isaacl
Forum Replies Created
-
I should have mod_authz_host on the server.
If this whole thing isn’t worthwhile, I can probably comment out that line for now, and try to see if there’s a way to have NginxCP pass in the correct protocol, assuming that’s the issue.
Or in truth, I can just keep it as is, which locks everyone out, and in case I have to re-log in from anywhere, I can quickly comment out that line in the htaccess file, log in, and then remove the comment to lock everyone (else) out again.I tried overriding it, and also disabling it temporarily globally on the server, but for some reason, I’m not seeing anything different in the logs.
I’m the main one who logs in, but once in a while someone else logs in as well, and I am also not always in the same place.
Is there anyway to use hostnames (including dynamic hostnames) instead of IP addresses, so I can cover wherever I may be?
Thanks a lot for all the help!The only error I’m seeing is this:
[error] [client x.x.x.x] client denied by server configuration: /home/stream/public_html/wp-content/plugins/bulletproof-security/403.php
Is there any other way to track this down?
Something tells me that it probably has something to do with installing the NginxCP plugin in cPanel – maybe it’s passing on the wrong protocol?
(EDIT: Originally had a problem with the latest version, that I kept getting prompted to upgrade the CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS code, but I saw that I had the last 2 lines that were mentioned in the What’s New page there, and I replaced those with the new line. I didn’t have the first too lines anywhere for some reason, but it now seems to be working.)
Thanks a lot!
The log doesn’t have anything in it – is it disabled by default?
And I realized that the code looked similar, I guess I’ll fix that, if we can get the server protocol issue figured out…
Thanks a lot!I run my own servers, but we actually just switched over to a newer server, and also installed a Nginx plugin, which works in front of Apache.
Is there any way to know if that’s causing it?
Thanks for the help!Is there any way to do this yet?
Or if all the files end in the username underscore database name .sql, (stringofnumbers_-_username_databasename.sql), is there any way to exclude them from scans?Added. I already whitelisted my IP, but I’ll remove it and try it a bit later.
Should work too.
Gonna try that soon…Yeah, you need one or the other, not both…
I know some PHP, enough to edit things.
Going to try that – thanks again!Thanks, will try that.
I do have both installed, and I know that BPS should take care of pretty much everything, so I should be good! ??
Thanks!Thanks for taking a look at it!
It’s an older plugin, that hasn’t really been maintained…
Do you happen to have any recommendations on how to fix it, so that it should work correctly?Thanks, looking forward!
It’s actually quite an old plugin, but I don’t have any real reason to uninstall it at this point – I saw that I had my old IP address whitelisted, so I updated that to my current IP, and I’d love to find a way to whitelist the BulletProof Security pages, but I’m not really sure how that option works in their settings, so I guess I’ll leave that for now.
I’ve found that having multiple security plugins sometimes defeats the purpose, and some have bad conflicts – I installed Better WP Security a bit earlier, and got fully locked out of my site, so I uninstalled it, but if the WordPress Firewall 2 plugin isn’t really getting in the way of normal use (or at least I know where it might cause issues), I think I may as well leave it for now…Ha… Just figured it out.
I had a plugin called WordPress Firewall 2 installed and enabled.
One of the things that it does is to “Block SQL queries (union select, concat(, /**/, etc.) in application parameters.”
I disabled the plugin, and everything now works fine, and then I re-enabled it once everything was saved.
They also have a way to whitelist pages – I’m going to try and see if I can figure out a way to whitelist the BulletProof Security plugin…
Sorry for driving you crazy, and thanks for all your help and patience!I just tried that, and it doesn’t look like mod_security is what’s blocking it.
Will try looking around for other things for now…