Visual Composer – 403 error

Home Forums BulletProof Security Pro Visual Composer – 403 error

This topic contains 26 replies, has 5 voices, and was last updated by  Matt Zahy 1 year, 7 months ago.

Viewing 15 posts - 1 through 15 (of 27 total)
  • Author
    Posts
  • #25256

    hindssites
    Participant

    Visual Composer  is the editor that I design pages with. BPS not only blocks the editor  from making changes, but also gives me php error alerts. I turned off  the Root Folder Bullet Proof Mode and that stopped the problem so at least I know what is causing the problem. Below is an example Security Log Alert and a PHP Error alert that I am getting:

    [403 GET / HEAD Request: September 24, 2015 11:35 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 50.67.13.228
    Host Name: S0106e88d285787d7.vc.shawcable.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://mydomain.com/wp-admin/post.php?post=1199&action=edit
    REQUEST_URI: /wp-content/plugins/js_composer/assets/js/params/css_editor.js?_=1443137469245
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0

    PHP Error

    [13-Jun-2015 02:01:05 UTC] PHP Warning:  Invalid argument supplied for foreach() in /home/xxxxxxx/public_html/mydomain.com/wp-content/plugins/js_composer/include/classes/shortcodes/shortcodes.php on line 1005
    #25258

    AITpro Admin
    Keymaster

    UPDATE: BPS Pro 13+ and BPS 2.0+ versions have a feature called: Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup) that automatically creates plugin and theme whitelist rules and automatically sets up and cleans up caching plugins htaccess code.

    Probably requires both a wp-admin skip/bypass rule and a root skip/bypass rule:

    1. Copy this wp-admin skip/bypass rule to this BPS wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES

    # post.php skip/bypass rule 
    RewriteCond %{REQUEST_URI} (post\.php) [NC] 
    RewriteRule . - [S=2]

    2. Click the Save wp-admin Custom Code button.
    3. Copy this root skip/bypass rule to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES

    # Plugin Name Here skip/bypass
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/js_composer/ [NC]
    RewriteRule . - [S=13]

    4. Click the Save Root Custom Code button.
    5. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button and click the wp-admin BulletProof Mode Activate button.

    #25312

    hindssites
    Participant

    Thanks so much for the code to bypass the Visual Composer. It works perfectly.

    #25315

    AITpro Admin
    Keymaster

    Great!  Thanks for confirming it works.

    #25379

    hindssites
    Participant

    It appears I spoke a bit early as I discovered that after applying your suggestion Bullet Proof Pro is still blocking parts of Visual Composer to work. To actually use the composer I have to disable the htaccess files. The latest log is the following:

    [403 GET / HEAD Request: September 29, 2015 7:22 am]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 50.67.13.228
    Host Name: S0106e88d285787d7.vc.shawcable.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://mydomain.com/wp-admin/post.php?post=1199&action=edit
    REQUEST_URI: /wp-content/plugins/js_composer/assets/js/params/all.js?_=1443510688625
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0
    #25381

    AITpro Admin
    Keymaster

    Send a WordPress Administrator login to this site to info at ait-pro dot com.  Include specific details on what to check/test.  ie I go to X and click on X and X does/does not happen/error occurs.

    #25398

    AITpro Admin
    Keymaster

    I found several coding mistakes in the wp-config.php file for this site.  Please test things now and let me know if everything is working.  If you would like for me to test things then I would need this information:  “Include specific details on what to check/test. ie I go to X and click on X and X does/does not happen/error occurs.”

    W3TC code was found in your wp-config.php file, but the W3TC plugin is not installed on this site.  Deleted the old W3TC constant code from the wp-config.php file.

    /** Enable W3 Total Cache */
    define('WP_CACHE', true); // Added by W3 Total Cache

    The FS_CHMOD_DIR and FS_CHMOD_FILE define constant code was added several times in your wp-config.php file and in the wrong locations in your wp-config.php file.  That could definitely cause a wide range of intermittent problems.  Removed all invalid code from the wp-config.php file.

    #27225

    MMBCB
    Participant

    [Topic has been merged into this relevant Topic]
    My IP is showing up in the Security Log:

     [403 GET Request: December 11, 2015 - 4:16 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: MY IP
    Host Name: MY HOST (I think)
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://example.com
    REQUEST_URI: /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=4.9
    QUERY_STRING:
    HTTP_USER_AGENT: MY MACHINE

    I think this may be related, I just created a post (did not happen until I published) and one of the images uploaded shows up in the security log.  It appears to be a data center that may be related to my website, so I am not sure if I should post the IP:

     [403 GET Request: December 11, 2015 - 6:02 pm]
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: XXX
    Host Name: XXX (the exact same as REMOTE_ADDR)
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2015/12/Boston_Tea_Party-1.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: Google-HTTP-Java-Client/1.17.0-rc (gzip)
    #27230

    AITpro Admin
    Keymaster

    @ MMBCB – See the solution in this same Forum Topic Reply above to fix the Visual Composer issue/problem:  http://forum.ait-pro.com/forums/topic/visual-composer-blocked-by-bps-pro/#post-25258

    The second Security Log entry shows that “java” is being blocked in the User Agent.  See the solution here:  http://forum.ait-pro.com/forums/topic/scoop-it-403-error/#post-2290

    #27236

    MMBCB
    Participant

    I performed both steps, what about this part “Older General Additional Info:” , I can’t tell for sure if it applies, I did not use it:

    #27238

    AITpro Admin
    Keymaster

    The “Older General Additional Info” was just older information about the issue/problem in that particular topic and does not apply to the new information in the forum topic.

    #27249

    MMBCB
    Participant

    This appeared to fix the problem, but it has arisen again.  I may have a JavaScript problem on the website as well that I am looking into (post sharing buttons not working as expected):

     [403 GET Request: December 12, 2015 - 1:25 pm]
    Event Code: PFWR-PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: MY IP
    Host Name: INTERNET PROVIDER
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://example.com/
    REQUEST_URI: /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=4.9
    QUERY_STRING:
    HTTP_USER_AGENT: My Computer 
    #27250

    AITpro Admin
    Keymaster

    If the problem came back that would have to mean something has/was changed and the code below no longer exists in your root htaccess file.  Check your root htaccess file code on the htaccess File Editor tab page > Your Current Root htaccess File tab and make sure this code below exists in your root htaccess file.

    # Plugin Name Here skip/bypass
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/js_composer/ [NC]
    RewriteRule . - [S=13]

    I assume you also added the wp-admin skip/bypass rule for post.php?

    # post.php skip/bypass rule 
    RewriteCond %{REQUEST_URI} (post\.php) [NC] 
    RewriteRule . - [S=2]
    #27251

    MMBCB
    Participant

    Apologies, intended to write that I checked the custom code before posting.  Just looked at the .htaccess file and the skip/bypass code is indeed there.

    #27252

    AITpro Admin
    Keymaster

    Ok, but just an FYI on the difference between Custom Code and the actual code in your htaccess files.  Custom Code saves any custom htaccess code to your database when you click the “Save Custom Code” buttons.  Activating Root BulletProof Modes grabs your saved custom code from your database and creates your custom code in your htaccess files.

    I will need to login to your website to find out what the problem is on your website.  Send a WordPress Administrator login to info at ait-pro dot com.

Viewing 15 posts - 1 through 15 (of 27 total)

You must be logged in to reply to this topic.