latest stable versions: v150827 (changelog)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Cannot get my site to verify as secure

Home Forums Community Forum Cannot get my site to verify as secure

This topic contains 0 replies, has 1 voice. Last updated by  Rob Reid 4 years, 4 months ago.

Topic Author Topic
Posted: Wednesday Aug 15th, 2012 at 4:56 am #22058
Rob Reid
Username: RobReid

I am trying to verify my site with the s2Member security badge but it at the moment it just won’t verify.

I have ensured:
– all my security keys in wp_config are over 60 characters long
– the encryption security key is set up and over 60 characters long
– Unique IP Restrictions is enabled
– Brute Force Login Protection is enabled

I also use 2 other plugins
Wordpress Firewall 2 and Limit Login Attempts for security as well as denyhosts and a big old htaccess file that blocks 45% of my traffic (that I don’t want, hackers, spammers, scrapers etc)

I don’t know why I cannot get verified but when I use the test button I get back a “0” and the badge in the setup section says “not verified”

As I do block a lot of hackbots & spambots I use a rule (amongst many) that blocks any agent without a user-agent defined as they are usually signs of script kiddy’s and hackers who can’t be bothered to write a proper scraper that tries to be undetectable. I also block people using default HTTP library scrapers e.g those that use CURL, snoopy, WinHTTP etc as their user-agent as I have found this is a similar reason for people not scraping properly.

When I check my access log after running the manual check I can see my own request is allowed – [12/Aug/2012:22:03:39 +0000] “GET /?s2member_s_badge_status=1 HTTP/1.1” 200 27 “–s2member-gen-ops” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.75 Safari/537.1” 0/331633

But when I run a search for s2member I can see their own attempts are being blocked due to their not passing a useragent e.g – – [19/Jul/2012:12:32:09 +0000] “GET /?s2member_s_badge_status=1 HTTP/1.0” 403 417 “-” “-” 0/1556

As a developer who deals in scraping, hacking defence and crawling all day long in my day job I would obviously recommend s2member to pass a user-agent identifying themselves so that they don’t get blocked by htaccess rules etc.

However as it seems they are just crawling the same page the admin area links to e.g /?s2member_s_badge_status=1

it would seem the actual status code is set internally and not from an external crawl which probably just gets the success code and stores it on the s2member DB so that the badge can show the right wording.

Therefore I am wondering what should I check for to see why I am not being verified.

I can run SQL against the DB if that would help as long as I knew what I was looking for – I guess it would be in wp_options OR a custom s2member table.

Any help would be much appreciated.


This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.