Website Security Protection – Upgrade to BPS Pro During an Attack

Home Forums BulletProof Security Pro Website Security Protection – Upgrade to BPS Pro During an Attack

This topic contains 2 replies, has 2 voices, and was last updated by  AITpro Admin 3 years, 7 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #19273

    Julia
    Participant

    My site is currently being constantly beseiged by this low level attack.  At least I guess it is low level, I am not sure what they are trying to accomplish.  Here is one example – my  security log fills up about once an hour.

    My question is – what happens if I upgrade to Pro while this is going on since there will be a 30 second or  more gap from removing the free version until Pro is installed?  If there is a risk, how can I address it?

    Here is an example of an entry in the log

    [403 GET / HEAD Request: November 19, 2014 7:20 am]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 24.68.69.39
    Host Name: S010690b134fc3e83.gv.shawcable.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.meditateinvictoria.org/
    REQUEST_URI: /wp-content/themes/infocus/lib/scripts/timthumb/thumb.php?src=http://meditatevancouverisland.org/wp-content/uploads/2014/10/Kids-Class-Banner.jpg&w=960&h=340&zc=1&q=100
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

    Thanks
    Julia

    #19275

    AITpro Admin
    Keymaster

    This does not look like an attack and instead looks like this site:  meditateinvictoria.org is trying to retrieve an image file from this site: meditatevancouverisland.org.  The way the image file is being retrieved simulates an RFI hacking attempt.  If the meditatevancouverisland.org is your website, which it appears to be since the domain names are very similar then you would just need to whitelist the meditatevancouverisland.org domain to allow this type of image retrieval.

    1.  Copy the modified (your domains have been added to the code below) TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE code below to this BPS Root Custom Code text box:  CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Remote File Inclusion (RFI) security rules
    # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F]
    #
    # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
    RewriteCond %{HTTP_REFERER} ^.*(meditateinvictoria.org|meditatevancouverisland.org).*
    RewriteRule . - [S=1]
    #19277

    AITpro Admin
    Keymaster

    And yes if your site is under attack, which is pretty much a constant thing for all websites these days on the Internet, then upgrading from BPS free to Pro does not remove your website security protection during the upgrade from free to Pro.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.