WooCommerce /woocommerce_uploads/ folder – 403 error

Home Forums BulletProof Security Pro WooCommerce /woocommerce_uploads/ folder – 403 error

Tagged: ,

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • April 13, 2021 at 3:22 pm #40231
    AITpro Admin
    Keymaster

    Email Question:

    Been a while and I hope you are well. There’s this record I noticed today in the security log that I couldn’t make sense of. It got logged when I initiated an update to the WooCommerce plugin.

    [403 GET Request: April 13, 2021 - 7:29 pm]
BPS Pro: 15.3
WP: 5.7
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 65.1.29.89
Host Name: myservername.compute.amazonaws.com
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: xx.xx.xx.xx, xx.xx.xx.xx (IP address of this server)
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://www.thisdomain.com/wp-content/uploads/woocommerce_uploads/
REQUEST_URI: /wp-content/uploads/woocommerce_uploads/
QUERY_STRING:
HTTP_USER_AGENT: WordPress/5.7; https://www.thisdomain.com

    Any suggestions please?

    April 13, 2021 at 3:27 pm #40232
    AITpro Admin
    Keymaster

    WooCommerce creates 2 files in the in the /uploads/woocommerce_uploads/ folder.  An .htaccess file that denies access to any/all files in the /woocommerce_uploads/ folder and a blank index.html file.  Based on looking at the WooCommerce code they are planning on using the /woocommerce_uploads/ folder for various things in the future. The Security Log entry is the result of WooCommerce doing a simple check/test to make sure the /woocommerce_uploads/ folder is protected.  So it is not a problem. BPS logs all 403 errors whether or not BPS caused the 403 error. In this case WooCommerce intentionally caused the 403 error during their check/test to make sure the /woocommerce_uploads/ folder is protected.

    [403 GET Request: April 13, 2021 - 2:56 pm]
BPS Pro: 15.2
WP: 5.7
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 127.0.0.1
Host Name: DESKTOP-8TQEKNH
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://demo5.local/wp-content/uploads/woocommerce_uploads/
REQUEST_URI: /wp-content/uploads/woocommerce_uploads/
QUERY_STRING:
HTTP_USER_AGENT: WordPress/5.7; http://demo5.local
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.