WordPress.org

Ready to get started?Download WordPress

Forums

All In One WP Security & Firewall
Blacklist Manager causes WordPress site to crash (12 posts)

  1. peterlihou
    Member
    Posted 7 months ago #

    For some reason, entering an IP address into the Blacklist Manager causes my entire WordPress site to crash and I have to go to my hosting account and edit the htaccess file to get it back. I also had a similar problem last year with the firewall so don't use it anymore.

    The blacklist feature would be very useful to me if it worked.

    http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  2. wpsolutions
    Member
    Plugin Author

    Posted 7 months ago #

    What are you entering in the blacklist settings? Are you just entering IP addresses or both IP addresses and user agents?

    Can you paste the "blacklist" contents of the problematic .htaccess file?
    ie, show us the code which appears between the following tags:

    #AIOWPS_IP_BLACKLIST_START
    #AIOWPS_IP_BLACKLIST_END

    and also

    #AIOWPS_USER_AGENT_BLACKLIST_START
    #AIOWPS_USER_AGENT_BLACKLIST_END

  3. peterlihou
    Member
    Posted 7 months ago #

    I'm entering a simple IP address, the last couple of times just one IP at a time.

    In order to fix the problem, I've deleted the contents of the .htaccess file between the parameters above (as was suggested here for a similar support problem), so I can't show you unless it crashes again, which I don't want to happen.

  4. wpsolutions
    Member
    Plugin Author

    Posted 7 months ago #

    Ok but if it is crashing due to the contents in .htaccess file, it would be nice to see what they look like so we can determine why.

    Do you have other sites which use this plugin? Perhaps you can test them too see if the behaviour is consistent. I have tried many tests on my sites and I don't see any issue.

  5. peterlihou
    Member
    Posted 7 months ago #

    This is usual file
    '# BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /awards/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /awards/index.php [L]
    </IfModule>

    # END WordPress'

    As soon as I save an IP the site crashes and the file changes to:
    '# BEGIN All In One WP Security
    #AIOWPS_DISABLE_INDEX_VIEWS_START
    Options All -Indexes
    #AIOWPS_DISABLE_INDEX_VIEWS_END
    #AIOWPS_IP_BLACKLIST_START
    Order allow,deny
    Allow from all
    Deny from 65.55.213.63
    Deny from 99.16.80.30
    #AIOWPS_IP_BLACKLIST_END
    #AIOWPS_DISABLE_TRACE_TRACK_START
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    #AIOWPS_DISABLE_TRACE_TRACK_END
    #AIOWPS_FORBID_PROXY_COMMENTS_START
    RewriteCond %{REQUEST_METHOD} =POST
    RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]
    RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$
    RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
    RewriteRule .* - [F,NS,L]
    #AIOWPS_FORBID_PROXY_COMMENTS_END
    #AIOWPS_DENY_BAD_QUERY_STRINGS_START
    RewriteCond %{QUERY_STRING} tag= [NC,OR]
    RewriteCond %{QUERY_STRING} ftp: [NC,OR]
    RewriteCond %{QUERY_STRING} http: [NC,OR]
    RewriteCond %{QUERY_STRING} https: [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC]
    RewriteRule ^(.*)$ - [F,L]
    #AIOWPS_DENY_BAD_QUERY_STRINGS_END
    #AIOWPS_ADVANCED_CHAR_STRING_FILTER_START
    <IfModule mod_alias.c>
    RedirectMatch 403 \,
    RedirectMatch 403 \:
    RedirectMatch 403 \;
    RedirectMatch 403 \=
    RedirectMatch 403 \@
    RedirectMatch 403 \[
    RedirectMatch 403 \]
    RedirectMatch 403 \^
    RedirectMatch 403 \`
    RedirectMatch 403 \{
    RedirectMatch 403 \}
    RedirectMatch 403 \~
    RedirectMatch 403 \"
    RedirectMatch 403 \$
    RedirectMatch 403 \<
    RedirectMatch 403 \>
    RedirectMatch 403 \|
    RedirectMatch 403 \.\.
    RedirectMatch 403 \%0
    RedirectMatch 403 \%A
    RedirectMatch 403 \%B
    RedirectMatch 403 \%C
    RedirectMatch 403 \%D
    RedirectMatch 403 \%E
    RedirectMatch 403 \%F
    RedirectMatch 403 \%22
    RedirectMatch 403 \%27
    RedirectMatch 403 \%28
    RedirectMatch 403 \%29
    RedirectMatch 403 \%3C
    RedirectMatch 403 \%3E
    RedirectMatch 403 \%3F
    RedirectMatch 403 \%5B
    RedirectMatch 403 \%5C
    RedirectMatch 403 \%5D
    RedirectMatch 403 \%7B
    RedirectMatch 403 \%7C
    RedirectMatch 403 \%7D
    # COMMON PATTERNS
    Redirectmatch 403 \_vpi
    RedirectMatch 403 \.inc
    Redirectmatch 403 xAou6
    Redirectmatch 403 db\_name
    Redirectmatch 403 select\(
    Redirectmatch 403 convert\(
    Redirectmatch 403 \/query\/
    RedirectMatch 403 ImpEvData
    Redirectmatch 403 \.XMLHTTP
    Redirectmatch 403 proxydeny
    RedirectMatch 403 function\.
    Redirectmatch 403 remoteFile
    Redirectmatch 403 servername
    Redirectmatch 403 \&rptmode\=
    Redirectmatch 403 sys\_cpanel
    RedirectMatch 403 db\_connect
    RedirectMatch 403 doeditconfig
    RedirectMatch 403 check\_proxy
    Redirectmatch 403 system\_user
    Redirectmatch 403 \/\(null\)\/
    Redirectmatch 403 clientrequest
    Redirectmatch 403 option\_value
    RedirectMatch 403 ref\.outcontrol
    # SPECIFIC EXPLOITS
    RedirectMatch 403 errors\.
    RedirectMatch 403 config\.
    RedirectMatch 403 include\.
    RedirectMatch 403 display\.
    RedirectMatch 403 register\.
    Redirectmatch 403 password\.
    RedirectMatch 403 maincore\.
    RedirectMatch 403 authorize\.
    Redirectmatch 403 macromates\.
    RedirectMatch 403 head\_auth\.
    RedirectMatch 403 submit\_links\.
    RedirectMatch 403 change\_action\.
    Redirectmatch 403 com\_facileforms\/
    RedirectMatch 403 admin\_db\_utilities\.
    RedirectMatch 403 admin\.webring\.docs\.
    Redirectmatch 403 Table\/Latest\/index\.
    </IfModule>
    #AIOWPS_ADVANCED_CHAR_STRING_FILTER_END
    # END All In One WP Security

