WordPress.org

Support

Support » Plugins and Hacks » [Resolved] 403 Errors

[Resolved] 403 Errors

  • Hey

    I’ve recently been getting constant message my Security Log is becoming large and when I checked I’ve been getting regular 403 errors. Here’s a bit from the log

    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.5
    Host Name: out-ar5.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2011/12/DJ-Chamber-HTF.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.2
    Host Name: out-ar2.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2011/11/Troumaca.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.0
    Host Name: 66.220.152.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2013/01/Karma-Party-Tour.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.4
    Host Name: out-ar4.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2012/04/20120416-191116.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.2
    Host Name: out-ar2.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/sociable/images/more.png
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.5
    Host Name: out-ar5.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2012/03/achal.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.7
    Host Name: out-ar7.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2011/10/131445_500446317776_33761052776_5647685_3713449_o1.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.6
    Host Name: out-ar6.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2011/12/bison.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.6
    Host Name: out-ar6.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2011/10/love-sick.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.3
    Host Name: out-ar3.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/plugins/sociable/images/closelabel.png
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.6
    Host Name: out-ar6.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2012/02/20120220-213452.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.4
    Host Name: out-ar4.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2012/04/20120406-213014.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 66.220.152.5
    Host Name: out-ar5.tfbnw.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-content/uploads/2012/04/20120416-192154.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
    
    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
    REMOTE_ADDR: 72.30.142.221
    Host Name: llf531060.crawl.yahoo.net
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /electronic/interview-kate-mcrae-htf-exclusive
    QUERY_STRING:
    HTTP_USER_AGENT: NING/1.0

    Any ideas why this would be?

    Site is http://www.hitthefloor.co.uk

    Any help would be awesome x

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 15 replies - 1 through 15 (of 23 total)
  • Plugin Author AITpro

    @aitpro

    Looks like some kind of external linking of your images files. See the link below.
    http://www.facebook.com/externalhit_uatext.php

    If you are using HotLink Protection then you are not allowing your images to be HotLinked and that would log a 403 error.

    I’ve checked and hotlinking is disabled so couldn’t be that

    Any other ideas or is there a way I can just stop it logging it if it’s nothing serious?

    Plugin Author AITpro

    @aitpro

    I am not exactly sure how the facebook script is trying to GET images, but maybe doing something like this would work. Whitelist the facebookexternalhit Bot.

    Try this first…

    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD request from bots that you want to allow in certains cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteCond %{HTTP_USER_AGENT} !^(facebookexternalhit) [NC]
    RewriteRule ^(.*)$ - [F,L]

    …and if it does not work then try this – remove/delete HEAD from the nuisance filter…

    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD request from bots that you want to allow in certains cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]

    Plugin Author AITpro

    @aitpro

    What you want to not do is create a rule that whitelists the facebook Bot entirely to allow it to skip/bypass all security since IP’s, Hostnames and User Agents can all be faked. That would make your website vulnerable to a spoofed User Agent hack.

    Where would I paste this code exactly? I’m a bit of newbie when it comes to some of this stuff haha 🙂

    Wud this be in the main .htaccess?

    Also are these only to do with facebook cus some of the log seems to be from my own server (SYWP) :/

    Theres quite a lot of these

    >>>>>>>>>>> 403 Error Logged – February 4, 2013 – 12:09 am <<<<<<<<<<<
    REMOTE_ADDR: 5.77.49.221
    Host Name: server.sywp.co.uk
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.hitthefloor.co.uk
    REQUEST_URI: /tour-dates/blowgoat-announce-july-tour/attachment/blowgoat-3/
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

    >>>>>>>>>>> 403 Error Logged – February 4, 2013 – 12:09 am <<<<<<<<<<<
    REMOTE_ADDR: 5.77.49.221
    Host Name: server.sywp.co.uk
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: http://www.hitthefloor.co.uk
    REQUEST_URI: /wp-content/uploads/2012/06/Blowgoat-245×163.jpg
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

    Plugin Author AITpro

    @aitpro

    That code already exists in your BPS Root .htaccess file. Use the BPS built-in htaccess file editor and try both changes and see what works.

    Hard to tell exactly what those errors are being caused by. Could be a spammer or a dozen other random abusive things against your site. Your site is the Host and the Referrer. The Request was made on your site or to your site and something about that request was forbidden.

    A malicious hacking attempt will look different.

    Still seems to be coming up with the errors

    Seems to be a lot more than just Facebook though.

    It’s quite confusing and my webhosts don’t seem to know either

    Pasted a longer version of the log here – http://pastebin.com/B7aj0y5f

    Plugin Author AITpro

    @aitpro

    Sure looks like you have HotLink protection added either in your Root .htaccess file or in your Web Host Control panel. The majority of the 403 errors are related to image files. There are a couple other shady ones.

    Bottomline it looks like you are not allowing image files to be grabbed or displayed from your site – blocking against HotLinking to image files.

    Folks seem oddly concerned about 403 errors.

    I’ll try to explain a bit better why you should just “forget about it…” in your best Italian accent.

    403’s frequently result from bots attempting to access a directory when directory browsing is forbidden, or when IP denial is enabled.

    If you have smartly installed BPS or some other nice security plugin. That plugin will block attempts at connecting to files in directories which disallow connections; and likewise block repeat bad login offenders.

    This is a natural result of having the security plugin installed (403 errors). cPanel Hotlink Protection = (ditto).

    Bottom line:
    403 errors mean your security plugin or control panel is working.

    Remember a 403 is not a 404.
    Massive numbers of 404 errors, now that is something worthy of discussion. 403 errors (aka, go away bot scum errors), not so much.

    Plugin Author AITpro

    @aitpro

    Actually it is not hotlinking at all. I just successfully hotlinked one of your image files from another website.

    Plugin Author AITpro

    @aitpro

    These errors are all occuring on your main site and not your blog site.

    Plugin Author AITpro

    @aitpro

    I see you are using a Minify plugin so anything could be happening. Minify plugins are a nightmare and you could not pay me enough money to install one on my site. Plus they create huge security vulnerabilities – BAD!!!

    Plugin Author AITpro

    @aitpro

    How is your main site linked to your blog site. I see images on the main site and when i click them i am taken to the blog site????? Why are images on your main site loading your blog site????

    I think the problem is something is fubar about the way you are linking your image files.

    Plugin Author AITpro

    @aitpro

    Or maybe not. it looks like some go to your main site and others go to your blog site, but all of these errors are coming from the main site. Do you see the same type of errors on your blog site?

Viewing 15 replies - 1 through 15 (of 23 total)
  • The topic ‘[Resolved] 403 Errors’ is closed to new replies.