Home › Forums › BulletProof Security Pro › Warnings during upadate to 3.7
- This topic has 29 replies, 2 voices, and was last updated 10 years, 5 months ago by
AITpro Admin.
-
AuthorPosts
-
Krzysztof
ParticipantI’m trying to fix this since the beginning:
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - 28/10/2013 - 22:10 <<<<<<<<<<< REMOTE_ADDR: 185.5.98.32 Host Name: vz13304.dahost.pl SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/2013/10/t1.jpg QUERY_STRING: HTTP_USER_AGENT: WordPress/3.7; https: //www.infolotnicze.pl
everything worked fine till updating to 3.7 today. The problem with the plugin might be coused of lack of a script from the plugin in whitleist file. Now I have added it and will se what will come.
I have aded this line to whitelist tool:
/microkids-related-posts/microkids-related-posts.js
should ther be a coma on the end?
I htaces I have someting like this:
SetEnvIf Request_URI "/microkids-related-posts/microkids-related-posts.js$" whitelist
But why do I get tose errors from BPS when eveything worked fine? What did 3.7 change so BPS PRO is seeing an error?
AITpro Admin
KeymasterI am not sure if something changed or not in WP 3.7 that could be related to these things. It could be completely coincidental. I am not seeing any problems on the any of the sites I have updated to WP 3.7.
Have you done the BPS troubleshooting steps to see if the problems are directly related to BPS? Also the BPS Pro troubleshooting steps should be done 1 by 1 and then test so that you will know exactly what is causing a problem.
ParticipantI did:
Step 1
Step 2Then I have uploaded a photo to a post and published it. The same photo was also inserted into the very same post. – no errors
Then I have deleted the photo and the post. Went back to BPS Setings, restored the previous htaccess file (the BPS one which only has caching code, and rewrite loop for SSL), and I have made a new post with the same photo in the sam ecategory and I got:
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - 28/10/2013 - 22:49 <<<<<<<<<<< REMOTE_ADDR: 185.5.98.32 Host Name: vz13304.dahost.pl SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/2013/10/t1.jpg QUERY_STRING: HTTP_USER_AGENT: WordPress/3.7; https: //www.infolotnicze.pl
KeymasterThis error is caused by the new Brute Force Login page protection code. Remove that code by following these steps.
http://forum.ait-pro.com/forums/topic/warnings-during-upadate-to-3-7/#post-10717
Also check your Root .htaccess file and make sure you do not have this code or similar code anywhere else in your root .htaccess file.
# BRUTE FORCE LOGIN PAGE PROTECTION # Protects the Login page from SpamBots & Proxies # that use Server Protocol HTTP/1.0 or a blank User Agent RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$ RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR] RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$ RewriteRule ^(.*)$ - [F,L]ParticipantI did all your steps again and it again doesn’t work:
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - 29/10/2013 - 08:16 <<<<<<<<<<< REMOTE_ADDR: 185.5.98.32 Host Name: vz13304.dahost.pl SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/2013/04/6.-II-faza-pod-Płowcami-12.00-15.00.jpg QUERY_STRING: HTTP_USER_AGENT: WordPress/3.7; https://www.infolotnicze.pl
My logi protection looks like this:
# CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION #
So I do not have the code inside. I did it previously as stated here http://forum.ait-pro.com/forums/topic/warnings-during-upadate-to-3-7/#post-10721 so twice – no go. Why do you insist that it is something on my side as the problem started to occur when I updated to 3.7? How to debug? Where and for what to search?
ParticipantNow this is getting more and more interesting:
>>>>>>>>>>> 403 GET or HEAD Request Error Logged - 29/10/2013 - 13:12 <<<<<<<<<<< REMOTE_ADDR: 88.220.106.46 Host Name: 88.220.106.46 SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/2012/02/KA27-300x199.jpg QUERY_STRING: HTTP_USER_AGENT: OpenOffice/4.0.0
KeymasterOk maybe I was not telling you specifically what to look for and was being too general about what to look for. What you should look for in your root .htaccess file is any code that is checking the Server Protocol. Send me your root .htaccess file so I can look at what is in it. Send to info [at] ait-pro [dot] com
When i go to this URL i get a 404 error. infolotnicze.pl/wp-content/uploads/2012/02/KA27-300×199.jpg
There is something wrong with your linking structure or permalinks on this site.
Maybe you should just restore your website from a backup and then not upgrade to WordPress 3.7 until you can figure out what is causing all these problems. Or try deactivating all of your plugins to see if a plugin is causing these problems. Then switch your Theme to see if your Theme is causing all of these problems.
KeymasterAlso we are done with testing BPS Pro 7.7 so we are now creating the help text so for the next 1-2 days we will be focusing on finalizing BPS Pro 7.7 for public release since it is time sensitive and critical. We need to get BPS Pro 7.7 released before WordPress releases WP 3.7.1. I will be able to spend more time looking at whatever is wrong on your site after we get BPS Pro 7.7 released to everyone. At this point I cannot afford to spend too much time on whatever is going on on your site. Sorry and Thanks.
ParticipantNo problem – the site works form a users point of view so we only need to figure out what is broken under the hood.
The imgae is removed from the server while doing a cleanup from unused images by the new theme.
I can also give a big fat warning for people wanting to use a plugin which removes unused images – it will wipe out the images from galleries as the are not used in a post – we are recovering from this to.
I will send you the htaccess emediatly and keep my fingers crossed for the 7.7 version.
KeymasterYour root .htaccess file looks fine and i do not see any code that is using HTTP/1.0 Server Protocol conditions to block hackers and spammers so I have no idea what else might be doing that on your website – another plugin etc.
Regarding your SSL .htaccess code in your root .htaccess file. Here is some more advanced SSL .htaccess code if you want to try it.
ParticipantThank you!
I have insterted it in the apropriate section in custom code and it works 😉
KeymasterI just realized that the Custom Code instructions were outdated. With the new additional Custom Code text boxes that were added in later versions of BPS you would want to add your SSL code to this new Custom Code text box below. I have updated the instructions in this Forum Topic.
CUSTOM CODE WP REWRITE LOOP START: Add www to non-www/non-www to www code here
ParticipantWell I did put it in the corect place 😉 While browsing the fields I have spotted this with loop so I have dediced to give it a shot 😉 Thanks anyway!
ParticipantAnd it stopped. I did not change a thing. I only errased the ignore list. But now I do not get as many errors as previously, and the strange ones stopped. Magic?
KeymasterI guess you have less hackers who are trying to hack your website or less spammers or less scrapers or less miners or less harvesters…………………………………………………….
-
AuthorPosts
- You must be logged in to reply to this topic.