knews plugin wget cron job blocked by Bulletproof

  • Resolved sam45698

    (@sam45698)


    10 years, 6 months ago

    Hi,

    I am trying to get a cron job allowed by Bulletproof. Here is my command line : */10 * * * * wget -q -O/dev/null http://mywebsite.com/wp-admin/admin-ajax.php?action=knewsCron

    It is used with the very good Knews Newsletter plugin.

    Like I read on the bulletproof forum, I did remove the “wget” in these 2 htaccess rules :

    RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]

    RewriteCond %{HTTP_USER_AGENT} (;|<|>|’|”|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

    But cron job still not working. I asked hosting provider (linux server) to convert it to “lynx -source” but apparently it is not possible…

    So I think I must be close to get wget allowed but I have no other idea what to try!

    Any help would be appreciated.

    http://wordpress.org/plugins/bulletproof-security/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author AITpro

    (@aitpro)

    10 years, 6 months ago

    The cron URL is pointing to your wp-admin folder so the security filter modification/edit would need to be done in your wp-admin .htaccess file, but may also need to be done in both the root and wp-admin .htaccess files. Probably not, but maybe.

    1. Copy the entire section of BPS Query String Exploits code from your wp-admin .htaccess file and paste it into this BPS wp-admin Custom Code text box: CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS: Modify Query String Exploit code here

    2. Edit the Query String Exploits code and remove wget from the security filter.
    3. Click the Save wp-admin Custom Code button.
    4. Go to the Security Modes page and activate wp-admin BulletProof Mode again.

    Thread Starter sam45698

    (@sam45698)

    10 years, 6 months ago

    Excellent!

    The given procedure worked, the cron job is now unblocked. I had to do it for wp-admin htaccess file AND for root htaccess file to unblock the cron.

    Thank you very much!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘knews plugin wget cron job blocked by Bulletproof’ is closed to new replies.