WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] 403 Forbidden error Locked out from wp-admin and website gone. (16 posts)

  1. rasamalai
    Member
    Posted 11 months ago #

    So, I've been using this security plugin that somehow got me locked out of my website again, actually, it wont show up at all, I was changing my permissions to their suggestions when this happened.

    I had managed to do this same thing once before a while ago:
    old thread here

    But this time it keeps on creating a new htaccess file whenever I delete or rename it, I'd really appreciate some help, thank you so much in advance!

  2. The Grey Parrots
    Member
    Posted 11 months ago #

    It might be some malware issue which is creating the .htaccess issue.

    Can you kindly share the .htacess content.

  3. rasamalai
    Member
    Posted 11 months ago #

    #   BULLETPROOF .50 WP-ADMIN SECURE .HTACCESS     
    
    # If you edit the BULLETPROOF .50 WP-ADMIN SECURE .HTACCESS text above
    # you will see error messages on the BPS Security Status page
    # BPS is reading the version number in the htaccess file to validate checks
    # BPS is also checking that the string BPSQSE exists in this file - do not delete it
    # If you would like to change what is displayed above you
    # will need to edit the BPS functions.php file to match your changes
    # For more info see the BPS Guide at AIT-pro.com
    
    # DO NOT ADD URL REWRITING IN THIS FILE OR WORDPRESS WILL BREAK
    # RewriteRule ^(.*)$ - [F,L] - works in /wp-admin without breaking WordPress
    # RewriteRule . /index.php [L] - will break WordPress
    
    # ADD WP-ADMIN FILE NAMES TO FILESMATCH MAKING THEM 403 FORBIDDEN
    # DENY BROWSER ACCESS TO WP-ADMIN INSTALL.PHP
    # Add the wp-admin file names to FilesMatch and deny direct browser access to them.
    # This would generate a HTTP 403 Forbidden error message instead of a 404 error.
    # The root .htaccess file already has a security rule that blocks access to all
    # /wp-admin/includes files in the wp-admin folder. Directly trying to access
    # files with a browser in the wp-admin folder results in 404 HTTP errors, which is
    # essentially the same protection that making the files forbidden 403 would achieve.
    # Making /wp-admin/install.php forbidden is not really necessary, but has been
    # added as an additional security measure.
    # To allow yourself browser access to install.php replace Allow from 88.77.66.55
    # with your current IP address and remove the pound sign # from in front of the
    # Allow from line of code below.
    
    # BEGIN BPS WPADMIN DENY ACCESS TO FILES
    <FilesMatch "^(install\.php|example\.php|example2\.php|example3\.php)">
    Order allow,deny
    Deny from all
    #Allow from 88.77.66.55
    </FilesMatch>
    # END BPS WPADMIN DENY ACCESS TO FILES
    
    # BEGIN OPTIONAL WP-ADMIN ADDITIONAL SECURITY MEASURES:
    
    # BEGIN CUSTOM CODE WPADMIN TOP: Add miscellaneous custom code here
    
    # END CUSTOM CODE WPADMIN TOP
    
    # WP-ADMIN DIRECTORY PASSWORD PROTECTION - .htpasswd
    # The BPS root .htaccess file already has a security rule that blocks access to all
    # /wp-admin/includes files in the wp-admin folder.
    # The wp-admin directory already requires authentication to gain access to your
    # wp dashboard. Adding a second layer of authentication is not really necessary.
    # Users / visitors to your site will not be able to register or login
    # to your site without also having the additional login information.
    # htpasswd encrypts passwords using either a version of MD5 modified for Apache,
    # or the system's crypt() routine. Files managed by htpasswd may contain both types
    # of passwords; some user records may have MD5-encrypted passwords while others in
    # the same file may have passwords encrypted with crypt().
    # User accounts and passwords can be added in your host Control Panel or directly
    # in the .htpasswd file.
    # The .htpasswd file should be in a Server protected directory and not in a public
    # directory.
    # You can specify a single specific user or use valid-user to allow all valid
    # user accounts to be able to login to your site.
    
