WordPress.org

Forums

Shortcode Exec PHP
[resolved] Error 403 on Shortcode Exec PHP install (8 posts)

  1. Agnes
    Member
    Posted 3 years ago #

    I have successfully used this plugin on my localhost, but when I try to install on my hos (1and1.fr) I get this error...

    I have desactivated BWP-security that may interefere, but still...

    Any idea?

    http://wordpress.org/extend/plugins/shortcode-exec-php/

  2. M66B
    Member
    Plugin Contributor

    Posted 3 years ago #

    Error 403 means forbidden, so there might be something with the web server setup.

  3. Agnes
    Member
    Posted 3 years ago #

    I saw another thread on that, saying might be with the host or some plugin. Yet I wonder what, because all other plugins seem to be installed without an issue. A pity I can't this one... but I wonder what is specific to it that might interfere....

  4. M66B
    Member
    Plugin Contributor

    Posted 3 years ago #

    I don't know, but in any case this is an unusual problem (you are the first one reporting it).

  5. Agnes
    Member
    Posted 3 years ago #

    mmm...
    I found this thread but is is closed without bmuch further details...
    http://wordpress.org/support/topic/plugin-shortcode-exec-php-403-error?replies=7
    I might need to try check my .htaccess... or specific file permissions I may have locked for security reason (after a couple of mamlware attacks I applies a few such rules). But I wonder which specific thing may be in cause.
    I'd like to, because it seems the plugin makes things much easier !

    PS:Indeed! With a very basic .htaccess, I can install the plugin. I am not sure which rule is in fault... now I'll revert to my enhanced one and see if I can then execute the shortcodes at least.
    The strange thing is even 'searching' for "Shortcode Exec PHP" would return an error, like if the "exec" was somehow forbidden.

  6. Agnes
    Member
    Posted 3 years ago #

    I ve found the faulty lines in .htaccess
    # from http://ralph.davidovits.net/internet/se-proteger-des-pirates-et-hackers.html#htaccess

    ### FILTRE AGAINRS PHPSHELL.PHP, REMOTEVIEW, c99Shell & more
    # RewriteEngine On
    # RewriteCond %{REQUEST_URI} # .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
    # RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
    # RewriteCond %{QUERY_STRING} ^(.*)=/(.*)$ [OR]
    # RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
    # RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]
    # RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
    # RewriteCond %{QUERY_STRING} ^(.*)cmd=.*$ [OR] ## ATTENTION A CETTE REGLE. ELLE PEUT CASSER VOTRE SITE ##
    # RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]
    # RewriteCond %{QUERY_STRING} # ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR]
    # RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR]
    # RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]
    # RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(ls|cd|cat|rm|mv|vim|chmod|chdir|concat|mkdir|rmdir|pwd|clear|whoami|uname|tar|zip|unzip|gzip|gunzip|grep|more|ln|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]
    # RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$
    # RewriteRule (.*) - [F]
  7. M66B
    Member
    Plugin Contributor

    Posted 3 years ago #

    Thanks for reporting the root cause of your problem. I guess some other people find it useful!

  8. Agnes
    Member
    Posted 3 years ago #

    Yes, well, you never know... but when you kill yourself to find somethigng on your own, it is good to know someone may get a hint...
    I appreciate finding such hints in many occasions, and tools like yours. Open source & collaboration is precious...!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.