Broken Link | Page 2 | Wordpress Support | Free Forums

All Wordpress Forum requests have been moved to Wordpress Support Forums

 

Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Broken Link
October 3, 2010
10:14 pm
Avatar
Guest

Well, it's definately the .htaccess file. Removed it and xcloner worked fine.

Here below is the suspect code.  Note: I don't include my 301 redirect and W3 total Cache. I don't think there at issue.

 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# FILTER REQUEST METHODS
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]

# QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
RewriteCond %{QUERY_STRING} http\:  [NC,OR]
RewriteCond %{QUERY_STRING} https\:  [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|’|"|;|\?|\*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [F,L]

October 4, 2010
6:15 am
Avatar
XCloner! Support
Admin
Forum Posts: 2485
Member Since:
September 26, 2010
sp_UserOfflineSmall Offline

As i would suspect is one of the #FILTER REQUEST METHODS methods, so try commenting them all, and then enabling them one by one and see which one might get you that message.

 

Regards, Ovidiu

Please consider our XCloner Premium Support or making a Donation XCloner.com – Backup Made Easy!
October 4, 2010
11:25 am
Avatar
Guest

Respectfully, at this stage your expertice is required or someone who understands Apache.  A workaround is what's in order.

See wordpress.org/extend/plugins/bulletproof-security/  .

How 'bout you contact the plugin's developer, Ed Alexander; see ait-pro.com/about/ .

October 4, 2010
12:39 pm
Avatar
XCloner! Support
Admin
Forum Posts: 2485
Member Since:
September 26, 2010
sp_UserOfflineSmall Offline

After having a closer look at the .htaccess query, the actual issue in caused by the default file-naming of the backup which might contain the word "drop", name which is banned in your .htaccess file, line

RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]

 

Renamig your backup files to something more appropriate for your system will help, either when generating the backup or after in your View Backups screen; either way, the delete function is still working, backups being deleted properly.

 

Regards, Ovidiu

Please consider our XCloner Premium Support or making a Donation XCloner.com – Backup Made Easy!
October 4, 2010
12:44 pm
Avatar
Guest

Huh?  I'm sorry.

"Renamig your backup files to something more appropriate for your system will help."

I name the backup by date, e.g. 10-4-743.  What do you suggest?

October 4, 2010
12:53 pm
Avatar
XCloner! Support
Admin
Forum Posts: 2485
Member Since:
September 26, 2010
sp_UserOfflineSmall Offline

As i specified above, removing the drop or nodrop from the backup filename will help.

Also, i also discovered that the .htaccess rules they created also blocks the "File(s) deleted" message because of the (s) from the url. I would advise contacting the developers for a fix as that is not indicating an exploit in this case. I will look into getting that adjusted into a future version

 

Ovidiu

Please consider our XCloner Premium Support or making a Donation XCloner.com – Backup Made Easy!
October 16, 2010
5:22 pm
Avatar
Ed
New Member
Forum Posts: 1
Member Since:
October 16, 2010
sp_UserOfflineSmall Offline

Hi,

Ed from AITpro here.  Happened to come across this post in my travels.

I think your problem is this  - You have 2 RewriteRule entries

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Thanks,

Ed >>> Cool

Forum Timezone: UTC 0

Most Users Ever Online: 867

Currently Online:
26 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

tom_1: 70

mlguru: 33

Django29: 29

D: 21

Andy: 21

Marcus: 20

Member Stats:

Guest Posters: 737

Members: 41561

Moderators: 1

Admins: 1

Forum Stats:

Groups: 3

Forums: 7

Topics: 2517

Posts: 8419

Newest Members:

Candycdw Candycdw

Moderators: Ovidiu - Support!: 0

Administrators: XCloner! Support: 2485

Quick contact

place

Hi there, my name is Ovidiu Liuta and i support the XCloner! project
XCloner is a Joomla backup component, Wordpress backup plugin and Free website backup tool.
Contact me here!

About company

XCloner.com is a dynamic company focusing on providing backup and recovery solutions for small to medium websites.
We are based in Romania and offer 24/7 support through forums and our private ticket system for Premium users support.

© 2020 XCloner - Website Backup and Restore made simple
All Rights Reserved | Privacy Policy