403 Errors

  • Resolved chrishtf

    (@chrishtf)


    13 years, 3 months ago

    Hey

    I’ve recently been getting constant message my Security Log is becoming large and when I checked I’ve been getting regular 403 errors. Here’s a bit from the log

    >>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.5
Host Name: out-ar5.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2011/12/DJ-Chamber-HTF.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.2
Host Name: out-ar2.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2011/11/Troumaca.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.0
Host Name: 66.220.152.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2013/01/Karma-Party-Tour.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.4
Host Name: out-ar4.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2012/04/20120416-191116.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.2
Host Name: out-ar2.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/plugins/sociable/images/more.png
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.5
Host Name: out-ar5.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2012/03/achal.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.7
Host Name: out-ar7.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2011/10/131445_500446317776_33761052776_5647685_3713449_o1.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.6
Host Name: out-ar6.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2011/12/bison.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.6
Host Name: out-ar6.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2011/10/love-sick.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.3
Host Name: out-ar3.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/plugins/sociable/images/closelabel.png
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.6
Host Name: out-ar6.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2012/02/20120220-213452.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.4
Host Name: out-ar4.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2012/04/20120406-213014.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 66.220.152.5
Host Name: out-ar5.tfbnw.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/uploads/2012/04/20120416-192154.jpg
QUERY_STRING:
HTTP_USER_AGENT: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

>>>>>>>>>>> 403 Error Logged - February 2, 2013 - 6:10 pm <<<<<<<<<<<
REMOTE_ADDR: 72.30.142.221
Host Name: llf531060.crawl.yahoo.net
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /electronic/interview-kate-mcrae-htf-exclusive
QUERY_STRING:
HTTP_USER_AGENT: NING/1.0

    Any ideas why this would be?

    Site is http://www.hitthefloor.co.uk

    Any help would be awesome x

    http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 8 replies - 16 through 23 (of 23 total)
1 2
  • Plugin Author AITpro

    (@aitpro)

    13 years, 3 months ago

    And this one is good for a laugh. The MSN bot is trying to hack your website. LOL I once had the Google bot try to hack my site for a few days. LOL obviously this is not the real MSN Bot. IP addresses, Host names and User Agents can be very easily faked. And this hacker is faking the MSN bot when looking for a timthumb file to exploit. πŸ˜‰

    >>>>>>>>>>> 403 Error Logged - February 4, 2013 - 11:28 pm <<<<<<<<<<<
REMOTE_ADDR: 131.253.24.4
Host Name: msnbot-131-253-24-4.search.msn.com
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-content/themes/magazinum/functions/theme/thumb.php?src=http://www.hitthefloor.co.uk/wp-content/uploads/2012/02/F9-520x325.jpg&w=225&h=Yes&zc=1&a=c
QUERY_STRING:
HTTP_USER_AGENT: msnbot-media/1.1 (+http://search.msn.com/msnbot.htm)
    Thread Starter chrishtf

    (@chrishtf)

    13 years, 3 months ago

    It’s all one site. It’s a wordpress install on domain http://www.hitthefloor.co.uk

    The actual server itself its hosted on is registered as http://www.sywp.co.uk as there are a few other sites on the same server if that’s what u meant πŸ™‚

    Is there anything I could get my webhosts to look at maybe? They were just confused last time they had a look lol

    Also wud u advise against using Minify then? is it not good for the site?

    Plugin Author AITpro

    (@aitpro)

    13 years, 3 months ago

    Ok so /blog is just a designated blog page then and not a completely separate WordPress site correct?

    I guess you could have your Host check the Server Logs for additional clues, but i doubt it would tell them anything more useful.

    Ok here is the overall deal. Images display fine on your site, everything is working fine on your site and you can HotLink to images. The logged events pertaining to image files may be things like this:

    Someone is attempting to scrape, mirror, copy, download, etc your entire site and images and they are faking that they are the facebook bot. Remember that IP addresses, Host Names and User Agents can all be very easily faked.

    Or maybe you have some kind of facebook plugin installed that is doing something to cause the errors. Or maybe your Themes would have something to do with this? Do the standard WordPress troubleshooting steps.

    1. deactivate plugins one by one and test
    2. switch to the WordPress 2012 theme to test.

    The big picture:

    In your log file that you posted I see that BPS blocked/stopped several common hacking attempts on your website. The image file errors are only a nuisance and are not causing any problems. So try the WordPress troubleshooting steps and see what happens. Another possibility is that they will just stop all of a sudden if it has to do with mirroring, scraping, etc.

    I personally do not use Minify plugins because i have several very critical scripts that need to be 100% intact and not minified. If these critical scripts are minified then they lose coding safeguard checks. So it is up to you. Most likely it would not be an issue for you so it is fine to use a Minify plugin on your site.

    And also the image errors could be caused by your minifying plugin. So when you do the standard WordPress troubleshooting steps then you would be eliminating your Minify plugin as well as the cause of the problem.

    Plugin Author AITpro

    (@aitpro)

    13 years, 3 months ago

    Also this Forum post puts things in perspective regarding what matters and what does not matter in regards to logged events:

    http://forum.ait-pro.com/forums/topic/security-log-security-log-403-errors/#post-1694

    Plugin Author AITpro

    (@aitpro)

    13 years, 3 months ago

    Did you try the standard WordPress troubleshooting steps?

    1. deactivate plugins one by one and test
    2. switch to the WordPress 2012 theme to test.

    Plugin Author AITpro

    (@aitpro)

    13 years, 3 months ago

    Working on this over here now >>> http://wordpress.org/support/topic/linkchecker-and-other-legit-bots-are-broken?replies=8

    Will post my findings/solution there.

    Plugin Author AITpro

    (@aitpro)

    13 years, 3 months ago

    deleted posted in the wrong thread…

    Plugin Author AITpro

    (@aitpro)

    13 years, 3 months ago

    resolving this Thread. This issue is being worked on in this thread >>> http://wordpress.org/support/topic/linkchecker-and-other-legit-bots-are-broken?replies=8

    This issue is a nuisance issue and does not have a negative impact or block anything important. It has still not been determined if BPS is the source of the facebook 206 error. pending further investigation / testing.

Viewing 8 replies - 16 through 23 (of 23 total)
1 2

The topic ‘403 Errors’ is closed to new replies.