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /awards/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /awards/index.php [L]
    </IfModule>

    # END WordPress'

  6. wpsolutions
    Member
    Plugin Author

    Posted 7 months ago #

    According to the contents you've provided you have evidently activated some of the firewall rules in addition to the blacklist feature.

    I have a feeling that maybe one of the firewall rules is causing your issue.
    I recommend that you firstly deactivate all of the AIOWPS firewall rules and then try activiating the blacklist feature on its own.
    After you have confirmed all is ok, then try activating the firewall rules one by one until you find which rule is causing the error. (Then leave this rule disabled)

  7. chwp
    Member
    Posted 4 months ago #

    Hi, there are some problem with the functionality for #AIOWPS_ADVANCED_CHAR_STRING_FILTER_END

    When I'm doing administration of my site it adds that block and then (when I'm doing the administration) I can't access my site until I go in with FTP and remove that section from the .htaccess file.

    There must be some bug regarding this.

  8. chwp
    Member
    Posted 4 months ago #

    additional comment:

    Don't turn on Advanced Character String filter because that's the problem. What use do one have of such functionality which cause the site totally blocket? Not so much in my opinion.

  9. dcrosbie
    Member
    Posted 4 months ago #

    I am having this same problem, originating from the "Additional Firewall Rules" section. I enable other things, it adds to the htaccess file no problem. But if I have anything checked in the Additional Firewall Rules section then my whole site becomes inaccessible and I have to restore my htaccess file.

    Here is the error code from my htaccess section, hopefully this into will help the developer zero in on the problem.
    ============================

    # BEGIN All In One WP Security
    #AIOWPS_BLOCK_WP_FILE_ACCESS_START
    <Files license.txt>
    order allow,deny
    deny from all
    </files>
    <Files wp-config-sample.php>
    order allow,deny
    deny from all
    </Files>
    <Files readme.html>
    order allow,deny
    deny from all
    </Files>
    #AIOWPS_BLOCK_WP_FILE_ACCESS_END
    #AIOWPS_BASIC_HTACCESS_RULES_START
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>
    ServerSignature Off
    LimitRequestBody 10240000
    <Files wp-config.php>
    order allow,deny
    deny from all
    </Files>
    #AIOWPS_BASIC_HTACCESS_RULES_END
    #AIOWPS_PINGBACK_HTACCESS_RULES_START
    <IfModule mod_alias.c>
    RedirectMatch 403 /(.*)/xmlrpc\.php$
    </IfModule>
    #AIOWPS_PINGBACK_HTACCESS_RULES_END
    #AIOWPS_DISABLE_INDEX_VIEWS_START
    Options All -Indexes
    #AIOWPS_DISABLE_INDEX_VIEWS_END
    #AIOWPS_BLOCK_SPAMBOTS_START
    <IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.worldlywomen\.ca [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule .* http://127.0.0.1 [L]
    </IfModule>
    #AIOWPS_BLOCK_SPAMBOTS_END
    # END All In One WP Security

  10. wpsolutions
    Member
    Plugin Author

    Posted 4 months ago #

    Hi @chwp and @dcrosbie,
    I understand what you are saying but this is the reason why we labelled these rules as "advanced" because the caveat is that these rules may or may not break your site depending on your individual setup.

    It is difficult to write very strict and secure .htaccess rules such that they will work on ALL websites with no errors.

    So I recommend that if a firewall rule causes issues for your site, then leave it disabled.
    Have you tried the 5G Blacklist rules? These rules are a very good all-round compromise of the other advanced rules.

  11. chwp
    Member
    Posted 4 months ago #

    Hi,
    ok. it works fine for me as long as I don't use the setting I mentioned above.
    Maybe some kind of warning for that setting because it's not obvious which setting it was that was the cause to the problem.

    I agree that it must be hard to find a good solution for all websites.

    Seems that I should look into the 5G blacklist too because there are someone (or many) that tries to get admin access to my site :(

  12. wpsolutions
    Member
    Plugin Author

    Posted 4 months ago #

    @chwp,
    To protect your admin access, choose one of the features in the "Brute Force" menu.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags