Concerning repair after PerishablePress "5G" blacklist and WordPress 3.5

Your welcome. Success with making a more personal .htaccess

The “5G Blacklist 2012” will offer you a base to do so.

Keep a eye on your server logs, that will give insight on what is happening on your site and where some action might be needed.

Be mindful with blocking IP’s, if you have a IP that you want to block best check first where it is coming from. Blocking single IP’s will not be helpful, blocking IP ranges has more result but first check what it is.

A helpfull site for me to check IP’s is:

http://bgp.he.net/ip/

On that site enter a IP you want info on in the “search box” and do a search, example result for IP 117.83.45.153:

http://bgp.he.net/ip/117.83.45.153

I found IP 117.83.45.153 on my site in the server logs with as user agent “ia_archiver”, bgp.he.net results show that is a Chinese “CHINANET jiangsu province network” IP on IP range 117.80.0.0/12 –> 117.80.0.0 – 117.95.255.255 –> total of about 1048574 IPs (over a million). To block that complete range you would ad to your .htaccess:

Deny from 117.80.0.0/12

Above is the “CIDR” (Classless Inter Domain Routing) for that IP range.

I personaly chose to block several hosting compagny IP ranges as from them no normal visitors came. Only bots. I will not block internet service providers with consumer dsl or cable easily only when my site is not aimed at residents from that country and when it is breaking the rules. You can use a IP range block as permanent rule in your .htaccess or temporary to briefly stop some unwanted activity from wherever it might originate and then later removing that specific block again.

… 5G Blacklist 2012 … causing a problem after I had again activated BulletProof Security.

When the problem starts after activating “BulletProof Security” plugin and when is gone after you removed the complete “# 5G:[QUERY STRINGS]” section out of your .htaccess then its clearly a conflict between those two.

The more rules you have the more chances you have of conflicts.

Did you use the “fixed QUERY STRINGS” version?:

# 5G:[QUERY STRINGS]
<ifModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteCond %{QUERY_STRING} (environ|localhost|mosconfig|scanner) [NC,OR]
 RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR]
 RewriteCond %{QUERY_STRING} boot\.ini  [NC,OR]
 RewriteCond %{QUERY_STRING} echo.*kae  [NC,OR]
 RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
 RewriteCond %{QUERY_STRING} \=\\%27$   [NC,OR]
 RewriteCond %{QUERY_STRING} \=\\\'$    [NC,OR]
 RewriteCond %{QUERY_STRING} \.\./      [NC,OR]
 RewriteCond %{QUERY_STRING} \?         [NC,OR]
 RewriteCond %{QUERY_STRING} \:         [NC,OR]
 RewriteRule .* - [F]
</ifModule>

Without the lines:

RewriteCond %{QUERY_STRING} \[         [NC,OR]
 RewriteCond %{QUERY_STRING} \]         [NC]

Sometimes in admin dashboard you will generate actions (request url’s) that visitors will not need for normal access to your site. With .htaccess rules you can ad a exception that will make that a rule is skipped in a specified situation. If you have a static IP adress you can ad that as exception. Then that rule will not be used on you.

A exception for IP would look like this (your IP would go in place of the “000.000.000.000” example IP is, mind that line must have the “\” in front of “.” in the IP):

# 5G:[QUERY STRINGS]
<ifModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteCond %{REMOTE_ADDR} !^000\.000\.000\.000$
 RewriteCond %{QUERY_STRING} (environ|localhost|mosconfig|scanner) [NC,OR]
 RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR]
 RewriteCond %{QUERY_STRING} boot\.ini  [NC,OR]
 RewriteCond %{QUERY_STRING} echo.*kae  [NC,OR]
 RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
 RewriteCond %{QUERY_STRING} \=\\%27$   [NC,OR]
 RewriteCond %{QUERY_STRING} \=\\\'$    [NC,OR]
 RewriteCond %{QUERY_STRING} \.\./      [NC,OR]
 RewriteCond %{QUERY_STRING} \?         [NC,OR]
 RewriteCond %{QUERY_STRING} \:         [NC,OR]
 RewriteRule .* - [F]
</ifModule>

Such a exception allows you to have stricter rules for visitors then for yourself. That of course only works well if you have a static IP and when you need to access from another location you again need a static IP there and a extra exception.

...
 RewriteCond %{REMOTE_ADDR} !^000\.000\.000\.000$
 RewriteCond %{REMOTE_ADDR} !^000\.000\.000\.001$
 ...

But using these exceptions can give the problem that when there is a conflict in that rule that you yourself then will not notice it while your entire site might be not accessible for everyone else.

A “rule” that you could use when you have a have static IP and that should not conflict with any normal user is to put a .htaccess in your “wp-admin” folder to restrict all outside access to it and only allow your IP in. A .htaccess with the lines below will only allow IP 000.000.000.000 and also block access to the .htaccess file itself:

Order Deny,Allow
Deny from all
Allow from 000.000.000.000

<FilesMatch "(wp\-config\.php|\.htaccess)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>

When you ad the rule:

<FilesMatch "(wp\-config\.php|\.htaccess)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>

In your WordPress root .htaccess file it will also block access to your wp-config.php file.

I will leave you to it now. Success with trying to protect your website without killing it yourself 😉

Best wishes for 2013.