Home › Forums › BulletProof Security Pro › WP4FB database error
Tagged: WP4FB
- This topic has 32 replies, 2 voices, and was last updated 10 years, 11 months ago by Andre.
-
AuthorPosts
-
AITpro AdminKeymaster
Email Question:
But now I installed the plugin why I am doin this multisite, its called wp4fb and takes the fanpages I create with and marketing actions over to Facebook.
I get constant php errors on that plugin now, what should I do?
like this:[BPS Pro htaccess Protected Secure PHP Error Log] [20-Apr-2013 12:46:43 UTC] WordPress-Datenbank-Fehler Table '385_lis.wp_wp4fb_general' doesn't exist für Abfrage SELECT widget_count FROM wp_wp4fb_general von activate_plugin, include_once('/plugins/wp4fb/wp4fb.php') [20-Apr-2013 12:49:40 UTC] WordPress-Datenbank-Fehler Unknown column 'language' in 'field list' für Abfrage SELECT language FROM wp_wp4fb_general von do_action('wp4fb_page_wp4fb_admin'), call_user_func_array, wp4fb_admin, include('/plugins/wp4fb/settings/wp4fb_admin.php')
? Any idea?
AITpro AdminKeymasterDo you see any logged errors in your BPS Pro Security Log related to the WP4FB plugin? If so, post them here.
This is a logical guess, but may or may not have anything to do with the issue/problem: Try whitelisting these 2 plugin scripts in your Plugin Firewall whitelist and see if that solves the problem.
/wp4fb/wp4fb.php, /wp4fb/settings/wp4fb_admin.php
AITpro AdminKeymasterEmail Reply:
Hi,
I searched the forum, but I cannot get this wp4fb plugin whitelisted.
It is constantly causing problems to use it from backend.
Addiotionally I seem to cannot use the cURL scannerSecurity Log:
>>>>>>>>>>> 403 GET or Other Request Error Logged - April 26, 2013 - 4:43 pm <<<<<<<<<<< REMOTE_ADDR: 93.216.43.167 Host Name: p5DD82BA7.dip0.t-ipconnect.de HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https: //[domain removed for privacy]/wp-admin/admin.php?page=Live_Edit&template=14 REQUEST_URI: /wp-content/plugins/wp4fb/settings/imgsize.php?w=195&img=https://[domain removed for privacy]/wp-content/uploads/2013/04/grunge_wall.png QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31
PHP Error Log:
[26-Apr-2013 14:35:26 UTC] PHP Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in /var/www/virtual/xxxxx/htdocs/wp-content/plugins/bulletproof-security/admin/tools/tools.php on line 2290
AITpro AdminKeymasterTry whitelisting the imgsize.php file in this security filter in your root .htaccess file. Add imgsize\.php| as shown below.
1. Copy the modified TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE code below to this BPS Root Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.IMPORTANT!!!: Edit the code below after copying it to BPS Custom Code and replace “example.com” with your actual website domain name.
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE # Use BPS Custom Code to modify/edit/change this code and to save it permanently. # Remote File Inclusion (RFI) security rules # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule .* index.php [F] # # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php) RewriteCond %{REQUEST_URI} (imgsize\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).* RewriteCond %{HTTP_REFERER} ^.*example.com.* RewriteRule . - [S=1]
The PHP Error is telling you exactly why cURL does not work on your website. You should not be using safe_mode or even open_basedir. Both are ridiculous/worthless and/or deprecated in PHP because they are worthless security measures. For now just set safe_mode to off in your php.ini file: safe_mode = Off. I believe you can still use open_basedir without completely breaking everything on your website. open_basedir is set at the Server level so the only thing you can do at the website level would be to limit it to only causing problems for the website root folder/directory and not causing problems for all of your other folders/directories above the root website folder.
AndreParticipantI am not aware why safe mode is running, cause my hoster not uses them in standard globally. Both php things… will have a deeper look
AITpro AdminKeymasterIt is possible that since open_basedir is being used then this error could be inaccurate. open_basedir is crap and it pretty much breaks stuff and causes problems so it could be telling you safe_mode is on when it really is not. open_basedir has no benefit as a security measure – that is an old myth that is totally BS. open_basedir is set at the Server so if your Host is using this useless directive then all you can do to limit the havoc is to set the only directory it can screw up/cause problems for to your website root folder. This will limit it to not breaking other things at higher URL levels. Since the root directory only processes basic things then the damage/problems are limited to only that folder.
AITpro AdminKeymasteropen_basedir paths are set in your php.ini file by doing this. You want to ONLY have the path to your website root/document root folder and your temporary folder, which is typically named /tmp So your first path would be your document root folder and your second path would be your /tmp folder path.
open_basedir = "/path/to/first/folder:/path/to/second/folder"
AndreParticipantI tried to whitelist, no effect. Waiting for the hoster to response on php.ini usage, if it anyhow will be effective when I set…
AITpro AdminKeymasterOk send me a temporary admin login to the site. Send the login to edward at ait-pro dot com. Thanks.
AndreParticipantI think it should be sent
AITpro AdminKeymasterSomething is very wrong on your site or you did not give me Super Admin permissions. This is a Network/Multisite site correct? I do not see BPS Pro listed in the Menu panels.
AndreParticipantYou had to first activate it, I think. Now I made You super admin for the whole network.
Please login again
AITpro AdminKeymasterI believe the issue/problem is now fixed. I created a wp-admin skip/bypass rule. I did not catch this at first that the error was coming from the wp-admin folder and not the root site. I already did this, but am adding the instructions/fix for anyone else who encounters this issue/problem.
Add this wp-admin .htaccess bypass / skip rule below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES:and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.
# WP4FB skip/bypass RewriteCond %{QUERY_STRING} page=Live_Edit(.*) [NC] RewriteRule . - [S=2]
AITpro AdminKeymasterPHP Safe Mode is off on your website so this is an open_basedir classic screw up. PHP Safe Mode: Off Your open_basedir settings/paths are ok so you do NOT need to do anything with this. I have added x’s to hide your site root.
PHP open_basedir:
/var/www/virtual/xxxxx:/usr/share/php:/usr/share/pear:/usr/lib/php5/:/tmp:/var/www/tmp/:/usr/bin:/usr/local/bin/:/var/www/cgi-bin/
AndreParticipantI am sorry, but I was irritated, of course I could have taken a peek into the server info to see if those 2 are running or not. Sorry. My hoster turned the open base dir off meanwhile. Why does open base dir add no security? do You have any article which maybe explains its uselessness??
-
AuthorPosts
- You must be logged in to reply to this topic.