Issue with the Better Analytics plugin

  • Resolved isaacl

    (@isaacl)


    10 years, 11 months ago

    I’m seeing a bunch of these entries in the BPS security log (I removed the IP address):

    [403 GET / HEAD Request: June 29, 2015 – 12:18 pm]
    Event Code: PSBR-HPR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: x.x.x.x
    Host Name: static-x-x-x-x.nycmny.fios.verizon.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR: x.x.x.x
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER: https://mydomain.com/
    REQUEST_URI: /wp-content/plugins/better-analytics/js/loader.php?ver=1.0.5.js
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36

    I tried following another thread (https://ww.wp.xz.cn/support/topic/conflict-with-social-share-plugin), and added this in under the CUSTOM CODE PLUGIN/THEME SKIP/BYPASS RULES area:

    # S=13: Better Analytics skip/bypass rule
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/better-analytics/ [NC]
RewriteRule . - [S=13]

    I also added this under the CUSTOM CODE TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE area (with mydomain set to my site’s domain):

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Only Allow Internal File Requests From Your Website
# To Allow Additional Websites Access to a File Use [OR] as shown below.
# RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
# RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F,L]
RewriteCond %{REQUEST_URI} (loader\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
RewriteCond %{HTTP_REFERER} ^.*mydomain.com.*
RewriteRule . - [S=1]

    However, I am still seeing the errors in the security log.

    Any ideas how I can get this working?

    Thanks a lot!

    Edit: I just realized that I had to change the get-noapi-counts line in the second block to loader, and remove the second entry (updated above), but that still isn’t working, and I’m still seeing the errors in the log.

    https://ww.wp.xz.cn/plugins/bulletproof-security/

Viewing 15 replies - 1 through 15 (of 38 total)
1 2 3
  • Plugin Author AITpro

    (@aitpro)

    10 years, 11 months ago

    I have a feeling that your server or something else you have installed on your server may be blocking the loader js script. At least that is the case on my XAMPP testing server. Try turning off BPS Security Logging on the Security Log page and see if a 403 error is displayed by your server. BPS logs all 403 errors whether or not they are related to or caused by BPS.

    The Source Code of the embedded js code looks incorrect to me, but maybe it is supposed to be embedded using the htmlentities and json_encode php functions.

    Code in this plugin that creates the js embedded code in the Source Code.
<script type='text/javascript' src='" . plugins_url('better-analytics/js/loader.php') . "?ver=" . BETTER_ANALYTICS_VERSION . ".js' id='ba_s' data-o=\"" . htmlentities(json_encode($jsonOptions)) . "\"></script>";

The outputted js embedded code the Source Code.
<script type='text/javascript' src='http://demo5.local/wp-content/plugins/better-analytics/js/loader.php?ver=1.0.5.js' id='ba_s' data-o="{&quot;tid&quot;:&quot;UA-7731227-2&quot;,&quot;co&quot;:{&quot;userId&quot;:1},&quot;g&quot;:68456,&quot;dl&quot;:&quot;\\.avi|\\.doc|\\.exe|\\.gz|\\.mpg|\\.mp3|\\.pdf|\\.ppt|\\.psd|\\.rar|\\.wmv|\\.xls|\\.zip&quot;,&quot;s&quot;:0,&quot;a&quot;:0}"></script>
    Thread Starter isaacl

    (@isaacl)

    10 years, 11 months ago

    Good call.
    After disabling the security logging, I’m still getting a 403 error.
    Any way of figuring out what else could be causing that?
    Thanks a lot!

    Plugin Author AITpro

    (@aitpro)

    10 years, 11 months ago

    Also activate Default Mode for the root htaccess file to completely eliminate the root htaccess file and let me know if you are still seeing a 403 error.
    My gut is telling me that something is wrong with the embedded js code, but I am not 100% sure about what the js code is supposed to do/work.

    digitalpoint

    (@digitalpoint)

    10 years, 11 months ago

    The loader.php script is supposed to have the htmlentities / json_encode stuff on it.

    If you strip the loader.php script down to it’s most basic form it still throws a 403 from the server.

