Spider Event Calendar WordPress Event Calendar – 403 error

Home Forums BulletProof Security Free Spider Event Calendar WordPress Event Calendar – 403 error

This topic contains 8 replies, has 3 voices, and was last updated by  AITpro Admin 3 years, 7 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #6181

    Rob Brand
    Participant

    I am getting an error with
    Spider Event Calendar Plugin with BullettProof activated.

    You don’t have permission to access /art/wp-content/plugins/spider-event-calendar/front_end/spidercalendarbig.php on this server.

    #6182

    AITpro Admin
    Keymaster

    Check your BPS Security Log file and post ONLY the error that relates to the Spider Event Calendar/WordPress Event Calendar.

    #6184

    AITpro Admin
    Keymaster

    Let the plugin author know about this coding mistake.

    spidercalendarbig.php code line 19.  The $wpdb variable has global added to it outside of a function.  This can be commented out since global is only intended to be used within a function.  Or the code should be wrapped in a new function if that is what is needed.

    // let's load WordPress
    require_once( WP_LOAD_PATH . 'wp-load.php');
    global $wpdb;
    #6185

    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    The Spider Event Calendar has been tested and it uses admin-ajax.php to show events.

    1. Add this wp-admin .htaccess bypass / skip rule below to the this wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES.
    2. Click the Save wp-admin Custom Code button.
    3. Go to the BPS Security Modes page and activate wp-admin BulletProof Mode.

    # admin-ajax.php skip/bypass rule
    RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
    RewriteRule . - [S=2]

    Also another bug that I found in this plugin is that the first calendar you create does not show up in the javascript Calendar insert button dropdown list on the WP WYSIWYG Editor toolbar. The second calendar does show up and you can successfully choose/select it and insert it into pages or posts. Please notify the plugin author about this additional bug/coding problem.

    #6187

    AITpro Admin
    Keymaster

    One other thing that you should mention to the plugin author is that nowhere does it say that calendars are inserted into pages by clicking the insert calendar button in the pages or posts editor.  This help information should be everywhere.  Since I logically knew that this is probably what should be done I looked there first.  For someone who is not a coder or experienced with WordPress then they would have no idea what to do next.

    #18907

    Brendan Merritt
    Participant

    [Topic has been merged into this relevant Topic]

    Trying to view a single day or any other view I get the following error.:
    newpaltzvillage.org 403 Forbidden Error Page
    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
    IP Address: 72.43.178.90

    Here is what the log is telling me. I get a 403 error when trying to access any view from the calendar plugin. It seems to be a rule in the .htacess file that is causing it. I need to know how to get around this so the calendar can function.

    [403 GET / HEAD Request: November 4, 2014 7:02 pm]
    Event Code: WPADMIN-SBR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 72.43.178.90
    Host Name: rrcs-72-43-178-90.nyc.biz.rr.com
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.newpaltzvillage.org/village-board-agendas-minutes/
    REQUEST_URI: /wp-admin/admin-ajax.php?action=spiderbigcalendar_month_widget&theme_id=1&calendar=1&select=month,&date=2014-10&many_sp_calendar=1&cur_page_url=http://www.newpaltzvillage.org/village-board-agendas-minutes/&cat_id&widget=1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
    #18911

    AITpro Admin
    Keymaster

    @ Brendan Merritt – See the updated wp-admin admin-ajax.php Custom Code skip rule above in this Forum Topic.

    #18923

    Brendan Merritt
    Participant

    I cut and pasted the rule in above as suggested but I am still getting the same error. This is the log after applying the rule

    [403 GET / HEAD Request: November 7, 2014 2:20 pm]
    Event Code: WPADMIN-SBR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 71.169.22.237
    Host Name: pool-71-169-22-237.pghk.east.verizon.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.newpaltzvillage.org/calendar/
    REQUEST_URI: /wp-admin/admin-ajax.php?action=spidercalendarbig&theme_id=13&calendar_id=1&ev_ids=4&eventID=4&date=2014-11-6&many_sp_calendar=1&cur_page_url=http://www.newpaltzvillage.org/calendar/&widget=0&
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36
    #18931

    AITpro Admin
    Keymaster

    Did you do ALL of the Custom Code steps?  After adding the skip rule did you click the Save wp-admin Custom Code button and then activate wp-admin BulletProof Mode again?

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.