WordPress.org

1. JEDs
   Member
   Posted 1 year ago #

   I am trying to allow an external program access to an author user account. When the external program checks the connection it returns an error:
   

   Error: Error while trying to verify user credentials OR the blog URL is not correct.
   Reported error: [HTTP 403] Bad response from server. (File does not exist, or contains bad code). (File: http://jedsweb.net/xmlrpc.php)

   I am able to login myself as this user. I have xml-rpc enabled in Settings/Writing.

   In Firefox, if I go to http://jedsweb.net/xmlrpc.php?rsd it shows:
   <api name="WordPress" blogID="1" preferred="true" apiLink="http://jedsweb.net/xmlrpc.php"/>

   browsing directly to http://jedsweb.net/xmlrpc.php, I get "XML-RPC server accepts POST requests only."

   I expect both of those are correct, but I am not sure.

   I am wondering if my htaccess is blocking the external program:
   

   # Prevent directory listing
    IndexIgnore *  
   
    # Protect .htaccess files
    <Files .htaccess>
        order allow,deny
        deny from all
    </Files>  
   
    # Protect wp-config.php
    <FilesMatch ^wp-config.php$>
        deny from all
    </FilesMatch>
   
   RewriteCond %{HTTP_HOST} ^.*$
   RewriteRule ^social\-networking\/twitter\/its\-here\-well\-here\-anyways\/?$ "http\:\/\/jedsweb\.net\/its\-here\-well\-here\-anyways\/" [R=301,L]
   
   # Protect from spam comments
   <IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteBase /
   RewriteCond %{REQUEST_METHOD} POST
   RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
   RewriteCond %{HTTP_REFERER} !.*jedsweb.net.* [OR]
   RewriteCond %{HTTP_USER_AGENT} ^$
   RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
   </IfModule>

   htaccess also includes lines written by WPSuperCache and plugins/synected (can show here if necessary)

   If I am barking up the wrong tree (that is is an htaccess issue) and xmlrpc.php does contain bad code, how do I determine and repair the file?

   If htaccess is blocking it, what do I need to change, and can it be done to allow access to only the one external program? If it helps the program is seolinkvine.com.
   There is a thread at http://wordpress.org/support/topic/396524/page/5?replies=184 that indicates seolinkvine might be a target for a hack, specifically at godaddy, with one inference that other hosts may be affected. (I am on hostgator). So maybe I should just dump seolinkvine??

   Thanks

   -JEDs

2. JEDs
   Member
   Posted 1 year ago #

   it was blocked by http://wordpress.org/extend/plugins/bad-behavior/

3. error
   Member
   Posted 1 year ago #

   You should contact the author of Bad Behavior for assistance.

Topic Closed

This topic has been closed to new replies.