Quantcast
Channel: BulletProof Security Forum » All Posts
Viewing all 12461 articles
Browse latest View live

unable to activate or deactivate BPS Pro

July 16, 2019, 10:16 am
$
0
0

Had deactivateed BPS to enable some host related maintenance and when  I activated again 5 alerts popped up:

  • AutoRestore|Quarantine Alert

A file has been quarantined. Click Here  >> offers to download admin.php

  • A PHP Error has been logged in your PHP Error Log

Click Here To go to the P-Security PHP Error Log page. >> offers to download admin.php

  • Login Security Alert

Click Here to go to the Login Security page. >> offers to download admin.php

  • F-Lock Folder Lock Alert

A Hosting Account Root Folder has been locked.
Click Here to go to the F-Lock Folder Lock page. >> offers to download admin.php

  • Error: The BPS Pro Activation Key is not valid for this website

Go to the BPS Pro Activation page and request a new BPS Pro Activation Key for this website. >> offers to download admin.php

There are three options on the plugin:

DEACTIVATE >> selecting that option >> offers to download plugins.php

SETUP WIZARD >> selecting that option >> offers to download admin.php

TROUBLESHOOT >> selecting that option >> offers to download plugins.php

Don’t even know where to start. Had hoped that running through the setup wizards would have been all that was needed.

Activation of BPS has crashed my site and when it is accessed a file is downloaded <download> with no file extension

HELP !

the site is https://www.abzu2.com/

Search

Reply To: unable to activate or deactivate BPS Pro

July 16, 2019, 11:00 am
$
0
0

The php file download problem is caused by missing or invalid php/php.ini handler htaccess code in your root htaccess file.  This forum topic explains the general steps to fix this problem > https://forum.ait-pro.com/forums/topic/wordpress-admin-php-file-downloaded-instead-of-being-processed/ Important Note: The forum topic is specifically about adding GoDaddy php/php.ini handler htaccess code to BPS Custom Code. You would find and add the correct php/php.ini handler htaccess code for your web host. Each web host has different php/php.ini handler htaccess code.

Files were quarantined because the “AutoRestore|Quarantine Manual File Editing/Uploading Procedural Steps” below were not done prior to your web host performing maintenace/upgrades on your server/website.

https://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/

AutoRestore|Quarantine Manual File Editing/Uploading Procedural Steps
AutoRestore|Quarantine (ARQ IDPS) is a real-time file monitor that monitors all of your website files for any changes. When manually uploading or modifying files or folders with FTP use these simple procedural steps to avoid having those files autorestored and/or quarantined. If files are sent to Quarantine then use the Restore File option in Quarantine to restore those files. ARQ is amazing, but it cannot tell who you are if you are manually modifying or uploading files or folders outside of your WordPress Dashboard – that is not possible.

1. Turn AutoRestore Off on the AutoRestore page.
2. Manually upload files or manually modify/edit files or folders.
3. Click the appropriate AutoRestore Backup Files button: Root Files, wp-admin Files, wp-includes Files or wp-content Files Backup Files button or run the Setup Wizards.
4. Turn AutoRestore back On.

Once you fix the php/php.ini handler htaccess code issue you can then solve the other issues. Looks like you need to request a new BPS Pro Activation Key on the BPS Pro Activation page.

The BPS Pro plugin is a very advanced plugin that has built-in On|Off capability and troubleshooting capability for all BPS Pro security features.  The BPS Pro plugin should never be deactivated for troubleshooting or doing server maintenance, website migrations, etc.  See this forum topic for the correct procedures to Turn Off BPS Pro security features when doing website migrations or maintenance or server upgrades/changes > https://forum.ait-pro.com/forums/topic/migrating-moving-or-cloning-websites/#post-20407

BPS Pro Troubleshooting Steps
https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

Reply To: unable to activate or deactivate BPS Pro

July 16, 2019, 4:07 pm
$
0
0

Complicated. But I see that the first step is to add the php handler to .htaccess. The link provided is for GoDaddy. My host is Bluehost and my PHP is version: 7.2.7. So instead of :

# Go Daddy PHP5.6 php/php.ini handler
AddHandler x-httpd-php5-6 .php

I assume that the correct text would therefore be:

# BlueHost PHP7.2.7 php/php.ini handler
AddHandler x-httpd-php7.2.7 .php

The current PHP information in the .htaccess file is:

# CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
# Use PHP70CGI as default
AddHandler fcgid70-script .php

Reply To: unable to activate or deactivate BPS Pro

July 16, 2019, 5:20 pm
$
0
0

Yep, the correct php/php.ini handler code is the PHP7.2.7 php/php.ini handler htaccess code since that is the PHP server version you want to use.

Reply To: unable to activate or deactivate BPS Pro

July 17, 2019, 12:28 am
$
0
0

Followed the instructions exactly as listed in https://forum.ait-pro.com/forums/topic/wordpress-admin-php-file-downloaded-instead-of-being-processed/

1. Use FTP or your web host control panel file manager and rename the /bulletproof-security/ plugin folder to /_bulletproof-security/.