    # EXAMPLE:
    #AuthType basic
    #AuthGroupFile /dev/null
    #AuthUserFile /path/to/protected/server/directory/.htpasswd
    #AuthName "Password Protected Area"
    #require user Zippy
    #require valid-user
    
    # ADD YOUR CURRENT IP ADDRESS TO THIS FILE
    # This will then require that you FTP to your site and manually change the IP
    # address in this .htaccess file. And users will not be able to register or login
    # to your site without having their IP addresses added to this file. It is possible
    # to automate this, but unfortunately in order to not lock you out of your own site
    # the IP address would have to be removed on exiting your site. This means that if
    # you are not currently logged in then no additional security is in effect.
    # If you are not going to access or login to your site for a long time and you
    # are not allowing additional users to access your site then
    # manually adding an IP address may be an option you want to use temporarily.
    
    # EXAMPLE:
    #AuthUserFile /dev/null
    #AuthGroupFile /dev/null
    #AuthName "Password Protected Area"
    #AuthType Basic
    #order deny,allow
    #deny from all
    # whitelist home IP address
    #allow from 64.233.169.99
    # whitelist work IP address
    #allow from 69.147.114.210
    #allow from 199.239.136.200
    # IP while in Kentucky; delete when back
    #allow from 128.163.2.27
    
    # END OPTIONAL WP-ADMIN ADDITIONAL SECURITY MEASURES
    
    # REQUEST METHODS FILTERED
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]
    
    # BEGIN CUSTOM CODE WPADMIN PLUGIN FIXES: Add ONLY WPADMIN personal plugin fixes code here
    
    # END CUSTOM CODE WPADMIN PLUGIN FIXES
    
    # Allow wp-admin files that are called by plugins
    # Fix for WP Press This
    RewriteCond %{REQUEST_URI} (press-this\.php) [NC]
    RewriteRule . - [S=1]
    
    # BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    # BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
    # WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F,L]
    # END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
  4. The Grey Parrots
    Member
    Posted 11 months ago #

    Can you kindly delete this plugin "bulletproof security" and try it once.

    It might be from there.

  5. rasamalai
    Member
    Posted 11 months ago #

    I tried that

  6. The Grey Parrots
    Member
    Posted 11 months ago #

    After that delete the htaccess and try once.

  7. rasamalai
    Member
    Posted 11 months ago #

    I dragged the plugin to the trash and deleted the htaccess file but it still reappears.

    [ No bumping please. ]

  8. Dave Naylor
    Member
    Posted 11 months ago #

    There seems to be a complete blanket denial of anything at your site at the moment. I can't reach anything.

    When you say you dragged the plugin to trash and deleted the .htaccess file, where is the trash, on your local machine? How did you delete the .htaccess file? By FTP?

  9. rasamalai
    Member
    Posted 11 months ago #

    I dragged it to the trash folder on CPanel and I deleted them using a file manager on CPanel as well.

  10. Dave Naylor
    Member
    Posted 11 months ago #

    Hmmm. I love cPanel. Not.

    OK, are you able to use FTP? FileZilla is a fairly good client. Visit your site via FTP and do two things, delete the .htaccess file again and then visit wp-content/ directory and rename plugins/ to pluginsHOLD/

    Let's see where we get to then.

  11. rasamalai
    Member
    Posted 11 months ago #

    Thanks!
    I've never used it before, I'll try it now.

  12. rasamalai
    Member
    Posted 11 months ago #

    It's back on!
    Thank you so much!
    Can I enable the plugins now?

  13. Dave Naylor
    Member
    Posted 11 months ago #

    Do it one by one until it falls over again. That way you'll identify the culprit.

  14. rasamalai
    Member
    Posted 11 months ago #

    I did, but found no culprit, I was changing permissions on cPanel when this happened, blame it on cPanel?
    Thank you so very much, I thought I was not going to get any sleep for what little remains of the night, I can not thank you enough! :)

  15. Dave Naylor
    Member
    Posted 11 months ago #

    No problem. Glad you got things running again.

  16. rasamalai
    Member
    Posted 11 months ago #

    <3 :3 <3 !!! Nite nite!

Reply

You must log in to post.

About this Topic