UpdraftPlus Google Drive – 403 error

Home Forums BulletProof Security Pro UpdraftPlus Google Drive – 403 error

Tagged: 

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • September 28, 2018 at 10:46 am #36514
    Hannah
    Participant

    I’m  trying to reauthorize the UpdraftPlus backups plugin to send files to my client’s Google Drive for storage but I’m getting 403 errors like this one. I’ve tried with and without PFW activated and after activating the Test Mode…no change. No minification plugins installed.:

    [403 GET Request: September 28, 2018 - 10:29 am]
BPS Pro: 13.7
WP: 4.9.8
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: GDPR Compliance On
Host Name: 47-36-184-11.dhcp.mdfd.or.charter.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER: https://accounts.google.com/signin/oauth/consent?authuser=1&part=AJi8hAPT3HfVNahLVx3B8j-jRNePlSsla63B8ic0iaG6UqgKz_22gWCXssNY7jkxNORsgx_RxqXHi6J4bn38l_0Ss0ospUYM7YI9CiSCYqHhv5oRucFrduAU8YaVRbjJUjjjyMv5f59DiIUtR1SySYvigV4go3b649R9pqrY6GT0U9RfItPzqkDRPD0GjxhA32Le1v2ENr-BjT0pV2NMd_ByYBLZ3gyjuffFIGfTcCJAS0JBs3BfR3tkkCqbtPVIntCO0r0Wy7f4YEeGT-6TPkd7ufURAjRx6XhC2n02zoSI49fCrP2xD7xBidWhBUuZ22FyscFOFn9nPjOBWKGxIbNg1Uk-XRQ18Nfn63Z2aX3O5gie18_g9jgKTeFmO02K3t_lUBcGgUYrVDAEBWjnVOoWrIW7y7aXu-7HRdasY4xEBNQoHoDF-YKWYIIDbmPXS6g-ndGS22ejwLLdPrbX1bky35YJQ-Aiehm3StOf9EJW48F2KQVRnFQp1OBt5_kiqsIXpF352UuI&hl=en&as=R8LMcnPV8ko1EWYdfOp1dQ
REQUEST_URI: /wp-admin/options-general.php?action=updraftmethod-googledrive-auth&state=token:s-3a66c1313d4ab4155a2cc536bcdab666&code=4/aABAB4iyzvt07baGawQlhqLAnFrzTiWRngb1oIrU3ADCDpJ6CUXxH4ceBh1uVzdqlmsr9wx4ThHX2egTsAb1hbI&scope=https://www.googleapis.com/auth/drive%20https://www.googleapis.com/auth/userinfo.profile
QUERY_STRING: action=updraftmethod-googledrive-auth&state=token:s-3a66c1313d4ab4155a2cc536bcdab666&code=4/aABAB4iyzvt07baGawQlhqLAnFrzTiWRngb1oIrU3ADCDpJ6CUXxH4ceBh1uVzdqlmsr9wx4ThHX2egTsAb1hbI&scope=https://www.googleapis.com/auth/drive%20https://www.googleapis.com/auth/userinfo.profile
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:62.0) Gecko/20100101 Firefox/62.0
    September 28, 2018 at 10:58 am #36516
    AITpro Admin
    Keymaster

    I believe this is going to be an RFI security rule problem in either the root and/or wp-admin htaccess file(s).  Give me a minute to test this and I will post a solution back here.

    September 28, 2018 at 11:08 am #36517
    AITpro Admin
    Keymaster

    Yep, this is an RFI security rule problem in the wp-admin htaccess file.  Do the steps below to whitelist the UpdraftPlus Query String, which is simulating an RFI hacking attempt against your website.  Important note: If you deactivate wp-admin BulletProof Mode in the future then the root htaccess file will block this UpdraftPlus Query String and you would need to whitelist the RFI security rules in the root htaccess file.  You do not need to do that at this time assuming you have root BulletProof Mode activated.

    1. Copy the modified wp-admin htaccess code below to this BPS wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    2. Click the Save wp-admin Custom Code button.
    3. Go to the Security Modes page and click the wp-admin BulletProof Mode Activate button.

    # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
# WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED
# Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
#RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    October 2, 2018 at 1:44 pm #36525
    Hannah
    Participant

    Sent this via email on the 28th and it bounced back to me just now so I didn’t realize you hadn’t seen it yet. But what I meant to say was that you are a rockstar! This worked perfectly, and I really appreciate your quick response, too!

    October 2, 2018 at 1:51 pm #36526
    AITpro Admin
    Keymaster

    Great! Glad to hear that worked. I like the easy ones.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.