403 Forbidden

Hey Zach,

We are getting similar issues reported by few other GoDaddy customers. With a dedicated IP you should not have faced this issue, but lets try to debug.

Based on the results, the issue seems with with the API key. So as a first step, can you please try creating a new API key and trying again? Do let us know the result.

Tried that just now, new API key but getting same error.

Hi Zach,

Are you sure you’re running that command from the same server as you’re running the plugin on? Could you try it with a valid API key to see what the response is?

https://us1.api.mailchimp.com/3.0/?apikey=YOUR_VALID_KEY

If the MailChimp API server is returning 403 forbidden then it’s not something the plugin can do something about – it is a little weird that your new IP address is getting blocked by Akamai (MailChimp’s firewall provider) though. Did MailChimp confirm that your new IP address is also blocked?

Thanks!

PS. Please strip your API key from the response before pasting it here, of course. ??

I didn’t run the command, Godaddy did, and I’m sure they ran it from the same server as the plugin is running on. I’ll run another command with the valid API key in place of “YOUR_VALID_KEY”. I’ll confirm with Mailchimp if the IP is being blocked, I’m pretty sure they said it wasn’t this time around, but I’ll double check.

Thanks for responding so swiftly.

Similar issue from my side on godaddy managed wordpress with different plugins that also connect to the Mailchimp API.

From my side i get a null error – sadly i have the starter package with godaddys managed wordpress an unable to run any curl commands for the API test.

Be interested to know if you find a solution for this.

I am on chat right now with Mailchimp and this is a quote taken from the support person I’m chatting with: “There have been issues lately with Akamai, blocking several IP addresses from using it, which has interfered with MailChimp’s API and other services that use Akamai as well.”

Sounds like this is possibly from Mailchimp’s side and not Godaddy’s. It could also be a combination of the two, which would make it even harder to debug.

Mailchimp has some seriously useless support. Kate @ Mailchimp support says: “I went ahead and had one of my techs look up your IP on a client reputation score. It does not appear to have a bad client reputation and is not being blocked for that reason. However, there are many reasons for an IP to be blocked and we do not have a way to look up all blacklists. The only way for me to verify and fully test if your IP address is blocked is if we got a specific error code including a reference number from you. If you were getting a 403: forbidden error, and the IP is on a specific blocklist, then you would have received a Reference Number for us to look up. Furthermore, because we don’t yet know why or if this IP is being blocked by Akamai, we can’t provide any advice about how to unblock it. If you think the IP is being blocked, the only real advice I can give you is to request a new IP from your hosting provider.”

She said this after I explained that I had already spent over 10 hours on support with Mailchimp and Godaddy, and that this is my 4th chat with Mailchimp support. I also explained that this is the second dedicated IP from Godaddy that Mailchimp is having issues with in the past week. Totally useless support.

Danny van Kooten do you know how or if I can see that “Reference Number” referred to above?

Hey Zach,

Right now, I don’t think the plugin makes that error visible somewhere but I’ll update the plugin to make this possible. I’ll update this ticket with a link to the development version.

Basically, running curl -v https://us1.api.mailchimp.com/3.0/?apikey=test from the same server as the plugin is running on should give you the full response, including the reference number as well. But I’ll make it a bit more easy!

I’ll also ping my contact over at MailChimp asking if he can take a more detailed look…

Results from server test: ‘Trying 23.212.33.79…
* Connected to us1.api.mailchimp.com (23.212.33.79) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: C=US; ST=GA; L=Atlanta; O=ROCKET SCIENCE GROUP; OU=Rocket Science Group; CN=*.api.mailchimp.com
* start date: Sep 22 14:39:14 2015 GMT
* expire date: Sep 22 14:39:13 2016 GMT
* subjectAltName: us1.api.mailchimp.com matched
* issuer: C=NL; L=Amsterdam; O=Verizon Enterprise Solutions; OU=Cybertrust; CN=Verizon Akamai SureServer CA G14-SHA2
* SSL certificate verify ok.
> GET /3.0/?apikey=API_KEY (I put in my actual API key for the test) HTTP/1.1
> Host: us1.api.mailchimp.com
> User-Agent: curl/7.45.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: nginx
< Content-Type: application/problem+json; charset=utf-8
< Content-Length: 210
< X-Request-Id: 0bd0024e-daf1-4802-896a-9ca6b4e96f42
< Link: <https://us1.api.mailchimp.com/schema/3.0/ProblemDetailDocument.json&gt;; rel=”describedBy”
< Date: Tue, 19 Jan 2016 10:58:53 GMT
< Connection: keep-alive
< Set-Cookie: _AVESTA_ENVIRONMENT=prod; path=/
<
* Connection #0 to host us1.api.mailchimp.com left intact
{“type”:”https://developer.mailchimp.com/documentation/mailchimp/guides/error-glossary/&#8221;,”title”:”Wrong Datacenter”,”status”:403,”detail”:”The API key provided is linked to a different datacenter”,”instance”:””}-bash-4.2$’

I tried using “us11.api.mailchimp.com” because I read somewhere that when they tested a different data center it worked, but I got the same exact results.

