uploads cache – 23b58def11b45727d3351702515f86af.js

Home Forums BulletProof Security Pro uploads cache – 23b58def11b45727d3351702515f86af.js

This topic contains 5 replies, has 2 voices, and was last updated by  Gary M. Gordon 5 years, 9 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #13785

    AITpro Admin
    Keymaster

    Email Question:

    Hi.

    I’m hoping you can help me understand what’s causing this, and how to resolve it. In my security log for [domain name removed for privacy] .. I keep seeing:

    >>>>>>>>>>> 403 GET or HEAD Request Error Logged - March 12, 2014 - 7:48 am <<<<<<<<<<<
    REMOTE_ADDR: 130.156.5.254
    Host Name: 130.156.5.254
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://[domain name removed for privacy]/about-our-firm/
    REQUEST_URI: /wp-content/uploads/cache/23b58def11b45727d3351702515f86af.js?ver=3.8.1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36

    But the cache .js file is empty. The file does show up in this folder, but it’s empty.

    I added /uploads/cache/(.*).js to the whitelist area .. but after I delete the security log and reset the last modified date, the security log info keeps reoccurring.

    I previously had W3 Total Cache installed. But after deleting it, and making sure there wasn’t anything in the .htaccess or wp-config files ..referencing W3 Total Cache, the security log for this .js file in /uploads/cache/… keeps reoccurring every time.

    It seems to be causing a problem when I visit the page, where the “text” doesn’t appear until I visit another page first and then come back to the home page. Just odd.

    I’m curious if you might understand what is causing this to reoccur and reappear after I keep deleting it. I don’t have any other caching set up or running. There’s also nothing in the “Custom Code” area of BPS. Any thoughts? And again .. even when I whitelist /uploads/cache/(.*).js the error keeps showing up.

    I was hoping you might know something or have some thoughts.

    Gary

    #13786

    AITpro Admin
    Keymaster

    I am not exactly sure what this is, but I have a hunch it has to do with leftover CDN configuration files either from W3TC or another CDN setup.  When I check the Source Code of the website I see that W3TC is still caching files on this website (see below).  I do not believe you need to whitelist anything and instead need to fix whatever this issue/problem is.

    See this website for instructions on how to manually remove W3TC:  http://www.tech-recipes.com/rx/36504/wordpress-manual-uninstall-of-w3-total-cache/

    Notes:  Turn Off AutoRestore while manually editing or removing files on the website.  Your root .htaccess file and your wp-config.php file should be unlocked for W3TC manual removal or manual file editing.  After you are done manually editing or removing files go to AutoRestore and click the appropriate (whichever folder you were changing/editing/removing files under) Delete Files button to remove old backup copies of files that have been removed from the site and then click the appropriate (whichever folder you were changing/editing/removing files under) Backup Files buttons.

    <!-- Performance optimized by W3 Total Cache. Learn more: http://www.w3-edge.com/wordpress-plugins/
    
    Served from: [domain name removed for privacy] @ 2014-03-12 10:12:07 by W3 Total Cache -->

    General Help Info:  The BPS Pro Plugin Firewall protects the WordPress /plugins folder.  The BPS Pro Uploads Anti-Exploit Guard (UAEG) protects the WordPress /uploads folder.  To whitelist things for the Plugin Firewall you would use the Plugin Firewall Whitelist Text area.  To whitelist things for UAEG you would edit the UAEG .htaccess file on the htaccess File Editor page.

    http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/

    #13790

    Gary M. Gordon
    Participant

    Thank you.  Your instructions at  http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ perfectly allowed me to stop the security log entry from occurring.  🙂

    I’m not sure if it’s related or not, but the issue (in Chrome) with “It seems to be causing a problem when I visit the page, where the “text” doesn’t appear until I visit another page first and then come back to the home page. Just odd.” still is happening.

    I checked this from another device .. at another location, and confirmed that when I use Chrome (not Firefox for example) and visit the website I originally emailed you, I don’t see the text on the home page .. until I first go to another page and then back to the home page.

    Could something be blocked?

    Gary

    #13791

    AITpro Admin
    Keymaster

    Creating an exclusion for the Security Log error check is using a band-aid solution for the actual problem.  You need to fix the actual problem that is occurring and not make the errors/log entries go away.  The problem is still occurring, but now you are not getting warnings/log entries that the problem is still occurring.

    There are alot of issues going on with the current Google Chrome Browser version that affects anything having to do with javascript.  Google is working on a solution for these issues.  If the problem is only occuring in Google Chrome then most likely it is because of these known issues in the current version of Chrome. Or of course it could be that another plugin that is having issues with the new Chrome version is where the problem is coming from.  BPS Pro itself does not have any issues with the current version of Chrome.

    General information about how code works and is processed for website applications

    In php coding as well as most if not all coding languages for website applications you are always seeing the results/text of whatever code function was processed last.  So if what you are talking about is this scenario:  you click something and you see a displayed message.  You then click somewhere else and that displayed message goes away.  What has occurred is you will always see the last functions that were processed/the last displayed messages.  Let’s say you click a button and you see a displayed message.  You then click anywhere else and that message goes away, but you see a new message.  The new message is displaying the last function that was processed.  A simple way of thinking about this is human terms is you are always seeing the past in displayed messages, cannot see the future and the present is frozen in time until you refresh your browser or click anywhere to be in the real present.  Of course what you are seeing one millisecond after refreshing your Browser is then the past again and not the present.

    #13792

    AITpro Admin
    Keymaster

    Another possibility is that the error is some new form of hacker recon.  The Server Protocol is HTTP/1.0 which typically indicates a hacker or spammer attack, probe or recon.

    …but I found clues that this could be related to a CDN and the other factor is you said you removed W3TC from this website and I was still seeing that W3TC is still in use on this website and caching files on this website.

    #13797

    Gary M. Gordon
    Participant

    Thanks.  After doing more research, with my page loading issue, I believe it is due to the current Chrome issue you identified.  Thanks.  And thank you for pointing out that what we implemented in the .htaccess is not a fix, but simply a band-aid.  haha  🙂

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.