Home › Forums › BulletProof Security Pro › Website Security Protection – Upgrade to BPS Pro During an Attack
- This topic has 2 replies, 2 voices, and was last updated 9 years, 5 months ago by AITpro Admin.
-
AuthorPosts
-
JuliaParticipant
My site is currently being constantly beseiged by this low level attack. At least I guess it is low level, I am not sure what they are trying to accomplish. Here is one example – my security log fills up about once an hour.
My question is – what happens if I upgrade to Pro while this is going on since there will be a 30 second or more gap from removing the free version until Pro is installed? If there is a risk, how can I address it?
Here is an example of an entry in the log
[403 GET / HEAD Request: November 19, 2014 7:20 am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 24.68.69.39 Host Name: S010690b134fc3e83.gv.shawcable.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://www.meditateinvictoria.org/ REQUEST_URI: /wp-content/themes/infocus/lib/scripts/timthumb/thumb.php?src=http://meditatevancouverisland.org/wp-content/uploads/2014/10/Kids-Class-Banner.jpg&w=960&h=340&zc=1&q=100 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Thanks
JuliaAITpro AdminKeymasterThis does not look like an attack and instead looks like this site: meditateinvictoria.org is trying to retrieve an image file from this site: meditatevancouverisland.org. The way the image file is being retrieved simulates an RFI hacking attempt. If the meditatevancouverisland.org is your website, which it appears to be since the domain names are very similar then you would just need to whitelist the meditatevancouverisland.org domain to allow this type of image retrieval.
1. Copy the modified (your domains have been added to the code below) TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE code below to this BPS Root Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE # Use BPS Custom Code to modify/edit/change this code and to save it permanently. # Remote File Inclusion (RFI) security rules # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F] # # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php) RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).* RewriteCond %{HTTP_REFERER} ^.*(meditateinvictoria.org|meditatevancouverisland.org).* RewriteRule . - [S=1]
AITpro AdminKeymasterAnd yes if your site is under attack, which is pretty much a constant thing for all websites these days on the Internet, then upgrading from BPS free to Pro does not remove your website security protection during the upgrade from free to Pro.
-
AuthorPosts
- You must be logged in to reply to this topic.