Wishlist Member blocked – 403 error

Home Forums BulletProof Security Pro Wishlist Member blocked – 403 error

Tagged: 

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #36624
    Terry
    Participant

    I am seeing the following log entry when using Wishlist Member plugin and it is not allowing new members to be added that purchase. It is also apparently blocking Wishlist Member to add new members to my Aweber autoresponder.

    [403 GET Request: November 14, 2018 - 12:31 am]
    BPS Pro: 13.7
    WP: 4.9.8
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 172.84.80.221
    Host Name: 172.84.80.221
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://theonlinemarketingnewsletter.com
    REQUEST_URI: /cgi-bin/webscr?cmd=_xclick-subscriptions&subscription_fallback=true&force_sa=true&xo_node_fallback=true&cmd=_xclick-subscriptions&business=sales%40theonlinemarketingnewsletter.com&item_name=Newsletter%20Product&item_number=1528327010&no_note=1&no_shipping=1&rm=2&bn=WishListProducts_SP&cancel_return=https%3A%2F%2Ftheonlinemarketingnewsletter.com&notify_url=https%3A%2F%2Ftheonlinemarketingnewsletter.com%2Findex.php%2Fregister%2FMVlmtz&return=https%3A%2F%2Ftheonlinemarketingnewsletter.com%2Findex.php%2Fregister%2FMVlmtz&currency_code=USD&charset=utf-8&a3=4.95&p3=1&t3=M&src=1&merchant_country=US&merchant_id=8XQNHQUWACG2U&merchant_email=sales%40theonlinemarketingnewsletter.com&wa_type=Subscription&fallback=1&force_sa=true&xo_node_fallback=true&shopping_cart_node_fallback=true
    QUERY_STRING: cmd=_xclick-subscriptions&subscription_fallback=true&force_sa=true&xo_node_fallback=true&cmd=_xclick-subscriptions&business=sales%40theonlinemarketingnewsletter.com&item_name=Newsletter%20Product&item_number=1528327010&no_note=1&no_shipping=1&rm=2&bn=WishListProducts_SP&cancel_return=https%3A%2F%2Ftheonlinemarketingnewsletter.com&notify_url=https%3A%2F%2Ftheonlinemarketingnewsletter.com%2Findex.php%2Fregister%2FMVlmtz&return=https%3A%2F%2Ftheonlinemarketingnewsletter.com%2Findex.php%2Fregister%2FMVlmtz&currency_code=USD&charset=utf-8&a3=4.95&p3=1&t3=M&src=1&merchant_country=US&merchant_id=8XQNHQUWACG2U&merchant_email=sales%40theonlinemarketingnewsletter.com&wa_type=Subscription&fallback=1&force_sa=true&xo_node_fallback=true&shopping_cart_node_fallback=true
    HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50
    #36625
    AITpro Admin
    Keymaster

    What is being blocked is:  cgi-bin in this BPS root htaccess file security rule:  RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]. To fix this issue do the steps below.

    1. Copy the modified BPS Query String Exploits code below to this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS. Note: If you already see existing BPSQSE code in this Custom Code text box then overwrite it. Rerunning the Wizards will run Setup Wizard AutoFix, which will add/combine any previous whitelisted rules back into the BPSQSE code in this Custom Code text box.
    2. Click the Save Root Custom Code button.
    3. Go to the Setup Wizard page and run the Pre-Installation Wizard and Setup Wizard.

    # BEGIN BPSQSE BPS QUERY STRING EXPLOITS
    # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too.
    # Good sites such as W3C use it for their W3C-LinkChecker.
    # Use BPS Custom Code to add or remove user agents temporarily or permanently from the
    # User Agent filters directly below or to modify/edit/change any of the other security code rules below.
    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    #RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F]
    # END BPSQSE BPS QUERY STRING EXPLOITS
    #36628
    Terry
    Participant

    I entered the code as you instructed but now I get this error after a person purchases:

    [14-Nov-2018 22:37:18 UTC] WordPress database error Illegal mix of collations (utf8mb4_unicode_ci,IMPLICIT) and (utf8mb4_unicode_520_ci,IMPLICIT) for operation '=' for query DELETE omn_wlm_contentlevels FROM omn_wlm_contentlevels LEFT JOIN omn_posts ON omn_wlm_contentlevels.content_id=omn_posts.ID AND omn_wlm_contentlevels.type=omn_posts.post_type WHERE omn_wlm_contentlevels.type NOT LIKE '~%%' AND omn_posts.ID IS NULL made by require('wp-blog-header.php'), require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('init'), WP_Hook->do_action, WP_Hook->apply_filters, call_user_func_array, WishListMember->Init, call_user_func, WishListMember->Paypal, WishListMemberCore->__call, call_user_func_array, WLM_INTEGRATION_PAYPAL->Paypal, WishListMemberPluginMethods->ShoppingCartRegistration, WishListMemberPluginMethods->WPMRegister, WishListMemberPluginMethods->SyncContent
    #36629
    AITpro Admin
    Keymaster

    That PHP error means exactly what it says, which is that 1 of the database tables is using utf8mb4_unicode_ci collation and the other 1 is using utf8mb4_unicode_520_ci collation.  I recommend that you send or post this PHP error to the Wishlist member plugin folks in case they need to change some of their plugin code that creates database tables/collation. The PHP error is not related to BPS in any way.  If you are familiar with phpMyAdmin then you can change the collation for 1 of the tables so the collation matches, but I can’t tell you which 1 to use. So I recommend that you ask the Wishlist member plugin folks about that.

    This SO forum post explains this PHP error in more detail > https://stackoverflow.com/questions/3029321/troubleshooting-illegal-mix-of-collations-error-in-mysql

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.