cURL Scanner not working, cURL Scanner blocked

Home Forums BulletProof Security Pro cURL Scanner not working, cURL Scanner blocked

Tagged: 

This topic contains 6 replies, has 2 voices, and was last updated by  Leo A. Geis 4 years, 7 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #11587

    Leo A. Geis
    Participant

    Kimili Flash Embed Plugin doesn’t seem to cooperate with the cURL functionality, so I went through the plugin’s folders and pulled the .js and .swf files, and entered them into the Firewall Whitelist Text Area: I also included a .swf address that will not appear in its page (/2012/12/idaho-capitol-winter-snow-aerial.swf, which sits on the page idahoairships.com/2012/12/25/a-synthetically-white-christmas-in-boise-idaho/

    /kimili-flash-embed/lib/expressInstall.swf, /jetpack/modules/sharedaddy/sharing.js, qver=20121205.pagespeed.jm.QXaty7iUIZ.js, /kimili-flash-embed/admin/config.php, /kimili-flash-embed/kml_fashembed.php, /kimili-flash-embed/admin/config.php, /kimili-flash-embed/js/kfe.js, /kimili-flash-embed/swfobject.js, /kimili-flash-embed/lib/tinymce3/editor_plugin.js, /kimili-flash-embed/lib/tinymce3/langs/en.js, /2012/12/idaho-capitol-winter-snow-aerial.swf, /kimili-flash-embed/lib/tinymce3/langs/es.js, /kimili-flash-embed/lib/tinymce3/langs/be.js, /kimili-flash-embed/lib/tinymce3/langs/ru.js

    From my Security Log:

    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - December 1, 2013 - 4:26 pm <<<<<<<<<<<
    REMOTE_ADDR: 24.119.239.2
    Host Name: 24-119-239-2.cpe.cableone.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.idahoairships.com/2012/12/25/a-synthetically-white-christmas-in-boise-idaho/
    REQUEST_URI: /wp-content/uploads/2012/12/idaho-capitol-winter-snow-aerial.swf
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36

    I then saved the Whitelist, put things in BulletProof Mode (“plugins.htaccess to your plugins folder and renames the file name to just .htaccess”), and clicked the Activate Button. I checked the .htaccess file in my plugins folder, and everything seems OK:

    # BEGIN WHITELIST: Frontend Loading Website Plugin scripts/files
    SetEnvIf Request_URI "/bulletproof-security/400.php$" whitelist
    SetEnvIf Request_URI "/bulletproof-security/403.php$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/lib/expressInstall.swf$" whitelist
    SetEnvIf Request_URI "/jetpack/modules/sharedaddy/sharing.js$" whitelist
    SetEnvIf Request_URI "qver=20121205.pagespeed.jm.QXaty7iUIZ.js$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/admin/config.php$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/kml_fashembed.php$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/admin/config.php$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/js/kfe.js$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/swfobject.js$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/lib/tinymce3/editor_plugin.js$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/lib/tinymce3/langs/en.js$" whitelist
    SetEnvIf Request_URI "/2012/12/idaho-capitol-winter-snow-aerial.swf$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/lib/tinymce3/langs/es.js$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/lib/tinymce3/langs/be.js$" whitelist
    SetEnvIf Request_URI "/kimili-flash-embed/lib/tinymce3/langs/ru.js$" whitelist
    # END WHITELIST

    So, I’m kind of lost on where to go from here… Any ideas?

    #11589

    AITpro Admin
    Keymaster

    If you wanted to get frontloading plugin scripts manually then you could look at the source code of a website page and grab only plugin scripts with this path /plugins/ blah and ending with either a .js, .php or .swf file extension, but that is the most difficult way to go about getting frontloading plugin scripts. I use Kimili on a website and the only plugin whitelist rule that is needed is this one:

    /kimili-flash-embed/lib/expressInstall.swf

    Jetpack loads a ton of frontloading plugin scripts so using Regular Expressions (.*) to match all .js Jetpack scripts is the way to go. These are the only 2 plugin script whitelist rules (valid) so far.  if you have Jetpack installed there are more.

