Plugin Author
AITpro
(@aitpro)
Post the log entry from your BPS Security Log for this 403 error. For future reference here are the BPS troubleshooting steps.
http://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting
Here it is some instances of the 403 error:
[403 GET / HEAD Request: 23 de junho de 2014 - 12:50]
Event Code: PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 177.210.158.250
Host Name: 177-210-158-250.user3g.veloxzone.com.br
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.limaonagua.com.br/decoracao/decoracao-de-cozinha-americana/
REQUEST_URI: /wp-content/plugins/easy-social-share-buttons/public/get-noapi-counts.php?nw=google&url=http://www.limaonagua.com.br/decoracao/decoracao-de-cozinha-americana/
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 4.1.2; GT-I8262B Build/JZO54K) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.58 Mobile Safari/537.31
[403 GET / HEAD Request: 23 de junho de 2014 - 12:50]
Event Code: PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 177.129.194.200
Host Name: pool.wiff.com.br.194.129.177.in-addr.arpa
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/
REQUEST_URI: /wp-content/plugins/easy-social-share-buttons/public/get-noapi-counts.php?nw=google&url=http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Linux; U; Android 4.0.4; pt-br; GT-S7562L Build/IMM76I) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
[403 GET / HEAD Request: 23 de junho de 2014 - 12:50]
Event Code: PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 177.83.4.202
Host Name: b15304ca.virtua.com.br
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/
REQUEST_URI: /wp-content/plugins/easy-social-share-buttons/public/essb-mail.php?from=brenolara@gmail.com&to=brenolara@gmail.com&sub=Ideias%20de%20decora%C3%A7%C3%A3o%20com%20tinta%20lousa&message=Ol%C3%A1,%20isso%20pode%20ser%20de%20seu%20interesse:%20%22Ideias%20de%20decora%C3%A7%C3%A3o%20com%20tinta%20lousa%22!%20Esse%20%C3%A9%20o%20link:%20http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/%20&t=Ideias+de+decora%C3%A7%C3%A3o+com+tinta+lousa&u=http%3A%2F%2Fwww.limaonagua.com.br&p=http%3A%2F%2Fwww.limaonagua.com.br%2Fdecoracao%2Fideias-de-decoracao-com-tinta-lousa%2F&c=14
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
[403 GET / HEAD Request: 23 de junho de 2014 - 12:50]
Event Code: PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 177.83.4.202
Host Name: b15304ca.virtua.com.br
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/
REQUEST_URI: /wp-content/plugins/easy-social-share-buttons/public/essb-mail.php?from=brenolara@gmail.com&to=brenolara@gmail.com&sub=Ideias%20de%20decora%C3%A7%C3%A3o%20com%20tinta%20lousa&message=Ol%C3%A1,%20isso%20pode%20ser%20de%20seu%20interesse:%20%22Ideias%20de%20decora%C3%A7%C3%A3o%20com%20tinta%20lousa%22!%20Esse%20%C3%A9%20o%20link:%20http://www.limaonagua.com.br/decoracao/ideias-de-decoracao-com-tinta-lousa/%20&t=Ideias+de+decora%C3%A7%C3%A3o+com+tinta+lousa&u=http%3A%2F%2Fwww.limaonagua.com.br&p=http%3A%2F%2Fwww.limaonagua.com.br%2Fdecoracao%2Fideias-de-decoracao-com-tinta-lousa%2F&c=13
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
[403 GET / HEAD Request: 23 de junho de 2014 - 12:51]
Event Code: PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 201.90.253.163
Host Name: 201.90.253.163
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: unknown
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.limaonagua.com.br/diy/como-escolher-a-tinta-ideal-para-o-seu-ambiente/
REQUEST_URI: /wp-content/plugins/easy-social-share-buttons/public/get-noapi-counts.php?nw=google&url=http://www.limaonagua.com.br/diy/como-escolher-a-tinta-ideal-para-o-seu-ambiente/
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NMJB)
[Moderator Note: Please post log files between backticks or use the code button.]
Plugin Author
AITpro
(@aitpro)
Looks like either a plugin skip/bypass rule will work…
1. Copy the code below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES
# Easy Social Share Buttons skip/bypass
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/easy-social-share-buttons/ [NC]
RewriteRule . - [S=13]
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root folder BulletProof Mode.
…or you might need to whitelist these files – get-noapi-counts.php and essb-mail.php – in the RFI security filter since the Request URI/Query is simulating a hacking attempt against your website…
1. Copy the modified TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE code below to this BPS Root Custom Code text box: CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
IMPORTANT!!!: Edit the code below after copying it to the BPS Custom Code text box and replace “example.com” with your actual website domain name.
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Only Allow Internal File Requests From Your Website
# To Allow Additional Websites Access to a File Use [OR] as shown below.
# RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
# RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F,L]
RewriteCond %{REQUEST_URI} (get-noapi-counts\.php|essb-mail\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
RewriteCond %{HTTP_REFERER} ^.*example.com.*
RewriteRule . - [S=1]
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root Folder BulletProof Mode.
It worked like a charm!
Thank you for your kind support.
Plugin Author
AITpro
(@aitpro)
Did the plugin/skip bypass rule work or adding the file names to the RFI security filter/code? Thanks.
The plugin/skip bypass rule
