CSS corrupted in WordPress admin dashboard

  • Resolved barnez

    (@pidengmor)


    7 years, 10 months ago

    Hi,

    I’m having a problem with an install and the WordPress dashboard CSS corrupted in WordPress dashboard which can only be resolved by manually disabling NinjaFirewall (/plugins/ninjafirewall.hold). This issue started on my staging site (subdomain.site1.com), but one week later appeared on the main site admin (site1.com). NinjaFirewall is running on site1.com only, and has been active for several years. I keep an eye on the support forum here and haven’t seen anything like this before with NinjaFirewall. There is also another domain on the cPanel hosting (Site 2) with a different database, install of WordPress and NinjaFrewall.

    Here is the file structure:

    /home/xxxx/site1/
    /home/xxxx/site1/staging/
    /home/xxxx/site2.com/
    /home/xxxx/site2/staging/

    Could this be a conflict between the two installations of NinjaFirewall? (* I have tried deactivating NinjaFirewall on site2 but this doesn’t help)

    • This topic was modified 7 years, 10 months ago by barnez.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    Is there anything written to the firewall log?

    Did you enable/modify the “Firewall Policies > HTTP response headers > Set Content-Security-Policy for the WordPress admin dashboard” option?

    Can you enable your browser console (CTRL + Shift + j ) and check if there is no error message?

    Thread Starter barnez

    (@pidengmor)

    Hi,

    Thanks for getting back.

    I can only access the firewall log through FTP, so I can’t see the timestamps for the logs. There are 2 types of logs from my IP related to the staging site (Rules 1378 + 1379):

    
[85241933] [0.01288] [staging.site1.com.com] [#3757780] [1378] [3] [x.xxx.xxx.xxx] [403] [POST] [/wp-admin/options.php] [WP: privilege escalation attempt] [hex:524551554553543a64656661756c745f726f6c65203d2073756273637269626572]
[1485241941] [0.0135] [staging.site1.com.com] [#7189069] [1378] [3] [x.xxx.xxx.xxx] [403] [POST] [/wp-admin/options.php] [WP: privilege escalation attempt] [hex:524551554553543a64656661756c745f726f6c65203d2073756273637269626572]
[1485242054] [0.02411] [staging.site1.com.com] [#8328123] [1378] [3] [x.xxx.xxx.xxx] [403] [POST] [/wp-admin/options.php] [WP: privilege escalation attempt] [hex:524551554553543a64656661756c745f726f6c65203d2073756273637269626572]
[1485242134] [0.01287] [staging.site1.com.com] [#8044414] [1379] [3] [x.xxx.xxx.xxx] [403] [POST] [/wp-admin/options.php] [WP: privilege escalation attempt] [hex:524551554553543a61646d696e5f656d61696c203d20696e666f4070726f6f66736369656e63652e636f6d]
[1485242162] [0.01345] [staging.site1.com.com] [#4640370] [1379] [3] [x.xxx.xxx.xxx] [403] [POST] [/wp-admin/options.php] [WP: privilege escalation attempt] [hex:524551554553543a61646d696e5f656d61696c203d20696e666f4070726f6f66736369656e63652e636f6d]
[1485242219] [0.01343] [staging.site1.com.com] [#2927250] [1379] [3] [x.xxx.xxx.xxx] [403] [POST] [/wp-admin/options.php] [WP: privilege escalation attempt] [hex:524551554553543a61646d696e5f656d61696c203d20696e666f4070726f6f66736369656e63652e636f6d]
[1485242250] [0.01315] [staging.site1.com.com] [#3993654] [1379] [3] [x.xxx.xxx.xxx] [403] [POST] [/wp-admin/options.php] [WP: privilege escalation attempt] [hex:524551554553543a61646d696e5f656d61696c203d20696e666f4070726f6f66736369656e63652e636f6d]
[1485242293] [0.01315] [staging.site1.com.com] [#8649702] [1379] [3] [x.xxx.xxx.xxx] [403] [POST] [/wp-admin/options.php] [WP: privilege escalation attempt]

    I haven’t changed the ‘Set Content-Security-Policy for the WordPress admin dashboard’ firewall policy setting from the default, but am unable to check if it is set to On as I can’t access the plugin admin section.

    When the issue is live there are 2 errors in the console which relate to other plugins:

    
ReferenceError: jQuery is not defined[Learn More]  admin-bar.min.js:26:1
	<anonymous> https://www.site1.com/wp-content/plugins/comet-cache/src/client-s/js/admin-bar.min.js:26:1
ReferenceError: jQuery is not defined[Learn More]  toolbar.js:1:1
	<anonymous> https://www.site1.com/wp-content/plugins/autoptimize/classes/static/toolbar.js:1:1

    If I disable these two plugins on Site1 and enable NinjaFirewall the issue returns. If I disable these two plugins on Site1 and staging.Site1 and enable NinjaFirewall the issue returns. When I disable NinjaFirewall again these errors stop and the dashboard returns to normal.

    • This reply was modified 7 years, 10 months ago by barnez.
    Plugin Author nintechnet

    (@nintechnet)

    The timstamp shows the incidents were all logged on Jan. 24 around 8 AM (CET):

    $ date -d @1485242293
Tue Jan 24 08:18:13 CET 2017

    Rule 1377, 1378 and 1379 are deprecated, they will be removed very soon.

    You can try to enable WordPress debugging and check if you see some error messages in the dashboard (you may need to display the HTML source page to view them).
    If you need to rename the NinjaFirewall folder to resolve the problem, I would think it is a PHP session issue. Maybe you installed another plugin lately and there is a conflict?

    Also, you can try to run the wp-check.php script. Upload it inside each site document root, enable all installations of NinjaFirewall and run the script. Check the value of auto_prepend_file and make sure it points to the correct file.

    Thread Starter barnez

    (@pidengmor)

    When I load the script on site1 there is:

    
Parse error: syntax error, unexpected ',' in /home/xxx/public_html/.htninja on line 15

    I had 2 comma-separated IPs whitelisted in .htninja:

    
if ( $_SERVER["REMOTE_ADDR"] == 'xx.xx.xxx.xxx', 'xx.xx.xxx.xxx'  ) {
   return 'ALLOW'; // whitelist
}

    When I remove the second IP and the comma the issue is resolved.

    Thanks for your help!

    the JS errors for comet cache & autoptimize are there because for some reason jquery is not available, which should never happen on your admin-pages. I guess this is because the firewall was blocking requests for jquery.js as well.

    frank (ao dev)

    Plugin Author nintechnet

    (@nintechnet)

    Use an array if you want to search for several IPs:

    <?php

$ip_array = array( '1.1.1.1' , '2.2.2.2' );

if ( in_array( $_SERVER["REMOTE_ADDR"], $ip_array ) ) {
   return 'ALLOW'; // whitelist
}
    Thread Starter barnez

    (@pidengmor)

    @nintechnet
    Thanks for the code for multiple IPs, I’ll use that in future.

    @futtta
    Thanks for your input, and for keeping a close eye on anything Autoptimize related ??

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘CSS corrupted in WordPress admin dashboard’ is closed to new replies.