    Exclude An Individual File option
    Best Recommend use is to select the Exclude An Individual File option to exclude individual WordPress files ONLY from being checked by the ARQ Cron. Example Use: You have a plugin installed that regularly writes some content to a log file – /wp-content/plugins/example-plugin/Log-file.txt. Because the log file is being changed regulary the ARQ Cron will autorestore and quarantine that log file each time the file changes. To exclude that log file from being checked by the ARQ Cron you would select the Exclude An Individual File option and enter the path to the file that you want excluded in the Enter an Exclude Folder or File Path text box – /xxxxx/xxxxx/wp-content/plugins/example-plugin/Log-file.txt and click the Exclude button.

    #9525

    jena
    Participant

    Also I have problem with plugin firewall white list rules. When I add this rule it show error

    /wpmu-theme-usage-info/js/(.*).js

    Error: One or more of your Whitelist rules are not valid

    #9526

    AITpro Admin
    Keymaster

    Oops yep this is a error checking mistake in the Plugin Firewall error pattern check.  The dots (.) should be escaped and they are not escaped.  The -info portion of your whitelist rule is what is triggering this error since the pattern check is matching “-info” and should only be matching “.info”.  I will make this correction and upload a new BPS Pro zip file and post back here when that new zip file is available for download and installation – USING ONLY the BPS Pro upload zip installer and NOT the WordPress upload zip installer to install the new BPS Pro zip file.

    $pattern2 = '/(\bver=\b|\bpage=\b|\bsrc=\b|\bwww\b|\bhttp\b|\bhttps\b|\bhref\b|\b.com\b|\b.net\b|\b.org\b\b.biz\b|\b.info\b|\b.gov\b|\b.edu\b)/';

    Plugin Firewall whitelist rule Error check code Correction will be this:

    $pattern2 = '/(\bver=\b|\bpage=\b|\bsrc=\b|\bwww\b|\bhttp\b|\bhttps\b|\bhref\b|\b\.com\b|\b\.net\b|\b\.org\b\b\.biz\b|\b\.info\b|\b\.gov\b|\b\.edu\b)/';
    #9527

    AITpro Admin
    Keymaster

    A new BPS Pro zip file has been uploaded to the Secure Download area with this code correction added.  Download the zip file and install it using the BPS Pro upload zip installer – DO NOT use the WordPress upload zip installer.

    #9532

    jena
    Participant

    Another problem I have in one site not all is that each time I add whitelist by pass rules to custom code section and create secure htaccess file it removes super cache code.

    #9533

    AITpro Admin
    Keymaster

    It is recommended that you add WP Super Cache .htaccess cache code to BPS Pro Custom Code so that it is saved permanently. See this Forum Topic link: http://forum.ait-pro.com/forums/topic/where-is-the-log/#post-2715

    #9534

    jena
    Participant

    Also get this error while creating secure htaccess file

    [10-Sep-2013 20:23:32 UTC] PHP Warning:  copy(/home/sdatt/public_html/wp-content/bps-backup/autorestore/wp-content/plugins/bulletproof-security/admin/htaccess/secure.htaccess) [function.copy]: failed to open stream: No such file or directory in /home/sdatt/public_html/wp-content/plugins/bulletproof-security/admin/options.php on line 1434
    #9535

    AITpro Admin
    Keymaster

    You can disregard the error.  It occurs when the this backup folder – /wp-content/bps-backup/autorestore/wp-content/plugins/bulletproof-security/admin/htaccess/ does not actually exist due to creating the AutoRestore plugins folder Exclude rule.  This error will be suppressed in the next BPS Pro version.

    #9538

    jena
    Participant

    Also we get lots of login security alerts. A User Account Has Been Locked How to blacklist these ips?

    #9539

    AITpro Admin
    Keymaster

    Blocking by IP address does not really work since there are millions of IP addresses that are used by spammers and hackers.  If hackers are finding legitimate user account names/Author URLs on your websites and trying to login with those user account names then you need to look at this Forum Topic link below and will need to NOT expose legitimate user accounts/Author URLs on the frontend of your website.

    http://forum.ait-pro.com/forums/topic/revealing-the-admin-or-editor-user-name-and-not-knowing/

    #9541

    jena
    Participant

    And for this new version of BPS Pro I didn’t get what you mean by install it using the BPS Pro upload zip installer – DO NOT use the WordPress upload zip installer. If I copy these files through ftp will it be ok?

    #9542

    AITpro Admin
    Keymaster

    That is the hard way to do it, but yes you can do an FTP file upload.

    Using the BPS Pro Upload Zip installer
    1.  Download the zip file from the AITpro Secure Download Area to your computer.
    2.  Click on the BPS Pro Install / Backup menu.
    3.  Click the Choose file button, select the BPS Pro zip file from your computer, click the Upload zip file button and click the Install zip now button.

    #10208

    jena
    Participant

    Now this whitelist rule show invalid

    /buddypress-mobile/themes/default/(.*).js,
    #10214

    AITpro Admin
    Keymaster

    In this particular case change this whitelist rule since the “themes” folder check is important and should not be changed in the BPS Plugin Firewall error checking code.

    /buddypress-mobile/(.*).js,
Viewing 15 posts - 1 through 15 (of 21 total)

You must be logged in to reply to this topic.