Home › Forums › BulletProof Security Pro › WPADMIN-SBR 403 Error in Piotnet Form Pro with Google Sheet OAuth2.0 problem
- This topic has 6 replies, 2 voices, and was last updated 1 year, 5 months ago by
Steven_Lee.
-
AuthorPosts
-
Steven_Lee
ParticipantHi, Dear Bulletproof Pro team.
I want to auto-export Piotnet form Pro’s form entry to my google sheet when a user sends a form.
But when I connect the Piotnet form with the Google OAuth2 consent screen, it shows:
mydomain.com 403 Forbidden Error
If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
IP Address: xx.xx.xx.xxx
BPS Pro Plugin 403 Error Page
I’ve checked the security log, it shows as follows:
[403 GET Request: April 28, 2022 - 4:45 pm] BPS Pro: 16.5 WP: 5.9.3 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: xx.xx.xx.xxx Host Name: xx.xx.xx.xxx SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://accounts.google.com/ REQUEST_URI: /wp-admin/admin.php?code=4/~~~~&connect_type=google_sheet&page=piotnetforms&scope=https://www.googleapis.com/auth/spreadsheets QUERY_STRING: code=4/~~~&connect_type=google_sheet&page=piotnetforms&scope=https://www.googleapis.com/auth/spreadsheets HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
What kind of custom wp admin code should add? Can I help me with this?
Steven
AITpro Admin
KeymasterCreate a wp-admin Query String skip/bypass rule in BPS wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
1. Go to BPS Pro > htaccess File Options > Custom Code tab > wp-admin htaccess File Custom Code accordion tab.
Paste the Piotnet Form Pro wp-admin Query String skip/bypass rule below in wp-admin Custom Code text box: 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
2. Click the Save wp-admin Custom Code button. Note: If you see an error or are unable to save your custom htaccess code due to ModSecurity installed on your host server then click the Encrypt Custom Code button first and then click the Save wp-admin Custom Code button to bypass/evade ModSecurity.
3. Go to the BPS Pro Setup menu > Setup Wizard > run the Pre-Installation Wizard and Setup Wizard.# Piotnet Form Pro wp-admin Query String skip/bypass rule RewriteCond %{QUERY_STRING} page=piotnetforms(.*) [NC] RewriteRule . - [S=2]ParticipantThanks for the fast reply. After adding above code, it works like a charm.
——————————————————————————-I have another website that uses the Bit Integration Pro plugin that connects my form with Google Sheet,
It has the same problem,mydomain2.com 403 Forbidden Error
If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.
IP Address: xx.xx.xx.xxx
BPS Pro Plugin 403 Error Page
Here is the security log:
[403 GET Request: April 29, 2022 - 2:27 pm] BPS Pro: 16.5 WP: 5.9.3 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: xxx.xxx.xx.xx Host Name: xxx.xxx.xx.xx.vultrusercontent.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://accounts.google.com/ REQUEST_URI: /wp-json/bit-integrations/v1/redirect?code=4/0AX4XfWjkb4T_9C7M_ySXZZPEVqsAZI_1T6D5uKl0_NUCFPeHRAo36KDkcgqtxvE3psgCQw&scope=https://www.googleapis.com/auth/drive&state=https://mydomain2.com/wp-admin/admin.php?page%3Dbit-integrations%23/flow/action/new/Google%2520Sheet/redirect QUERY_STRING: code=4/~~~&scope=https://www.googleapis.com/auth/drive&state=https://mydomain2.com/wp-admin/admin.php?page%3Dbit-integrations%23/flow/action/new/Google%2520Sheet/redirect HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
I want to replace the page=piotnetforms(.*) to page%3Dbit-integrations(.*), but it’s a “%3D“, not “=”
Does the below code correct?
# Bit Integrations / Bit Integrations Pro Plugin wp-admin Query String skip/bypass rule
RewriteCond %{QUERY_STRING} page%3Dbit-integrations(.*) [NC]
RewriteRule . – [S=2]KeymasterIf this part of the Query String will always stay the same:
code=4then you can use this wp-admin Query String skip/bypass rule for both plugins.# Piotnet Form Pro & Bit Integration Pro wp-admin Query String skip/bypass rule RewriteCond %{QUERY_STRING} code=4(.*) [NC] RewriteRule . - [S=2]ParticipantHello Dear Bulletproof team
Recently I want to use big intergation to sync my woocommerce order info to google sheets, but bulletproof block the url.
If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you. IP xxx.xxxx.xxx.xx
[403 GET Request: November 3, 2022 - 1:49 pm] BPS Pro: 16.9 WP: 6.1 Event Code: WPADMIN-SBR Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: xxx.xxxx.xxx.xx Host Name: xxx.xxxx.xxx.xx SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://accounts.google.com/ REQUEST_URI: /wp-json/bit-integrations/v1/redirect?code=4/0ARtbsJo8Sib_9m-V8oA4Q-KGISC-2ysISi1iDnrodmDhYzzf7bZVwmq78X7r7J0qIRe5eg&scope=https://www.googleapis.com/auth/drive&state=https://my-domain.com/wp-admin/admin.php?page%3Dbit-integrations%23/flow/action/new/Google%2520Sheet/redirect QUERY_STRING: code=4/0ARtbsJo8Sib_9m-V8oA4Q-KGISC-2ysISi1iDnrodmDhYzzf7bZVwmq78X7r7J0qIRe5eg&scope=https://www.googleapis.com/auth/drive&state=https://my-domain.com/wp-admin/admin.php?page%3Dbit-integrations%23/flow/action/new/Google%2520Sheet/redirect HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
I tried this it seems not work recently.
# Piotnet Form Pro & Bit Integration Pro wp-admin Query String skip/bypass rule RewriteCond %{QUERY_STRING} code=4(.*) [NC] RewriteRule . - [S=2]Do you have any idea ?
Steven
KeymasterDue to the way the Request is being redirected from the frontend of your site to the backend of your site it simulates an RFI hacking attempt that is being blocked in both the Root and wp-admin htaccess files. You will need to allow RFI redirection in both your Root and wp-admin htaccess files. Do the steps below.
1. Copy the modified BPS Query String Exploits below to this BPS Root Custom Code text box: 12. CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS. Note: Overwrite any htaccess code that is already in this text box.
2. Click the Save Root Custom Code button.# BEGIN BPSQSE BPS QUERY STRING EXPLOITS # The libwww-perl User Agent is forbidden - Many bad bots use libwww-perl modules, but some good bots use it too. # Good sites such as W3C use it for their W3C-LinkChecker. # Use BPS Custom Code to add or remove user agents temporarily or permanently from the # User Agent filters directly below or to modify/edit/change any of the other security code rules below. RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} \-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE BPS QUERY STRING EXPLOITS1. Copy the modified BPS wp-admin Query String Exploits code below into this BPS wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS. Note: Overwrite any htaccess code that is already in this text box.
2. Click the Save wp-admin Custom Code button.
3. Go to the BPS Setup Wizard page and rerun the Pre-Installation wizard and Setup wizard.# BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS # WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED # Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently. RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR] #RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] #RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR] RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR] RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] RewriteCond %{QUERY_STRING} (sp_executesql) [NC] RewriteRule ^(.*)$ - [F] # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERSParticipantThanks, after try above code, the error white page disappear.
-
AuthorPosts
- You must be logged in to reply to this topic.