Blocking normal requests?

  • The security log shows a lot of apparently normal requests (from local non spammy addresses) are being blocked. I have no idea why. Can you shed any light?
    eg:

    [403 GET Request: January 20, 2019 – 1:24 am]
    BPS: 3.2
    WP: 5.0.3
    Event Code: BFHS – Blocked/Forbidden Hacker or Spammer
    Solution: N/A – Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 87.74.227.66
    Host Name: 87.74.227.66
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://www.google.co.uk/
    REQUEST_URI: /wp-content/uploads/2018/11/005.jpg?x97005
    QUERY_STRING: x97005
    HTTP_USER_AGENT: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter digbymaass

    (@digbymaass)

    I wonder if it’s to do with trying to block image hotlinking. I had this in htaccess for 24 hours (currently removed), which didn’t appear to be working according to various checker sites and inurl:carnethy.com -site:carnethy.com.

    # Prevent image hotlinking in WordPress
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://carnethy.com(/.*)?$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com(/.*)?$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com(/.*)?$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com(/.*)?$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com(/.*)?$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com(/.*)?$ [NC]
RewriteCond %{REQUEST_URI}  !^/clansman-no-hotlink\.jpg$ [NC]
RewriteRule \.([Jj][Pp][Gg]|[Jj][Pp][Ee][Gg]|gif|[Pp][Dd][Ff]|[Pp][Nn][Gg])$ - [F]  https://carnethy.com/clansman-no-hotlink.jpg [NC,R,L]

    Not sure if the syntax is correct.

    Plugin Author AITpro

    (@aitpro)

    Yep, you are correct that your hotlinking code is blocking the jpg image file retrieval.

    This syntax/code is not correct: RewriteRule \.([Jj][Pp][Gg]|[Jj][Pp][Ee][Gg]|gif|[Pp][Dd][Ff]|[Pp][Nn][Gg])$ - [F] https://carnethy.com/clansman-no-hotlink.jpg [NC,R,L]

    We created some hotlink protection htaccess code here if you would like to use this hotlink protection code instead > https://forum.ait-pro.com/forums/topic/hotlink-protection-do-not-block-google-bing-or-yahoo/

    Plugin Author AITpro

    (@aitpro)

    Is the issue/problem still occurring or is it resolved?

    Thread Starter digbymaass

    (@digbymaass)

    For the moment I’ve removed the code and I’m postponing tackling the issue. Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Blocking normal requests?’ is closed to new replies.