The free forums are no longer in use. It remains available as read-only archive.
10:14 pm
Well, it's definately the .htaccess file. Removed it and xcloner worked fine.
Here below is the suspect code. Note: I don't include my 301 redirect and W3 total Cache. I don't think there at issue.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# FILTER REQUEST METHODS
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
# QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|’|"|;|\?|\*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [F,L]
After having a closer look at the .htaccess query, the actual issue in caused by the default file-naming of the backup which might contain the word "drop", name which is banned in your .htaccess file, line
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
Renamig your backup files to something more appropriate for your system will help, either when generating the backup or after in your View Backups screen; either way, the delete function is still working, backups being deleted properly.
Regards, Ovidiu
As i specified above, removing the drop or nodrop from the backup filename will help.
Also, i also discovered that the .htaccess rules they created also blocks the "File(s) deleted" message because of the (s) from the url. I would advise contacting the developers for a fix as that is not indicating an exploit in this case. I will look into getting that adjusted into a future version
Ovidiu
Hi,
Ed from AITpro here. Happened to come across this post in my travels.
I think your problem is this - You have 2 RewriteRule entries
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Thanks,
Ed >>>
1 Guest(s)