  • Done
    2. Manually edit your root htaccess file and add the php/php.ini handler htaccess code that I posted above at the very top of your root htaccess file.
  • Done. Added >> # BlueHost PHP7.2.7 php/php.ini handler
    AddHandler x-httpd-php7.2.7 .php and deleted # Use PHP70CGI as default
    # AddHandler fcgid70-script .php
    3. Login to your website.
  • Done. Instead of download when I accessing the site I now get application/x-httpdphp (2.2 KB)
    4. Rename the /_bulletproof-security/ plugin folder back to /bulletproof-security/.
  • Done. No change to error. Tried two other browsers. Same problem. Reversed step 4 and 3. Same problem.

¿?

Would it be of any help if I sent you a PM with the current text of my .htaccess file ? TIA

Reply To: unable to activate or deactivate BPS Pro

July 17, 2019, 2:50 am
$
0
0

¿Not getting notifications of follow-up replies via email?

BPS is blocking referrer with 403 Error

July 17, 2019, 3:38 am
$
0
0

Hi.  BPS (Free) recently started blocking an external referrer with a 403 error.

This referrer transfers physical files to my server (the server keeps them in the root directory temporaily before doing stuff with them).

The error I’m getting is:


[403 POST Request: July 17, 2019 - 10:57]
BPS Pro: 14
WP: 5.2.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 46.243.xx.xx
Host Name: 46.243.xx.xx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: POST
HTTP_REFERER: https://referrer.com/stuff/morestuff.html
REQUEST_URI: /creator
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
REQUEST BODY: gpx=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%3Cgpx+version%3D%221.1%22+%3D%22+with+%22+xsi%3AschemaLocation%3D%22http%3A%2F%2Fwww..com%2FGPX%2F1%2F1+http%3A%2F%2Fwww..com%2FGPX%2F1%2F1%2Fgpx.xsd%22+xmlns%3D%22http%3A%2F

I decided to switch off BPS Root Folder mode (RBM) and things started working again – not sure if this has been caused by a recent update.

Anyway, I then decided to purchase BP Pro so I could whitelist this specific referrer/string within the request body.

Turns out I have to craft some custom code uisng regex syntax I’m not familiar with.

How can I let a specific referrer/originator POST to my site (root folders) while still having RBM activated?

Thanks.

Reply To: unable to activate or deactivate BPS Pro

July 17, 2019, 7:27 am
$
0
0

Oh I did not see this comment you made – “I assume that the correct text would therefore be”.  The problem is that you have to use the exact correct php/php.ini handler htaccess code that your web host requires and for the PHP server version that you want to use.  BlueHost php/php.ini handler htaccess code is here > https://my.bluehost.com/hosting/help/htaccess-php-handlers, but I do not see php/php.ini handler htaccess code for PHP7.2.7. Try this php/php.ini handler htaccess code below.  If the code does not work then you will need to contact BlueHost support and get the correct php/php.ini handler htaccess code from them.

# Use PHP7.2.7 as default
AddHandler application/x-httpd-php7.2.7 .php

Are you checking the correct email mailbox?  Check your junk or spam folder for forum email replies.

Search

Reply To: BPS is blocking referrer with 403 Error

July 17, 2019, 7:43 am
$
0
0

Based on the Security Log entry it looks like you are using the BPS POST Attack Protection Bonus Custom Code.  Try these steps below as a temporary test to isolate the cause of the problem.  Let me know if the POST Request is still being blocked or if it is no longer being blocked.

1. Go to BPS Root Custom Code.
2. Cut (not copy) the BPS POST Attack Protection Bonus Custom Code out of whichever BPS Custom Code text box it is saved in and save your BPS POST Attack Protection Bonus Custom Code to a Notepad or Notepad++ text file (do not use Word or Wordpad).
3. Click the Save Root Custom Code button.
4. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.

Reply To: unable to activate or deactivate BPS Pro

July 17, 2019, 7:59 am
$
0
0

Contacted BlueHost and they informed me that php7.2.7 was breaking my site. It was changed to version 7.0.31
They replaced the core files and changed the htaccess file. I can now access my site and admin dashboard. Before attempting to activate BPS again. Would like to know if there anything I should do. My current .htacces code is a s follows:


# Use PHP7.0 as default
AddHandler application/x-httpd-ea-php70 .php
# BEGIN WordPress
AddHandler application/php-70 .php
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/html "access plus 5 minutes"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 6 hours"
</IfModule>
<ifModule mod_headers.c>
Header set X-Endurance-Cache-Level "2"
</ifModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

 

Reply To: unable to activate or deactivate BPS Pro

July 17, 2019, 12:49 pm
$
0
0

Ok well I hope you did not delete the wrong database entry.  I think at this point you have given it your best try and I need to take over from here.  Send me a WordPress Administrator login to this website and an FTP login to your hosting account to email address:  info at ait-pro dot com.

