SiteLock Scan Blocked – SiteLockSpider 403 error

[Deb]

The GoDaddy hosting Sitelock app scan is not able to run. (GoDaddy pressed client into it before she talked to me and I put on BPSP.)
Have thousands (did a count) of these types listing various pieces of script it gets caught for. Where do we allow this activity?
I have the above code already there. Not allowing this activity.

[403 GET Request: June 9, 2016 - 8:44 pm]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 184.154.139.10
Host Name: placeholder.sitelock.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: <strong>multihtml.pl?multi=/etc/passwd%00html</strong>
QUERY_STRING: 
HTTP_USER_AGENT: SiteLockSpider [en] (WinNT; I ;Nav)

[403 GET Request: June 9, 2016 - 8:10 pm]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 184.154.139.10
Host Name: placeholder.sitelock.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /cgi-bin2/
QUERY_STRING: 
HTTP_USER_AGENT: SiteLockSpider [en] (WinNT; I ;Nav)

[AITpro Admin]

Interesting problem.  SiteLock is scanning for things that BPS security rules are blocking.  So SiteLock is being blocked the same way a hacker would be blocked that was doing these exact same scans on your website looking for vulnerabilities/exploits.  So instead of trying to create any sort of whitelisting rules to allow these scans, I think the simplest solution is just to ignore/not log any SiteLock scan Security Log entries.

To ignore/not log SiteLockSpider Bot log entries do these steps:

1. Go to the Security Log page.
2. Copy the SiteLockSpider Bot/User Agent name: SiteLockSpider into the Add User Agents|Bots to Ignore|Not Log text box.
3. Click the Add|Ignore button.

[Author]

Posts