[Topic was manually moved/merged into this Topic]
Hi. New here. Please be gentle! I just got my first BPS log. I’m getting lots of 403s from seemingly innocent requests referred by Google. They are all requests for JPEGs. Can anyone explain why I’m getting these, and if it’s a good thing / by design? I am using an edited copy of the BPS hotlinking blocker, but I’m not sure if this is the cause.
[403 GET / HEAD Request: 25th April, 2014 - 1.08am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 211.253.60.18 Host Name: mail3.seoul.go.kr SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://www.google.com/ REQUEST_URI: /wp-content/uploads/2011/09/f-stops2.gif QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36
I also just noticed that some of the errors are from the web server itself…
[403 GET / HEAD Request: 25th April, 2014 - 8.12am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: A.B.C.D Host Name: server.domain.com SERVER_PROTOCOL: HTTP/1.0 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-content/uploads/2010/12/tree-explanada-alicante.jpg QUERY_STRING: HTTP_USER_AGENT: WordPress/3.9; http://mydomain.co.uk
Before you ask, here’s my hotlinking blocking code…
# CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE - Your Custom htaccess code will be created here with AutoMagic
# BLOCK HOTLINKING TO IMAGES
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?mydomain\.co\.uk [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]
(“mydomain” used as placeholder for real name)