BPS Blocking Zapier
-
So I wanted to connect Zapier to WordPress so that I can send a message to Discord when there’s a new blog post, but I am receiving the following error codes in BPS:
[403 POST Request: 20/02/2019 – 06:28]
BPS: 3.3
WP: 5.0.3
Event Code: BFHS – Blocked/Forbidden Hacker or Spammer
Solution: N/A – Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: ec2-35-168-226-6.compute-1.amazonaws.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /xmlrpc.php
QUERY_STRING:
HTTP_USER_AGENT: Zapier
REQUEST BODY: <?xml version=’1.0′?>
<methodCall>
<methodName>wp.getPostStatusList</methodName>
<params>
<param>
<value><string></string></value>
</param>
<param>
<value><string>zapier</string></value>
</param>
<param>
<value><string>Nendo-Addicts-Zapier</string></value>
</param>
</params>
</methodCall>[403 POST Request: 20/02/2019 – 06:28]
BPS: 3.3
WP: 5.0.3
Event Code: BFHS – Blocked/Forbidden Hacker or Spammer
Solution: N/A – Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: GDPR Compliance On
Host Name: ec2-35-168-226-6.compute-1.amazonaws.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: GDPR Compliance On
HTTP_FORWARDED: GDPR Compliance On
HTTP_X_FORWARDED_FOR: GDPR Compliance On
HTTP_X_CLUSTER_CLIENT_IP: GDPR Compliance On
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /xmlrpc.php
QUERY_STRING:
HTTP_USER_AGENT: Zapier
REQUEST BODY: <?xml version=’1.0′?>
<methodCall>
<methodName>wp.getPostStatusList</methodName>
<params>
<param>
<value><string></string></value>
</param>
<param>
<value><string>zapier</string></value>
</param>
<param>
<value><string>Nendo-Addicts-Zapier</string></value>
</param>
</params>
</methodCall>I guess BPS is certainly blocking this request, so I was wondering how I would be able to whitelist it.
Thanks in advance.
-
But I can confirm this is not the plugin itself as well as I tested this on a different webhost and it didn’t had this problem at all.
Ok so yeah that is a huge clue and you need to get your web host support folks involved so they can check your server logs to figure out what is going on. My best guess is some sort of Mod Security SecRule/SecFilter is breaking things. There are lots of things that Mod Security SecRules/SecFilters can interfere with directly in BPS and BPS Pro. Mod Security by default out of the box there are no issues/problems with BPS and BPS Pro, but when “custom” Mod Security SecRules/SecFilters are created they can wreak havoc in the strangest ways. ?? https://forum.ait-pro.com/forums/topic/mod-security-common-known-problems/
We only include a wp-admin htaccess file in BPS because it does help with a couple of “internal” hacking methods, but I think it is very strange that every web host that incorporates Mod Security does not filter the /wp-admin/ folder by default or maybe limit what SecRules/SecFilters would actually be helpful in the wp backend/wp-admin/dashboard area. Oh well, been like that for many years. ??
On a personal note, I think we should never have created any BPS Bonus Custom Code. It opens the door to so many problems. Simpler is always better even if it means less security – lesson learned. ??
- The topic ‘BPS Blocking Zapier’ is closed to new replies.
