Issue with the Better Analytics plugin

Resolved isaacl
(@isaacl)

10 years, 11 months ago
I’m seeing a bunch of these entries in the BPS security log (I removed the IP address):

[403 GET / HEAD Request: June 29, 2015 – 12:18 pm]
Event Code: PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: x.x.x.x
Host Name: static-x-x-x-x.nycmny.fios.verizon.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: x.x.x.x
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://mydomain.com/
REQUEST_URI: /wp-content/plugins/better-analytics/js/loader.php?ver=1.0.5.js
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36

I tried following another thread (https://wordpress.org/support/topic/conflict-with-social-share-plugin), and added this in under the CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES area:
```
# S=13: Better Analytics skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/better-analytics/ [NC]
RewriteRule . - [S=13]
```
I also added this under the CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE area (with mydomain set to my site’s domain):
```
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Only Allow Internal File Requests From Your Website
# To Allow Additional Websites Access to a File Use [OR] as shown below.
# RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
# RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F,L]
RewriteCond %{REQUEST_URI} (loader\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
RewriteCond %{HTTP_REFERER} ^.*mydomain.com.*
RewriteRule . - [S=1]
```
However, I am still seeing the errors in the security log.

Any ideas how I can get this working?

Thanks a lot!

Edit: I just realized that I had to change the get-noapi-counts line in the second block to loader, and remove the second entry (updated above), but that still isn’t working, and I’m still seeing the errors in the log.

https://wordpress.org/plugins/bulletproof-security/

Viewing 8 replies - 31 through 38 (of 38 total)

← 1 2 3

Thread Starter isaacl
(@isaacl)

10 years, 11 months ago

And I probably found that somewhere online a long time ago, about adding that in to the wp-content folder, and as long as nothing that’s not supposed to be blocked is blocked, I may as well keep it there, and now I can just unblock the individual files that I need to let through.

digitalpoint
(@digitalpoint)

10 years, 11 months ago

I can see why someone super security conscious would just blanket deny PHP files in wp-content like that, but wp-content tends to be public facing things (themes and plugins primarily). And any properly written theme/plugin isn’t going to allow anything that shouldn’t be accessed directly on it’s own.

Personally, I blanket forbid any sort of access whatsoever to wp-includes and require http auth for wp-admin, but it’s tough to do stuff like that within wp-content because there are legitimate reasons to allow access there in some cases.

If you wanted to go down the road of keeping it restricted, you probably are going to want to just have a whitelist of PHP files you allow within there and work that into your .htaccess file… but seems like it becomes an annoying support/maintenance issue for you then.

Personally, I’d LOVE it if WordPress had a mechanism for loading JS, CSS, images, etc. without needing access to wp-content, but sadly, it just doesn’t, so we are stuck with what it can/can’t do for now.

Plugin Author AITpro
(@aitpro)

10 years, 11 months ago

Cool. Yeah it’s usually some silly thing like that. 😉

Plugin Author AITpro
(@aitpro)

10 years, 11 months ago

And if you want to use a variation of your wp-content htaccess code then this forum topic has a whitelisting technique that you may want to use: https://wordpress.org/support/topic/sucuri-1-click-hardening-wp-content-htaccess-file-problem-detected?replies=9

Plugin Author AITpro
(@aitpro)

10 years, 11 months ago

Gives you more options as far as Regex goes so that you can whitelist entire directories and/or files by type with less code.

Thread Starter isaacl
(@isaacl)

10 years, 11 months ago

For some reason, that has worked for me for years – so long that I don’t even remember setting it up (though I obviously had this issues once before, and had to unblock something, though I must have figured out then what was blocking it), but it seems like everything else isn’t loaded directly.

I am not really a programmer though, I work in IT, and know enough about programming to be dangerous, but I wouldn’t know how WordPress plugins works, how they load content, etc.

The above method works for me – the blanket deny, and then allowing specific files through, but if it becomes an issue, then I can always remove it.

I seem to have the same type of htaccess file in the wp-includes folder, and then I have 2 step authentication and a bunch of other security settings set up in WP for logging in, though doing a http auth on that folder probably makes sense as well…

Thread Starter isaacl
(@isaacl)

10 years, 11 months ago

@aitpro – Going to take a look at that, thanks a lot!

Plugin Author AITpro
(@aitpro)

10 years, 11 months ago

Thread Start Date: 6-29-2015 to 6-30-2015
Thread Resolved/Current Date: 7-1-2015
Comments: Non-BPS plugin issue.

Viewing 8 replies - 31 through 38 (of 38 total)

← 1 2 3

The topic ‘Issue with the Better Analytics plugin’ is closed to new replies.