    It could be something as simple as permission issues on the PHP file, but not sure why that would be when the rest of the PHP files don’t have an issue. I suspect something in your web server’s configuration that is intercepting the request and blocking it for some reason.

    It’s not an issue with the path to the file, because you can load non-PHP files in that directory (for example ba.js), but the other PHP file in that directory (universal.php) throws the same 403.

    Normally running the wp-content/plugins/better-analytics/better-analytics.php file directly would give an error saying it’s not allowed, but also getting the 403 error there as well.

    Based on that, I’d guess there’s something in your web server that doesn’t allow direct PHP execution of anything within the wp-content folder as even wp-content/index.php is giving you the same error on your server.

    Plugin Author AITpro

    (@aitpro)

    10 years, 11 months ago

    @digitalpoint – thanks for veryifying the js code is good. Just looked a little unusual to me so was not really sure if it was good or not.

    Thread Starter isaacl

    (@isaacl)

    10 years, 11 months ago

    I tried Default Mode, and I’m still getting that error, so there must be something else blocking it, but since I don’t get any error message in the log, I have no clue what the issue is.
    I’m going to have to do some more digging to see what else could be the issue…

    Plugin Author AITpro

    (@aitpro)

    10 years, 11 months ago

    Check with your host. If your host is using mod_security then a SecRule or SecFilter could be blocking the php and/or js script/code. Also your server log may have more clues about what exactly is being blocked.

    Thread Starter isaacl

    (@isaacl)

    10 years, 11 months ago

    I host my own site, so I guess I have to dig deeper…

    In the Apache error log, I see this:

    AH01797: client denied by server configuration: /home/user/public_html/wp-content/plugins/better-analytics/js/loader.php

    And I forgot to mention, I recently upgraded my server to Apache 2.4 and PHP 5.5, but I doubt that’s the issue…

    Plugin Author AITpro

    (@aitpro)

    10 years, 11 months ago

    Open your Apache httpd.conf file and look for any code/directives that could be blocking something. If you are using vhost then check your vhost conf file too.

    Plugin Author AITpro

    (@aitpro)

    10 years, 11 months ago

    I’m pretty sure the issue does not have to do with open_basedir since you would be seeing a specific open_basedir error message.

    digitalpoint

    (@digitalpoint)

    10 years, 11 months ago

    This might get you on the right track… looks like it’s something new in Apache 2.4.3…

    http://stackoverflow.com/questions/10351167/apache-client-denied-by-server-configuration

    http://httpd.apache.org/docs/current/upgrading.html#access

    Thread Starter isaacl

    (@isaacl)

    10 years, 11 months ago

    Weird that this is only with one plugin if that’s the problem.
    And the cPanel documentation seemed to say that it should be backwared compatible, but I’ll see what I can find…
    Thanks!

    digitalpoint

    (@digitalpoint)

    10 years, 11 months ago

    Well whatever it is, it seems to be blocking *just* PHP files, and just within wp-content folder… so if it’s not that Apache thing, you probably are going to need to go digging in your Apache config and/or .htaccess files to figure out what rule is causing it.

    Plugin Author AITpro

    (@aitpro)

    10 years, 11 months ago

    @digitalpoint – The BPS Default Mode root htaccess file is just a standard WP htaccess file that just does the Rewrite Loop. So at this point it is safe to say that the block is coming from something on the server/server config.

    @isaacl – WP plugins share one common thing – that they are WP plugins, other than that there are literally millions of unique things that plugins do so you need to figure out what unique thing that Better Analytics is doing that is being specifically blocked by your server. It could be something like how a script is called or loaded or many other possible things. The first step is isolating what is doing what. So you want to make sure your httpd.conf or vhost conf file is not restricting something that should not be restricted.

    Thread Starter isaacl

    (@isaacl)

    10 years, 11 months ago

    Going to do some digging.
    Since I haven’t had issues with any other plugins, I’m wondering what’s different about the way that this is being loaded – I would guess that there might be something set up to block direct loading of php files in the wp-content folder from external sources, but no other plugins seem to be affected, so I’m not really sure what’s happening…

Viewing 15 replies - 1 through 15 (of 38 total)
1 2 3

The topic ‘Issue with the Better Analytics plugin’ is closed to new replies.