    /kimili-flash-embed/lib/expressInstall.swf, /jetpack/modules/(.*).js

    If the cURL scanner is unable to detect a frontloading plugin scripts that needs to be whitelisted then that plugin script will be logged in the Security Log file.  So it is much simpler to get plugin scripts from your Security Log if the cURL scanner is not automatically finding them.

    Help & FAQ resources
    http://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/
    http://forum.ait-pro.com/forums/topic/security-log-http-error-log-read-me-first/
    http://forum.ait-pro.com/video-tutorials/#security-log-firewall

    This does not appear to be a valid Plugin Firewall whitelist rule.  I will scan your site remotely and see what happens.

    qver=20121205.pagespeed.jm.QXaty7iUIZ.js

    This actually has to do with UAEG and not the Plugin Firewall since the path does not contain /plugins/ in the path and instead is a file in your /uploads folder.

    /wp-content/uploads/2012/12/idaho-capitol-winter-snow-aerial.swf

    You would do what is shown in this link below except do this for swf files and not gz or tar files.
    http://forum.ait-pro.com/forums/topic/unable-to-download-gz-or-tar-files-uploads-anti-exploit-guard-htaccess-file/#post-6514

    #11590

    AITpro Admin
    Keymaster

    Yes, you are correct – the cURL scanner is being blocked on your site internally and remotely – I am not getting anything when scanning your site.  So that means your web host or something else you have installed is preventing cURL scanning of your website.  That leaves you with getting frontloading plugin scripts from your Security Log file.

    #11598

    AITpro Admin
    Keymaster

    I have a feeling that the issue you had with the Wizards and the cURL Scanner not working may have to do with Google pagespeed.  Not sure about that, but looking at how the URL’s are all transformed in the Source Code of your website pages I would not be surprised if that is the issue.  At some point I will get around to testing pagespeed.  It is on the to do list and is getting closer to the top of the list.  😉

    #11600

    Leo A. Geis
    Participant

    Solved the .swf rejection: http://www.idahoairships.com/bps/bps.html One thing I neglected to cover: when I try to install a Kimili Flash Embed instance via the icon in the “Kitchen Sink” authoring environment, I get a nastygram:

    You don't have permission to access /wp-content/plugins/kimili-flash-embed/admin/config.php on this server.
    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

    This in spite of having that config.php whitelisted. However, if I just copy the instance out of a previous post and paste it in the new document/page/post, and change the URL…it works perfectly, so the fracture is somewhere between the Kitchen Sink icon and whatever functionality is downstream from it. Sure hope you’re not having to deal with this on Sunday night…

    #11629

    AITpro Admin
    Keymaster

    Had a busy morning so just watched the video link you posted. 😉

    Yes, the method you chose to move your swf to another folder other than the /uploads folder is a much better solution then removing the swf file extension from the UAEG .htaccess file.

    The PHP Error is caused by invalid code in your wp-config.php file.  It will occur continuously and constantly until that code is fixed.  So what you are seeing is those errors occurring so frequently/constantly that resetting your php error log timestamp is clearing/resetting the timestamp, but you are getting new php errors right away so what needs to happen is the coding problem in your wp-config.php file needs to be fixed to solve this permanently.

    At the bottom of your wp-config.php file you should see this standard WordPress wp-config.php code. If this code has been altered then what you can do is look at the wp-config-sample.php file that comes with WordPress to use this file to compare with your wp-config.php file code and make any changes that are necessary to fix the code in your wp-config.php file.

    /** Absolute path to the WordPress directory. */
    if ( !defined('ABSPATH') )
    define('ABSPATH', dirname(__FILE__) . '/');
    
    /** Sets up WordPress vars and included files. */
    require_once(ABSPATH . 'wp-settings.php');
    #11638

    Leo A. Geis
    Participant

    Worked perfectly. You are a superstar-thanks for the help: my installations are functioning perfectly.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.