WP MAIL SMTP plugin – 403 error

Home Forums BulletProof Security Pro WP MAIL SMTP plugin – 403 error

Tagged: 

This topic contains 4 replies, has 2 voices, and was last updated by  AITpro Admin 1 month ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #36520

    AITpro Admin
    Keymaster

    Problem description sent via email:
    1. I’m trying to send emails through WP MAIL SMTP plugin. After some step, i need to allow this plugin to send emails. When i click that option , i’m getting 403 forbidden error. Attached the screenshot here. Please guide to fix this issue.

    Solution:

    This is an RFI security rule problem in the wp-admin htaccess file.  Do the steps below to whitelist the WP Mail SMTP plugin Query String, which is simulating an RFI hacking attempt against your website.  Important note: If you deactivate wp-admin BulletProof Mode in the future then the root htaccess file will block this WP Mail SMTP plugin Query String and you would need to whitelist the RFI security rules in the root htaccess file.  You do not need to do that at this time assuming you have root BulletProof Mode activated.

    1. Copy the modified wp-admin htaccess code below to this BPS wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    2. Click the Save wp-admin Custom Code button.
    3. Go to the Security Modes page and click the wp-admin BulletProof Mode Activate button.

    # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    # WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED
    # Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
    #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F]
    # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS

    Security Log Entry:

    [403 GET Request: September 25, 2018 12:36 pm]
    BPS Pro: 13.7
    WP: 4.9.8
    Event Code: WPADMIN-SBR
    Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 127.0.0.1
    Host Name: 204414.cloudwaysapps.com
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: 202.83.58.250, 127.0.0.1
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-admin/options-general.php?page=wp-mail-smtp&tab=auth&code=4/ZQD550ryMZNyz-gh_FWjPnqpjRvAsa_c9tY6i7bu0X4xZnRilotc6Ck0YB_P6CLwRDjit9-We4qnfDkG7reAe8U&scope=https://mail.google.com/
    QUERY_STRING: page=wp-mail-smtp&tab=auth&code=4/ZQD550ryMZNyz-gh_FWjPnqpjRvAsa_c9tY6i7bu0X4xZnRilotc6Ck0YB_P6CLwRDjit9-We4qnfDkG7reAe8U&scope=https://mail.google.com/
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
    #38024

    Sandor
    Participant

    Hi AITpro admin,

    Can u help me to solve this problem at my own website?
    I have the samen issue but can’t find some documents/files you are writing about.

    Kind regards,
    Sandor

    #38029

    AITpro Admin
    Keymaster

    @ Sandor – Do have the BPS plugin installed?  Do you have any other WordPress security plugins installed?  What exactly is the problem?  Please post a BPS Security Log entry so I can take a look at it.  What documents/files are you trying to find?

    #38034

    Sandor
    Participant

    Well I can not find where to put the code you have written.

    I can share my wp login and php login, maybe you can have a look for me?

    My email address is sandor@citypoint.nl

    Kind regards,

    Sandor

    #38036

    AITpro Admin
    Keymaster

    Do have the BPS free plugin or the BPS Pro plugin installed?

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.