WP4FB database error

[AITpro Admin]

Email Question:

But now I installed the plugin why I am doin this multisite, its called  wp4fb and takes the fanpages I create with and marketing actions over to Facebook.
I get constant php errors on that plugin now, what should I do?
like this:

[BPS Pro htaccess Protected Secure PHP Error Log]

[20-Apr-2013 12:46:43 UTC] WordPress-Datenbank-Fehler Table '385_lis.wp_wp4fb_general' doesn't exist für Abfrage SELECT widget_count FROM wp_wp4fb_general von activate_plugin, include_once('/plugins/wp4fb/wp4fb.php')
[20-Apr-2013 12:49:40 UTC] WordPress-Datenbank-Fehler Unknown column 'language' in 'field list' für Abfrage SELECT language FROM wp_wp4fb_general von do_action('wp4fb_page_wp4fb_admin'), call_user_func_array, wp4fb_admin, include('/plugins/wp4fb/settings/wp4fb_admin.php')

? Any idea?

[AITpro Admin]

Do you see any logged errors in your BPS Pro Security Log related to the WP4FB plugin?  If so, post them here.

This is a logical guess, but may or may not have anything to do with the issue/problem:  Try whitelisting these 2 plugin scripts in your Plugin Firewall whitelist and see if that solves the problem.

/wp4fb/wp4fb.php, /wp4fb/settings/wp4fb_admin.php

[AITpro Admin]

Email Reply:

Hi,
I searched the forum, but I cannot get this wp4fb plugin whitelisted.
It is constantly causing problems to use it from backend.
Addiotionally I seem to cannot use the cURL scanner

Security Log:

>>>>>>>>>>> 403 GET or Other Request Error Logged - April 26, 2013 - 4:43 pm <<<<<<<<<<<
REMOTE_ADDR: 93.216.43.167
Host Name: p5DD82BA7.dip0.t-ipconnect.de
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https: //[domain removed for privacy]/wp-admin/admin.php?page=Live_Edit&template=14
REQUEST_URI: /wp-content/plugins/wp4fb/settings/imgsize.php?w=195&img=https://[domain removed for privacy]/wp-content/uploads/2013/04/grunge_wall.png
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31

PHP Error Log:

[26-Apr-2013 14:35:26 UTC] PHP Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in /var/www/virtual/xxxxx/htdocs/wp-content/plugins/bulletproof-security/admin/tools/tools.php on line 2290

[AITpro Admin]

Try whitelisting the imgsize.php file in this security filter in your root .htaccess file.  Add imgsize\.php| as shown below.

1. Copy the modified TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE code below to this BPS Root Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

IMPORTANT!!!: Edit the code below after copying it to BPS Custom Code and replace “example.com” with your actual website domain name.

# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
# 
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (imgsize\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*example.com.*
RewriteRule . - [S=1]

The PHP Error is telling you exactly why cURL does not work on your website. You should not be using safe_mode or even open_basedir.  Both are ridiculous/worthless and/or deprecated in PHP because they are worthless security measures. For now just set safe_mode to off in your php.ini file: safe_mode = Off.  I believe you can still use open_basedir without completely breaking everything on your website.  open_basedir is set at the Server level so the only thing you can do at the website level would be to limit it to only causing problems for the website root folder/directory and not causing problems for all of your other folders/directories above the root website folder.

[Andre]

I am not aware why safe mode is running, cause my hoster not uses them in standard globally. Both php things… will have a deeper look

[AITpro Admin]

It is possible that since open_basedir is being used then this error could be inaccurate.  open_basedir is crap and it pretty much breaks stuff and causes problems so it could be telling you safe_mode is on when it really is not.  open_basedir has no benefit as a security measure – that is an old myth that is totally BS.  open_basedir is set at the Server so if your Host is using this useless directive then all you can do to limit the havoc is to set the only directory it can screw up/cause problems for to your website root folder.  This will limit it to not breaking other things at higher URL levels.  Since the root directory only processes basic things then the damage/problems are limited to only that folder.

[AITpro Admin]

open_basedir paths are set in your php.ini file by doing this.  You want to ONLY have the path to your website root/document root folder and your temporary folder, which is typically named /tmp So your first path would be your document root folder and your second path would be your /tmp folder path.

open_basedir = "/path/to/first/folder:/path/to/second/folder"

[Andre]

I tried to whitelist, no effect. Waiting for the hoster to response on php.ini usage, if it anyhow will be effective when I set…

[AITpro Admin]

Ok send me a temporary admin login to the site.  Send the login to edward at ait-pro dot com.  Thanks.

[Andre]

I think it should be sent

[AITpro Admin]

Something is very wrong on your site or you did not give me Super Admin permissions.  This is a Network/Multisite site correct?  I do not see BPS Pro listed in the Menu panels.

[Andre]

You had to first activate it, I think. Now I made You super admin for the whole network.

Please login again

[AITpro Admin]

I believe the issue/problem is now fixed.  I created a wp-admin skip/bypass rule.  I did not catch this at first that the error was coming from the wp-admin folder and not the root site.  I already did this, but am adding the instructions/fix for anyone else who encounters this issue/problem.

Add this wp-admin .htaccess bypass / skip rule below to the wp-admin Custom Code box – CUSTOM CODE WPADMIN PLUGIN FIXES:and then activate BulletProof Mode for your wp-admin folder again. The skip rule must be [S=2] because it will be written to your wp-admin .htaccess file above skip / bypass rule [S=1]. This bypass / skip rule is safe to use because the wp-admin area is protected with WP Authentication security.

# WP4FB skip/bypass
RewriteCond %{QUERY_STRING} page=Live_Edit(.*) [NC]
RewriteRule . - [S=2]

[AITpro Admin]

PHP Safe Mode is off on your website so this is an open_basedir classic screw up. PHP Safe Mode: Off Your open_basedir settings/paths are ok so you do NOT need to do anything with this.  I have added x’s to hide your site root.

PHP open_basedir: /var/www/virtual/xxxxx:/usr/share/php:/usr/share/pear:/usr/lib/php5/:/tmp:/var/www/tmp/:/usr/bin:/usr/local/bin/:/var/www/cgi-bin/

[Andre]

I am sorry, but I was irritated, of course I could have taken a peek into the server info to see if those 2 are running or not. Sorry. My hoster turned the open base dir off meanwhile. Why does open base dir add no security? do You have any article which maybe explains its uselessness??

[Author]

Posts