Support » Plugin: All In One WP Security & Firewall » Cookie-based brute force prevention overwrites .htaccess

  • Hi, when I implement cookie-based brute force prevention, my site’s .htaccess file is overwritten and I get an internal server error 500 when attempting to access the site.

    In fact, when I save any of the features that use htaccess, and the file is saved, I immediately get a 500 error. The failed log-in records seems to be the only feature that works as expected. Here’s the .htaccess file that AIOWPS generates:

    # BEGIN All In One WP Security
    #AIOWPS_SIX_G_BLACKLIST_START
    # 6G FIREWALL/BLACKLIST
    # @ https://perishablepress.com/6g/

    # 6G:[QUERY STRINGS]
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
    RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
    RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
    RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
    RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
    RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
    RewriteCond %{QUERY_STRING} (‘|\”)(.*)(drop|insert|md5|select|union) [NC]
    RewriteRule .* – [F]
    </IfModule>

    # 6G:[REQUEST METHOD]
    <IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
    RewriteRule .* – [F]
    </IfModule>

    # 6G:[REFERRERS]
    <IfModule mod_rewrite.c>
    RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR]
    RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
    RewriteRule .* – [F]
    </IfModule>

    # 6G:[REQUEST STRINGS]
    <IfModule mod_alias.c>
    RedirectMatch 403 (?i)([a-z0-9]{2000,})
    RedirectMatch 403 (?i)(https?|ftp|php):/
    RedirectMatch 403 (?i)(base64_encode)(.*)(\()
    RedirectMatch 403 (?i)(=\’|=\%27|/\’/?)\.
    RedirectMatch 403 (?i)/(\$(\&)?|\*|\”|\.|,|&|&?)/?$
    RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\”\\”)
    RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\|\s|\{|\}|\[|\]|\|)
    RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
    RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
    RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
    RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
    </IfModule>

    # 6G:[USER AGENTS]
    <IfModule mod_setenvif.c>
    SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
    SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot

    # Apache < 2.3
    <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from all
    Deny from env=bad_bot
    #AIOWPS_IP_BLACKLIST_2_3_START
    Deny from 103.62.48.236
    Deny from 169.62.27.183
    Deny from 188.166.186.127
    Deny from 36.66.50.242
    Deny from 36.71.237.154
    Deny from 45.32.104.79
    Deny from 51.143.101.166
    Deny from 62.210.82.133
    #AIOWPS_IP_BLACKLIST_2_3_END

    </IfModule>

    # Apache >= 2.3
    <IfModule mod_authz_core.c>
    <RequireAll>
    Require all Granted
    Require not env bad_bot
    #AIOWPS_IP_BLACKLIST_2_4_START
    Require not ip 103.62.48.236
    Require not ip 169.62.27.183
    Require not ip 188.166.186.127
    Require not ip 36.66.50.242
    Require not ip 36.71.237.154
    Require not ip 45.32.104.79
    Require not ip 51.143.101.166
    Require not ip 62.210.82.133
    #AIOWPS_IP_BLACKLIST_2_4_END

    </RequireAll>
    </IfModule>
    </IfModule>
    #AIOWPS_SIX_G_BLACKLIST_END
    #AIOWPS_ENABLE_BRUTE_FORCE_PREVENTION_START
    RewriteEngine On
    RewriteCond %{REQUEST_URI} (wp-admin|wp-login)
    RewriteCond %{REQUEST_URI} !(wp-admin/admin-ajax.php)
    RewriteCond %{HTTP_COOKIE} !waDada19262003= [NC]
    RewriteCond %{HTTP_COOKIE} !aiowps_cookie_test_vpvt52i217= [NC]
    RewriteRule .* http://127.0.0.1 [L]
    #AIOWPS_ENABLE_BRUTE_FORCE_PREVENTION_END
    #AIOWPS_PREVENT_IMAGE_HOTLINKS_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.mycitycourier\.com [NC]
    RewriteRule \.(gif|jpe?g?|png)$ – [F,NC,L]
    </IfModule>
    #AIOWPS_PREVENT_IMAGE_HOTLINKS_END
    # END All In One WP Security

    What could I be doing wrong?

    • This topic was modified 4 months, 3 weeks ago by starapple.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Just for testing purposes, can you save your permalink settings again. Sometimes this fixes issues with your .htaccess file. Then carry out a test.

    Let me know what happens.

    Thank you

    • This reply was modified 4 months, 3 weeks ago by mbrsolution.
    Thread Starter starapple

    (@starapple)

    Ok, I’ll try that but the saving of the permalinks will have to be before testing because after the htaccess file is written, the 500 error is triggered.

