Support » Plugin: BulletProof Security » Possible conflict with Kama Click Counter

  • Resolved Daedalon

    (@daedalon)


    Hi, I tried out the plugin Kama Click Counter. It seemed to work well until I clicked the link, at which point I got the following error, I believe from BPS:

    403 Forbidden Error Page

    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.

    The link URL was [domain]/en?download=&kccpid=12345&kcccount=https://url.to.link.target. The en part is likely from QTranslate X, the rest is from this plugin. I also manually tried removing bits so that the link was only [domain]/?kcccount=https://url.to.link.target, but the same error message came up.

    1. Any idea on how to avoid this error message?

    2. To my eyes the error message would seem more readable if there was a comma between these words: “link click”.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author AITpro

    (@aitpro)

    The Request URI is simulating an RFI hacking attempt against your site. Go to your BPS Security Log and post the Security Log entry for this so I can see what is being blocked.

    Most likely this fix will work: http://forum.ait-pro.com/forums/topic/riva-slider-pro/#post-30567

    • This reply was modified 4 years, 2 months ago by AITpro.

    Hi, thanks for the reply. Here’s the anonymized entry from security log.

    [403 GET Request: [timestamp]]
    Event Code: BFHS – Blocked/Forbidden Hacker or Spammer
    Solution: N/A – Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: [IP]
    Host Name: [DNS]
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: [origin page URL]
    REQUEST_URI: /en?download=&kccpid=12345&kcccount=https://url.to.link.target
    QUERY_STRING:
    HTTP_USER_AGENT: [useragent]

    I’ve already switched to another click counter Clink, but it may be worth it for BPS and Kama to see about how to best work around the compatibility issue, if there is one. Naturally I’m also curious to find out more on how and why this happens.

    Plugin Author AITpro

    (@aitpro)

    Great. Thanks for posting the Security Log entry. This looks like a typical simulated RFI hacking attempt against your website and BPS root htaccess security filters protect against RFI hacking attempts. Most likely the link I posted above would fix this and allow/whitelist the simulated RFI hacking attempts. I will download and test the Kama Click Counter to confirm that the fix above works.

    Plugin Author AITpro

    (@aitpro)

    Yep, installed and tested this plugin and this solution works: http://forum.ait-pro.com/forums/topic/riva-slider-pro/#post-30567

    Thanks! Does that solution decrease security? If, I wonder if you might have a guide for the authors of Kama Click Counter and other plugins on how to implement the feature in a way that does not conflict with stricter security settings (BPS defaults)?

    Plugin Author AITpro

    (@aitpro)

    Nope, the solution does not decrease security significantly. Those older Query String Exploits filters are general RFI security filters. This block of code below in the BPS Root htaccess file is specifically designed to protect against RFI attacks and allows whitelisting modifications. So basically think of it like outer and inner layers of security. If you remove the outer general layer of security then the inner layer of security is still protecting against RFI attacks.

    This is not considered a conflict or a problem. Kama is doing what it does and BPS is doing what it does. So since BPS is blocking something in Kama then it is a procedural solution and not any sort of conflict.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Use BPS Custom Code to modify/edit/change this code and to save it permanently.
    # Remote File Inclusion (RFI) security rules
    # Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F]
    # 
    # Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    # Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
    RewriteCond %{HTTP_REFERER} ^.*forum.ait-pro.com.*
    RewriteRule . - [S=1]
Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Possible conflict with Kama Click Counter’ is closed to new replies.