Hi John,
Thanks for alerting us to this issue. This is an uncommon, albeit unfortunate issue.
Your hosting provider may have introduced new ModSecurity rules that were triggered and thus temporarily blocking your IP address. This can happen when your host retrieves new ModSecurity rules from companies such as Comodo (https://waf.comodo.com).
Could you go into the logs or contact your provider and find out what rule triggered the lockout. This would be good to know for our references.
Also, another thing you can do is ask your provider to remove the rule for all of your websites, so you the administrator will not be locked out when working with CJT.
Kind Regards,
Damian
Hi Damian,
Thanks for the response & background information.
I submitted a support ticket to our webhost, copied/pasted your comments, and they responded back with the following:
“We searched the logs and found mod_security rule was tripped causing the IP to be blocked. We disabled it temporarily till your done. Please let us know and we can turn it back on after your done.”
Does this answer your question with enough specificity ? Let me know if there is something more I should ask them.
Thanks again,
John
Thanks John.
At least we know the culprit. If possible, if you could send us the actual ModSecurity rule that was breached and/or the error, that would be better for us. Also, there may be no need to temporarily have it disabled. Some hosts are happy to permanently disable the rule due to false positives.
Kind Regards,
Damian
The webhost disabled the rule, so my IP doesn’t get locked out, but said: “For security reasons we dont publish or share the security rules as it could allow hackers to figure out workarounds.”
That being said, now when I click on Create New Block OR General Settings, it results in a Page Not Found Error Pop-up Window. I’m unable to change any settings. This behaves the same in both LakePath.com and LeLacAppelle.com
I noticed in my WordPress Dashboard, I have the CSS Widget enabled, and it sometimes results in the Fatal Error below.
NOTE: this Friday 8/29/14 morning, the Widget Renders Correctly in the LakePath.com Dashboard, but NOT the LeLacAppelle.com Dashboard (no matter how many times I refresh it π
It is behaving the same in both Chrome and IE.
Fatal error: Uncaught exception ‘Exception’ with message ‘String could not be parsed as XML’ in /home/nadeau/public_html/lelac/wp-content/plugins/css-javascript-toolbox/framework/wordpress/feed.php:54 Stack trace: #0 /home/nadeau/public_html/lelac/wp-content/plugins/css-javascript-toolbox/framework/wordpress/feed.php(54): SimpleXMLElement->__construct(”) #1 /home/nadeau/public_html/lelac/wp-content/plugins/css-javascript-toolbox/models/statistics-metabox.php(72): CJT_Framework_Wordpress_Feed->__construct(‘cjt-scripts.com’, ‘forums/script-p…’, Array) #2 /home/nadeau/public_html/lelac/wp-content/plugins/css-javascript-toolbox/views/dashboard/metabox/statistics/view.php(51): CJTStatisticsMetaboxModel->getFeed() #3 /home/nadeau/public_html/lelac/wp-content/plugins/css-javascript-toolbox/controllers/default.php(24): CJTDashboardMetaboxStatisticsView->display(‘default’) #4 [internal function]: CJTDefaultController->dashboardMetaboxAction() #5 /home/nadeau/public_html/lelac/wp-content/plugins/css-javascript-toolbox/framework/ in /home/nadeau/public_html/lelac/wp-content/plugins/css-javascript-toolbox/framework/wordpress/feed.php on line 54
Hello,
Thanks for the info. It helps a lot.
Could you please let me know what is the result you get when typing WORDPRESS_SITE_DOMAIN/wp-admin/admin-ajax.php?x=data1&z=data2&y=data3 in your browser while you logged in to your wordpress dashboard?
1 Open Your WordPress site login page
2 Login with your user and password
3 Open another Browser tab, type the address above by changing WORDPRESS_SITE_DOMAIN to your web site domain/url
Thanks
Regards,
AHMeD
Good Morning,
You’re welcome. It’s beyond my scope of understand so your insight is greatly appreciated.
I first logged out of both of my domains/dashboards
Logged into one
Opened second tab, input the URL you requested
Received a “0”
Behaved the same on both domains.
Let me know if there is anything else I can provide.
Thanks!
John
Hi AHMeD,
Was that the information you were seeking?
Clicking on “Create New Block” is still taking me to the Page Not Found popup π
Thanks,
John
Hello,
Sorry for the delay getting back to you as we were very busy working in the next release.
This is almost a modSecurity issue that we need to work on. Unfortunately we still didn’t work on modSecurity issues as its very generic and can be different from host to another! However we will consider this issue in the upcoming releases.
I will let you know once we got any new solution.
Regards,
AHMeD