Do these results give you any insights?

Just to clarify, I tried us1.api.mailchimp.com and us11.api.mailchimp.com but got the same results. I don’t know if I made that clear in the previous post.

I mentioned at the beginning of this that it connects fine on the staging site, well the staging site’s IP is: 184.168.47.225. Again, not sure if this will help in any way.

Hi SuperfeinCreative,

What do the last few characters of your API key look like, the part after the dash? That’s the datacenter you should be trying. For example, if the last few characters are “us8” then you should be pointing your request at us8.api.mailchimp.com.

curl -v https://us8.api.mailchimp.com/3.0/?apikey=YOUR_API_KEY

It would be very helpful if you could post the response here, as I’m having trouble replicating the issue (because my IP addresses aren’t blacklisted, obviously).

The issue is that the Akamai response is a normal HTML page, telling someone that they don’t have access. This makes it hard to get the reference error out of this page, as it’s not a standardized API response… Anyway, I’ll figure that out once I have a look at the actual response.

I’m sorry for all the trouble in setting this up – I really wish that I, as developer of this plugin, could do more about the issue but it’s outside of our powers. It’s either GoDaddy or MailChimp who should be acting here…

Let me know please – in the meantime I’ll keep on trying to replicate the forbidden error.

Hi Zach,

Scratch my previous reply – I found countless threads on the internet from people experiencing the same error and posting their responses so I went with that.

I just pushed an update to our development version of the plugin which will show you the reference number if it encounters the Akamai (MailChimp’s firewall) error. That should be of help for the people over at MailChimp support.

You can download it from here and then overwrite the files in /wp-content/plugins/mailchimp-for-wp/, you won’t lose any of your settings.

Good luck!

@nattheman: Can’t really help you with other plugins but the null error makes sense, we’re the only plugin doing extensive checks on the response to help the user in solving connectivity issues with the MailChimp API.

The firewall error is a HTML response, so json_decode returns null on it. Most plugins don’t bother to check any further than that and will just show you a general error message.

Anyway, there’s no way for us (or any other plugin) to fix this, it’s up to MailChimp (or GoDaddy, because they seem to be blacklisted a shit ton for whatever strange reason).

@dammy van Kooten,

Fully understood that you can’t help me with this particular issue as i’m using a competitors plugin. hehe :).

Just some added information, i also was on chat with Godaddy for about an hour yesterday in which they confirmed that the IP was blacklisted and that their system is setup to auto request the removal from blacklists.

They also said that it takes 7 days to be removed from a blacklist (industry standard).

This would also explain why it “broke” for us over the xmas break and was ok aprox 7 days later… until it broke again.

I of course moaned and complained to godaddy to improve their detection of sites causing the blacklisting to occur… who knows if they will actually act on it.

Personally if i were a host and it was affecting thousands of small blogs on the same IP, i’d be finding a solution pretty darn quick! I can only imagine at how many other subscriber forms are impacted by this without the customer being unaware.

I replaced the plugin as you requested. Still getting same error: “The MailChimp API server returned the following response: 403 Forbidden.” No reference number in sight.

I’m now getting help from a technician at Mailchimp who contacted me out of the blue. I guess they realize this situation is somewhat ridiculous. After sending him all the data I have compiled thus far he responded with this:

****************

If you want to verify connectivity with MailChimp’s servers, I would suggest running the following command from the terminal of the server that the WordPress plugin is hosted on using your APIKey in place of APIKEY.

curl -H “Authorization: basic APIKEY” -v https://us10.api.mailchimp.com/3.0/

A successful response for this request should present you with the details of the account associated with that APIkey. Should you receive a different response I would be more than happy to look into what you received. So please feel free to write me back with the entire response from that curl request should it not succeed.

*********************

I am now on hold with Godaddy, they are running that command for me and I will post that info soon.