Is cPanel HotLink still a problem?

  • Resolved 5high

    (@5high)


    11 years, 8 months ago

    Hi,

    I’m just getting used to BPS (after having horrendous problems with another WP security plugin) and am gradually increasing the protective measures whilst monitoring my site.

    While looking into changing the file permissions I found a lot about the problem of the cPanel Hot link protection messing up BPS updates, crashing sites, causing error etc – BUT all the articles/support threads I’ve found have been at least 1 -2 years old, and when I checked my cPanel, the HLP was turned ON (obviously from when I first set up the site on this server) and so far there doesn’t seem to be a problem…

    However, I want to tighten up the file permissions – is this when the conflict arises with the HLP??

    Also, from your information in this thread () you said to delete everything in the HLP input box, which currently has exactly what you said it mustn’t have in it!

    Could this be the source of previous 404 and other errors and ‘hiccups’ with my WP site??

    I would appreciate your advice, as I can’t find anything current.

    Cheers.

    https://wordpress.org/plugins/bulletproof-security/

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author AITpro

    (@aitpro)

    11 years, 8 months ago

    I recently checked the cPanel Help Support page looking for that answer and was not able to find out if this issue has been permanently resolved yet or not. In any case, if it has been resolved in the most current version of cPanel and a Host is using an older version of cPanel then that bug in the cPanel Hotlink Protection Tool would still exist in that particular version of cPanel that the Host is using.

    Luckily the simple solution is just to lock your root .htaccess file on the htaccess Core >>> htaccess File Editor tab page and also turn on AutoLock. Locking the root .htaccess file also prevents another very common problem with the WordPress flush_rewrite_rules function.

    You do not need to delete anything in the cPanel Hotlink Protection Tool window. Just lock your root .htaccess file.

    Yes, the cPanel Hotlink Protection Tool causes a range of errors: 404, 403, 500, crashed site, broken links, etc etc etc.

    Plugin Author AITpro

    (@aitpro)

    11 years, 8 months ago

    What I will be looking at very soon is modifying the particular BPS root .htaccess code that the cPanel Hotlink Protection Tool incorrectly sees as hotlink protection code in the BPS root .htaccess code/file.

    The cPanel Hotlink Protection Tool cannot be turned off/disabled. Disable does not work/is also broken in the cPanel Hotlink Protection Tool.

    I have purchased hosting on a Host that has a malfunctioning cPanel Hotlink Protection Tool so that I can figure out exactly what code modifications need to be made to the BPS root .htaccess code in order to stop the cPanel Hotlink Protection Tool from misinterpreting that code as hotlink protection code and causing this problem.

    Thread Starter 5high

    (@5high)

    11 years, 8 months ago

    Hi AITpro – awesome answer! Thanks for this and I’ll keep an eye open for your updates on it.
    Cheers.

    Plugin Author AITpro

    (@aitpro)

    11 years, 8 months ago

    Ok actually this is no longer an issue/problem. The cPanel HotLink Protection Tool definitely works correctly in cPanel version: 11.44.

    I do not see exact technical documentation that clearly states exactly the what, when or where stuff, but looking at the cPanel Change Logs I would say it was fixed in one of these cPanel versions: 11.38.2.16 released on 2014-02-03 or 11.38.2.23 released on 2014-03-24. Or maybe it was fixed in 11.44.

    The host I am using for testing just upgraded cPanel so it started working all of a sudden. ha ha ha.

    Thread Starter 5high

    (@5high)

    11 years, 8 months ago

    Brilliant!

    Thread Starter 5high

    (@5high)

    11 years, 8 months ago

    Hi again,

    I’ve just looked in the BPS code in my .htaccess file and see that the hotlink protection is commented out (with a # in front of each line) – i’m a bit confused about this… should I uncomment it in my BPS .htaccess file as the cPanel Hotlink tool now doesn’t mess it up… or should I leave it commented out and enable the cPanel Hotlink tool???

    I’m also thinking of adding a .jpe image file as a replacement file if anyone tries to hotlink to it (read about this here: http://www.tamingthebeast.net/articles6/hotlinking-protection.htm ) so again, not sure if this should be added via BPS to my htaccess file or the cPanel Hotlink Tool code?

    Many thanks.

    Plugin Author AITpro

    (@aitpro)

    11 years, 8 months ago

    That is old hotlink protection code that was just example code that has been and always will be commented out by default. here is some much newer/better hotlink protection code: http://forum.ait-pro.com/forums/topic/hotlink-protection-do-not-block-google-bing-or-yahoo/
    This new example code will eventually replace the old example code. Could be a few months to a year though before that change is made since it is considered very low priority.

    I would use the hotlink protection code in the link above, but you can of course choose whatever you want to do.

    Thread Starter 5high

    (@5high)

    11 years, 8 months ago

    Ok, got it! I’ve used the code you’ve linked to (with my details in) and added it via the BPS editor as instructed there – and amazingly it all works fine!
    Thanks so much.

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Is cPanel HotLink still a problem?’ is closed to new replies.