    Thread Starter starapple

    (@starapple)

    @mbrsolution I saved permalinks before trying again. The only difference this time was that AIOWPS prepended the generated settings to the WP settings. I therefore was unable to save the permalinks again after the error was generated.

    This is the AIOWPS generated setting, atop that generated by WP:

    # BEGIN All In One WP Security
    #AIOWPS_SIX_G_BLACKLIST_START
    # 6G FIREWALL/BLACKLIST
    # @ https://perishablepress.com/6g/

    # 6G:[QUERY STRINGS]
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
    RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
    RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
    RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
    RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
    RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
    RewriteCond %{QUERY_STRING} (‘|\”)(.*)(drop|insert|md5|select|union) [NC]
    RewriteRule .* – [F]
    </IfModule>

    # 6G:[REQUEST METHOD]
    <IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
    RewriteRule .* – [F]
    </IfModule>

    # 6G:[REFERRERS]
    <IfModule mod_rewrite.c>
    RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR]
    RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
    RewriteRule .* – [F]
    </IfModule>

    # 6G:[REQUEST STRINGS]
    <IfModule mod_alias.c>
    RedirectMatch 403 (?i)([a-z0-9]{2000,})
    RedirectMatch 403 (?i)(https?|ftp|php):/
    RedirectMatch 403 (?i)(base64_encode)(.*)(\()
    RedirectMatch 403 (?i)(=\’|=\%27|/\’/?)\.
    RedirectMatch 403 (?i)/(\$(\&)?|\*|\”|\.|,|&|&?)/?$
    RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\”\\”)
    RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\|\s|\{|\}|\[|\]|\|)
    RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
    RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
    RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
    RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
    </IfModule>

    # 6G:[USER AGENTS]
    <IfModule mod_setenvif.c>
    SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
    SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot

    # Apache < 2.3
    <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from all
    Deny from env=bad_bot
    #AIOWPS_IP_BLACKLIST_2_3_START
    Deny from 103.62.48.236
    Deny from 169.62.27.183
    Deny from 188.166.186.127
    Deny from 36.66.50.242
    Deny from 36.71.237.154
    Deny from 45.32.104.79
    Deny from 51.143.101.166
    Deny from 62.210.82.133
    #AIOWPS_IP_BLACKLIST_2_3_END

    </IfModule>

    # Apache >= 2.3
    <IfModule mod_authz_core.c>
    <RequireAll>
    Require all Granted
    Require not env bad_bot
    #AIOWPS_IP_BLACKLIST_2_4_START
    Require not ip 103.62.48.236
    Require not ip 169.62.27.183
    Require not ip 188.166.186.127
    Require not ip 36.66.50.242
    Require not ip 36.71.237.154
    Require not ip 45.32.104.79
    Require not ip 51.143.101.166
    Require not ip 62.210.82.133
    #AIOWPS_IP_BLACKLIST_2_4_END

    </RequireAll>
    </IfModule>
    </IfModule>
    #AIOWPS_SIX_G_BLACKLIST_END
    #AIOWPS_ENABLE_BRUTE_FORCE_PREVENTION_START
    RewriteEngine On
    RewriteCond %{REQUEST_URI} (wp-admin|wp-login)
    RewriteCond %{REQUEST_URI} !(wp-admin/admin-ajax.php)
    RewriteCond %{HTTP_COOKIE} !waDada19262003= [NC]
    RewriteCond %{HTTP_COOKIE} !aiowps_cookie_test_vpvt52i217= [NC]
    RewriteRule .* http://127.0.0.1 [L]
    #AIOWPS_ENABLE_BRUTE_FORCE_PREVENTION_END
    #AIOWPS_PREVENT_IMAGE_HOTLINKS_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.mycitycourier\.com [NC]
    RewriteRule \.(gif|jpe?g?|png)$ – [F,NC,L]
    </IfModule>
    #AIOWPS_PREVENT_IMAGE_HOTLINKS_END
    # END All In One WP Security

    # BEGIN WordPress
    # The directives (lines) between BEGIN WordPress and END WordPress are
    # dynamically generated, and should only be modified via WordPress filters.
    # Any changes to the directives between these markers will be overwritten.
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    Maybe I should uninstall AIOWPS and start from scratch.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Maybe I should uninstall AIOWPS and start from scratch.

    Yes, try that and let me know what happens.

    Thank you

    Thread Starter starapple

    (@starapple)

    Hi @mbrsolution, no luck. Does removing it also uninstall everything associated with AIOWPS?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Does removing it also uninstall everything associated with AIOWPS?

    No. Try to reset the plugin first. The following information can help you.

    https://mbrsolution.com/wordpress/how-to-reset-aiowps-plugin.php

    Let me know what happens.

    Thank you

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.