Home › Forums › BulletProof Security Pro › Ultimate Member Social Login – 403 error
Tagged: 403 error
- This topic has 0 replies, 1 voice, and was last updated 4 years ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
A 403 error occurs when trying to login using Ultimate Member Social Login facebook and google social logins. See BPS Security Log entries below.
1. Copy the modified BPS Query String Exploits code below into this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
2. Click the Save Root Custom Code button to save your Root custom code. Note: If you see an error or are unable to save your custom code due to ModSecurity CRS installed on your web host server then click the Encrypt Custom Code button first and then click the Save Root Custom Code button.
3. Go to the BPS Setup Wizard page and run the Pre-Installation Wizard and Setup Wizard.# BEGIN BPSQSE BPS QUERY STRING EXPLOITS # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too. # Good sites such as W3C use it for their W3C-LinkChecker. # Use BPS Custom Code to add or remove user agents temporarily or permanently from the # User Agent filters directly below or to modify/edit/change any of the other security code rules below. RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE BPS QUERY STRING EXPLOITS
Security Log 403 errors
[403 GET Request: March 1, 2020 - 5:47 pm] BPS Pro: 14.4 WP: 5.3.2 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 31.13.103.14 Host Name: fwdproxy-odn-014.fbsv.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /login/,https://www.example.com/register/,https://www.example.com/share-your-memorial/,https://www.example.com/register/?provider=facebook,https://www.example.com/login/?provider=facebook,https://www.example.com/share-your-memorial/?provider=facebook QUERY_STRING: provider=facebook,https://www.example.com/login/?provider=facebook,https://www.example.com/share-your-memorial/?provider=facebook HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php) [403 GET Request: March 1, 2020 - 8:08 pm] BPS Pro: 14.4 WP: 5.3.2 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 185.92.26.44 Host Name: 185.92.26.44 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.example.com/register/ REQUEST_URI: /register/?provider=google&state=HA-8HA4JIOSRX2D59T7UQEPZ16LK3WYC0FGBNMV&code=4/xAHjMgRG1JStI05n5YGbyBdwWehrTiEH2mYx5K2t-5_PJO9gWSs8tgYoyHXE61tgLV9rLNQmq1CywyY_GqpDutE&scope=email+profile+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email+openid&authuser=0&prompt=none QUERY_STRING: provider=google&state=HA-8HA4JIOSRX2D59T7UQEPZ16LK3WYC0FGBNMV&code=4/xAHjMgRG1JStI05n5YGbyBdwWehrTiEH2mYx5K2t-5_PJO9gWSs8tgYoyHXE61tgLV9rLNQmq1CywyY_GqpDutE&scope=email+profile+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email+openid&authuser=0&prompt=none HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36
-
AuthorPosts
- You must be logged in to reply to this topic.