Tips and Tricks HQ Support

Support site for Tips and Tricks HQ premium products

  • Home
  • Contact Us
  • Documentation
  • Forum Home
    • Forum
    • Forum Search
    • Forum Login
    • Forum Registration

BulletProof security plugin reporting strange timthumb URL

by

Tips and Tricks HQ Support Portal › Forums › WP eStore Forum › BulletProof security plugin reporting strange timthumb URL

Tagged: plugin conflict, security plugin, timthumb outdated, timthumb.php security

  • This topic has 4 replies, 3 voices, and was last updated 12 years, 1 month ago by admin.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • April 30, 2013 at 1:04 pm #9014
    wpsadmin
    Member

    I have recently installed the BulletProof Security (BPS) plugin, at the suggestion of my hosting provider (Digital Pacific) but it has caused a problem with my webstore, and I am tearing my hair out trying to fix it.

    The problem is that when the BPS plugin is active, if customers add an item to their shopping cart then either click on the checkout button or navigate to another page, the shopping cart is empty. I have seen all the posts on this topic in this forum, and have followed all the suggestions about checking PHP session settings, etc. All good there, nothing is set incorrectly.

    I have spent the last week liaising with the provider of the BPS plugin, who cannot reproduce the problem – BPS and WP eStore work together fine on his test site. I have confirmed the same thing on another site I manage, so there seems to be something about my site (www.wpspandc.com.au) which is different, and I cannot figure out what. I’m beginning to think something somewhere is corrupt.

    When BPS is active, and a customer loads the Webstore page [http://www.wpspandc.com.au/webstore/] this creates the following entry in the BPS security log:

    >>>>>>>>>>> 403 GET or Other Request Error Logged – 29/04/2013 – 10:42 pm <<<<<<<<<<<

    REMOTE_ADDR: 60.225.179.31

    Host Name: 60.225.179.31

    HTTP_CLIENT_IP:

    HTTP_FORWARDED:

    HTTP_X_FORWARDED_FOR:

    HTTP_X_CLUSTER_CLIENT_IP:

    REQUEST_METHOD: GET

    HTTP_REFERER: [http://www.wpspandc.com.au/webstore]

    REQUEST_URI: /wp-content/plugins/wp-cart-for-digital-products/lib/timthumb.php?src=[thumb]http://www.wpspandc.com.au/community-advertising/[/thumb]&h=125&w=125&zc=1&q=100

    QUERY_STRING:

    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.65 Safari/537.31

    The URL specified in the REQUEST_URI setting above looks very strange – I can’t understand why there is a reference in it to “community-advertising”. We have a Community Advertising page on our site, and the permalink for this page was community-advertising until yesterday, when I changed it to communityadvertising to see if this changed anything about the log entries – it didn’t.

    Something somewhere appears to be corrupt.

    I have already checked all the thumbnail_url values in the wp_wp_eStore_tbl and none of them contain any reference to community-advertising anywhere.

    Our Webstore page uses the following 2 shortcodes:

    [wp_eStore_category_products_fancy id=2 style=2 order=2]

    [wp_eStore_cart_fancy1_when_not_empty]

    Are you able to tell me what you would normally expect to see as the REQUEST_URI when the Webstore page is loaded? I would not expect to see any reference to community-advertising anywhere there.

    Could there be a problem with the timthumb.php file being out of date? I have installed the TimThumb Vulnerability Scanner plugin, and it has identified that I have v2.8.5 installed, and the latest version is v2.8.11.

    April 30, 2013 at 2:15 pm #55365
    wzp
    Moderator

    The “other site” you manage, on which there is no problem; is everything identical, including the hosting provider?

    April 30, 2013 at 10:14 pm #55366
    wpsadmin
    Member

    I figured out what the problem is…..I am using the ShrinkTheWeb plugin on my site for thumbnail images on the Community Advertising page, and had included [thumb] [/thumb] tags in the Thumbnail Image URL for one of the products in my webstore. Once I removed those tags, the problem was resolved.

    April 30, 2013 at 10:15 pm #55367
    wpsadmin
    Member

    P.S. Could you please still answer the question about the timthumb.php file? Does it matter that WP eStore using v2.8.5 and the latest version is v2.8.11?

    May 1, 2013 at 1:54 am #55368
    admin
    Keymaster

    You should be fine:

    https://support.tipsandtricks-hq.com/forums/topic/timthumbphp-file-is-outdated

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.
Log In

Forum Related

  • Forum Home
  • Forum Search
  • Forum Registration
  • Forum Login

Support Related Forms

  • Contact Us
  • Customer Support
  • Request a Plugin Update
  • Request Fresh Download Links

Useful Links

  • Plugin Upgrade Instructions
  • WP eStore Documentation
  • WP eMember Documentation
  • WP Affiliate Platform Documentation
  • Tips and Tricks HQ Home Page
  • Our Projects

Quick Setup Video Tutorials

  • WP eStore Video Tutorial
  • WP eMember Video Tutorial
  • WP Affiliate Platform Video Tutorial
  • Lightbox Ultimate Video Tutorial

Our Other Plugins

  • WP Express Checkout
  • Stripe Payments Plugin
  • Simple Shopping Cart Plugin
  • Simple Download Monitor

Copyright © 2025 | Tips and Tricks HQ