Reply To: unable to activate or deactivate BPS Pro

July 17, 2019, 1:20 pm
$
0
0

File that was deleted:

https://prnt.sc/ogh1o4

Thanks for your very kind offer. Can you please send me an email address that I can send you the FTP and WP admin access info

Reply To: unable to activate or deactivate BPS Pro

July 17, 2019, 1:31 pm
$
0
0

Use the email address I posted in my forum reply above.  Change the “at” to @ and “dot” to “.” of course.  😉

Share logins plugin blocked by BPS Pro

July 17, 2019, 4:29 pm
$
0
0

Hi, I’m using the Share Logins plugin to connect a standard WP site with a WP Multisite. Both sites are using BPS Pro 14. Logins happen on the main site and then users can access the multisite without having to log in again.

However, since installing BPS PRO, I’m getting this message in the login security log and I’m not able to access the multisite after logging into the main site (identifying info has been replaced with [TEXT]):

[403 GET Request: July 17, 2019 9:22 pm]
BPS Pro: 14
WP: 5.1.1
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: [IP]
Host Name: [HOST]
SERVER_PROTOCOL: HTTP/2.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://www.[MAIN URL].com/
REQUEST_URI: /?rest_route=%2Fshare-logins%2Flogin&access_token=[NUMBERS AND LETTERS]&site_url=https://www.[MAIN URL].com&user_login=[NUMBERS AND LETTERS]
QUERY_STRING: rest_route=%2Fshare-logins%2Flogin&access_token=[NUMBERS AND LETTERS]&site_url=https://www.[MAIN URL].com&user_login=[NUMBERS AND LETTERS]

I thought this might be a query string issue so I removed all the .htaccess CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS code in both websites but I’m still not able to access both sites with a single login.

Is there anything else in BPS Pro that could be blocking this cross-site access? The plugin firewall is deactivated on both sites.

Many thanks in advance for your help

Reply To: Share logins plugin blocked by BPS Pro

July 17, 2019, 4:38 pm
$
0
0

Do BPS Pro Troubleshooting steps: 1, 2, 6 and 7.  Those are the most logical things that could be causing the problem.  During testing deactivate one security feature at a time and test.  Let me know what happens.

https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button.  See Custom Code Note if doing this step works.
3. On the Security Modes page, click the Plugin Firewall BulletProof Mode Deactivate button.  See Plugin Firewall Test Mode Note.
4. On the Security Modes page, click the UAEG BulletProof Mode Deactivate button.
5. If an issue/problem is related to files being locked with F-Lock then unlock files on the F-Lock page.
6. If an issue/problem is related to Login Security turn Off Login Security on the Login Security & Monitoring page.
7. If an issue/problem is related to JTC Anti-Spam|Anti-Hacker turn Off JTC Anti-Spam|Anti-Hacker on all Forms by unchecking the Form checkboxes under the Enable|Disable JTC For These Forms option on the JTC Anti-Spam|Anti-Hacker page.

Search

Reply To: Share logins plugin blocked by BPS Pro

July 17, 2019, 4:52 pm
$
0
0

Thanks for getting back to me so quickly.

I had already tried replacing both .htaccess files with the appropriate default files for each installation. Probably should have mentioned that! Login security and JTC are always disabled anyway.

Deactivating the wp-admin .htaccess didn’t make a difference.

Reply To: Share logins plugin blocked by BPS Pro

July 17, 2019, 5:10 pm
$
0
0

Hmm maybe BPS is not actually blocking the cross-site login.  The BPS Security Log logs all 403 errors whether or not BPS is causing the 403 error.  I’d like to make absolutely sure that BPS is not causing this 403 error before mentioning other things that could be causing the 403 error.  So just to make sure everything is completely eliminated in BPS – deactivate root and wp-admin BulletProof Modes on both sites.  Then test the cross-site login again.

Reply To: Share logins plugin blocked by BPS Pro

July 17, 2019, 6:13 pm
$
0
0

Yeah, I think you’re right. Sorry about that.

I’ve deactivated the 2 BulletProof Modes on each site…..and also deactivated the plugin. Still not working. So something else must be the cause. Which is odd because it was working before I installed BPS.

It’s 2am here. That’s my excuse.

Thanks for your help. I always appreciate how speedy you are at replying to support requests!

Reply To: Share logins plugin blocked by BPS Pro

July 17, 2019, 6:25 pm
$
0
0

Well it is still possible that BPS is causing the block, but at this point it seems unlikely.  The next things to do are to turn Off Security Logging on the site where you are seeing 403 errors.  What this will hopefully do is display either a default generic host server 403 error page or maybe a Mod Security error page or if you have any other security plugins installed then a 403 error page for whichever security plugin that is.  Another possibility is that you have an htaccess file somewhere else that is causing this block.  htaccess files are hierarchical.  So if you had an htaccess file in a lower folder (parent folder) then those htaccess file security rules would be applied to all higher folders (child folders).

Reply To: Share logins plugin blocked by BPS Pro

July 17, 2019, 6:35 pm
$
0
0

Thanks very much for the advice. I think the plugin uses the REST API so it’s possible that something else is blocking access. There are no other relevant errors in my logs though. Checked mySQL, PHP-fpm, apache, site error & access logs, etc. I’ll set log reporting to ‘trace’ and see if I can get more detailed info. Cheers

Viewing all 12461 articles
Browse latest View live
Search