WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] 403 Error while accessing RSS-feed (6 posts)

  1. aschne
    Member
    Posted 1 year ago #

    In the last few days my BPS security log was growing like crazy. Here is one of the error messages:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - 7. März 2013 - 01:39 <<<<<<<<<<<
    REMOTE_ADDR: 80.171.161.54
    Host Name: d161054.adsl.hansenet.de
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /feed/
    QUERY_STRING:
    HTTP_USER_AGENT: Monotony/17 CFNetwork/596.2.3 Darwin/12.2.0 (x86_64) (MacBookPro8%2C2)

    These are the only entries in the log. Only while accessing /feed/

    I switched the feeds to Feedburner with a proper redirect but still these errors did pop up.

    I found another thread about the 'facebookexternal'-problems and I temporarily solved the issue by including the following line in BPS 403.php file:

    if ($_SERVER['REQUEST_METHOD'] != 'POST' && !preg_match('/facebookexternalhit(.*)/s', $_SERVER['HTTP_USER_AGENT'], $matches) && !preg_match('/Monotony(.*)/s', $_SERVER['HTTP_USER_AGENT'], $matches) ) {

    Any idea what could be wrong instead of some stupid RSS-reader gone wild!?

    Best
    Alex

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I do not recognize that bot/user agent: CFNetwork/596.2.3. Searching this User Agent Database: http://www.user-agents.org/cgi-bin/free-search.cgi?template=free-search-detail.html&dbname=allagents.csv&key2=id_a_f_150&action=searchdbdisplay does show that this is a legitimate bot/user agent.

    I have no idea what Monotony/17 is. It does not show any results in a Google search.

    I assume what this is is a custom bot scraping thing. Monotony/17 whatever that is is trying to scrape your Feed and it is being Forbidden by BPS. There are several plugins that allow someone to grab your entire Feed automatically and display your Feed on their website. I assume this is what is being attempted and being blocked by BPS.

  3. aschne
    Member
    Posted 1 year ago #

    Thanks for your reply.

    I assume then everything is fine and that the line I changed in the 403.php is just for commenting out the error so that it does not appear in the blog. The request will still be blocked though.

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yep you are exactly correct. BPS will still block whatever this bot is doing, but you will no longer get log entries that this bot was blocked.

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I'm considering adding an additional option that will allow folks to do this on the fly. So far there have only been few instances where logged events were so excessive that it was maxing out the log file in no time. Still needs more research to look at all the pros, cons and potential pitfalls of adding a feature like this though.

  6. aschne
    Member
    Posted 1 year ago #

    This sounds like a cool idea - I really appreciate your work!

    I support adding a list of Strings in the settings where errors are then not logged anymore.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.