Spider Event Calendar WordPress Event Calendar – 403 error

Home Forums BulletProof Security Free Spider Event Calendar WordPress Event Calendar – 403 error

Tagged: , ,

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • May 24, 2013 at 8:36 am #6181
    Rob Brand
    Participant

    I am getting an error with
    Spider Event Calendar Plugin with BullettProof activated.

    You don’t have permission to access /art/wp-content/plugins/spider-event-calendar/front_end/spidercalendarbig.php on this server.

    May 24, 2013 at 8:40 am #6182
    AITpro Admin
    Keymaster

    Check your BPS Security Log file and post ONLY the error that relates to the Spider Event Calendar/WordPress Event Calendar.

    May 24, 2013 at 8:53 am #6184
    AITpro Admin
    Keymaster

    Let the plugin author know about this coding mistake.

    spidercalendarbig.php code line 19.  The $wpdb variable has global added to it outside of a function.  This can be commented out since global is only intended to be used within a function.  Or the code should be wrapped in a new function if that is what is needed.

    // let's load WordPress
require_once( WP_LOAD_PATH . 'wp-load.php');
global $wpdb;
    May 24, 2013 at 9:20 am #6185
    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    The Spider Event Calendar has been tested and it uses admin-ajax.php to show events.

    1. Add this wp-admin .htaccess bypass / skip rule below to the this wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES.
    2. Click the Save wp-admin Custom Code button.
    3. Go to the BPS Security Modes page and activate wp-admin BulletProof Mode.

    # admin-ajax.php skip/bypass rule
RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
RewriteRule . - [S=2]

    Also another bug that I found in this plugin is that the first calendar you create does not show up in the javascript Calendar insert button dropdown list on the WP WYSIWYG Editor toolbar. The second calendar does show up and you can successfully choose/select it and insert it into pages or posts. Please notify the plugin author about this additional bug/coding problem.

    May 24, 2013 at 9:32 am #6187
    AITpro Admin
    Keymaster

    One other thing that you should mention to the plugin author is that nowhere does it say that calendars are inserted into pages by clicking the insert calendar button in the pages or posts editor.  This help information should be everywhere.  Since I logically knew that this is probably what should be done I looked there first.  For someone who is not a coder or experienced with WordPress then they would have no idea what to do next.

    November 6, 2014 at 1:19 pm #18907
    Brendan Merritt
    Participant

    [Topic has been merged into this relevant Topic]

    Trying to view a single day or any other view I get the following error.:
    newpaltzvillage.org 403 Forbidden Error Page
    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
    IP Address: 72.43.178.90

    Here is what the log is telling me. I get a 403 error when trying to access any view from the calendar plugin. It seems to be a rule in the .htacess file that is causing it. I need to know how to get around this so the calendar can function.

    [403 GET / HEAD Request: November 4, 2014 7:02 pm]
Event Code: WPADMIN-SBR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 72.43.178.90
Host Name: rrcs-72-43-178-90.nyc.biz.rr.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.newpaltzvillage.org/village-board-agendas-minutes/
REQUEST_URI: /wp-admin/admin-ajax.php?action=spiderbigcalendar_month_widget&theme_id=1&calendar=1&select=month,&date=2014-10&many_sp_calendar=1&cur_page_url=http://www.newpaltzvillage.org/village-board-agendas-minutes/&cat_id&widget=1
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
    November 6, 2014 at 1:54 pm #18911
    AITpro Admin
    Keymaster

    @ Brendan Merritt – See the updated wp-admin admin-ajax.php Custom Code skip rule above in this Forum Topic.

    November 7, 2014 at 6:27 am #18923
    Brendan Merritt
    Participant

    I cut and pasted the rule in above as suggested but I am still getting the same error. This is the log after applying the rule

    [403 GET / HEAD Request: November 7, 2014 2:20 pm]
Event Code: WPADMIN-SBR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 71.169.22.237
Host Name: pool-71-169-22-237.pghk.east.verizon.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.newpaltzvillage.org/calendar/
REQUEST_URI: /wp-admin/admin-ajax.php?action=spidercalendarbig&theme_id=13&calendar_id=1&ev_ids=4&eventID=4&date=2014-11-6&many_sp_calendar=1&cur_page_url=http://www.newpaltzvillage.org/calendar/&widget=0&
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36
    November 7, 2014 at 6:46 am #18931
    AITpro Admin
    Keymaster

    Did you do ALL of the Custom Code steps?  After adding the skip rule did you click the Save wp-admin Custom Code button and then activate wp-admin BulletProof Mode again?

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.