We have successfully used your plugin for backups for serveral years. Now on one of the pages I get a “jQuery not defined” error only on the UpraftPlus page. It worked fine just last month.
I tried disabling all other plugins and switching to the TwentyTwentyFour theme. The error is still there.
The only difference to our other websites is that this one website is running on a Windows server (I have no idea why).
When I check the network tab I get an error 403 for load-scripts.php which should also load jQuery.
Do you have any idea what the problem could be?
Here are screenshots of the errors:
https://ibb.co/HH3KYcr
https://ibb.co/YWDhPmP
With Modsecurity enabled, on my wordpress health screen I am getting the following errors that should be improved:
Unable to detect the presence of page cache
Unable to detect page cache due to possible loopback request problem. Please verify that the loopback request test is passing. Error: cURL error 56: OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0 (Code: http_request_failed)
Page cache enhances the speed and performance of your site by saving and serving static pages instead of calling for a page every time a user visits.
Page cache is detected by looking for an active page cache plugin as well as making three requests to the homepage and looking for one or more of the following HTTP client caching response headers:
cache-control,expires,age,last-modified,etag,x-cache-enabled,x-cache-disabled,x-srcache-store-status,x-srcache-fetch-status.
With Modsecurity disabled, I get no such errors.
Can someone please help me figure out how to fix this?
]]>Hostgator, shared server, plan “M”.
All the other sites work well.
For some reason, this domain redirect in loop for several times than shows this message:
“Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.”
All the front-end of the domains work fine.
The only thing that is not working is FORNALI.COM.BR , specifically at wp-login.php .
You can try GELATIERI.COM.BR . This one works fine. Same installation. Same WP Multi.
Any help will be greatly appeciated.
]]>The log file shows:
ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||domain.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "domain.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "Zk96QMqMkJvqGzoPgUciKAAAAIY"], referer: https://domain.com/contact/The logs reference a vulnerability in WordPress 4.7 which was patched in 4.7.1. I’m using 6.5.3 with all plugins up to date.
The cause appears to be the presence of the following in the source for every page when UpdraftCentral Dashboard is activated:
<script type="text/javascript" src="https://domain.com/wp-includes/js/dist/data.min.js?ver=e6595ba1a7cd34429f66" id="wp-data-js"></script>
<script type="text/javascript" id="wp-data-js-after">
/* <![CDATA[ */
( function() {
var userId = 0;
var storageKey = "WP_DATA_USER_" + userId;
wp.data
.use( wp.data.plugins.persistence, { storageKey: storageKey } );
} )();
/* ]]> */
</script>When I deactivate UpdraftCentral Dashboard the issue stops and I can navigate the site without issues in the firewall.
]]>The REST API is one way that WordPress and other applications communicate with the server. For example, the block editor screen relies on the REST API to display and save your posts and pages. When testing the REST API, an unexpected result was returned:
REST API Endpoint: https://www.mcmo.is/wp-json/wp/v2/types/post?context=edit
REST API Response: (403) ForbiddenI’m finding nothing in the modsec logs. How can I go about finding and setting the proper rule exclusions for CRS4 in Modsecurity? Please help if you are knowledgable about Modsecurity and rule exclusions.
]]>I’ve been using WF for a few years now and this issue is a first. On a couple of sites on my Green Geeks VPS, when i try to get to the WordfenceOptions page, I get redirected to the front end of the website, onto the 404 Error page.
I’ve tried to Deactivate and Delete Data so i can reinstall and configure. But that process redirects to the 404 Error as well.
Any tips on what I should try next to fix this issue. I looked through the forum but did not find a similar situation / support topic.
Regards,
Sammy
]]>Ps. using shoptimizer theme.
]]>[Tue Jan 16 10:53:08.566527 2024] [:error] [pid 3128216:tid 139630066206464] [client 168.xxx.xx.xxx:55286] [client 168.xxx.xx.xxx] ModSecurity: Access denied with code 403 (phase 2). Pattern match “[\\[\\]\\x22′,()\\.]{10}$|\\b(?:union\\sall\\sselect\\s(?:(?:null|\\d+),?)+|order\\sby\\s\\d{1,4}|(?:and|or)\\s\\d{4}=\\d{4}|waitfor\\sdelay\\s’\\d+:\\d+:\\d+’|(?:select|and|or)\\s(?:(?:pg_)?sleep\\(\\d+\\)|\\d+\\s?=\\s?(?:dbms_pipe\\.receive_message\\ …” at REQUEST_COOKIES:sbjs_current_add. [file “/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf”] [line “66”] [id “218500”] [rev “18”] [msg “COMODO WAF: SQLmap attack detected||www.amopatinhas.com.br|F|2”] [data “Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-01-16 13:53:02|||ep=https:/www.amopatinhas.com.br/|||rf=(none)”] [severity “CRITICAL”] [tag “CWAF”] [tag “SQLi”] [hostname “www.xxxxxxxxxxxxxx.com.br”] [uri “/categoria-produto/meu-pet/cachorro/”] [unique_id “ZaaKRLagWD-rOM7bMCxOnAAAABY”], referer: https://www.xxxxxxxxxxxxxx.com.br/
I downgraded to Woo 8.4.0.
What do I do to be able to use the new version?
]]>I hope this email finds you well. We are facing a challenge with our web server that is utilizing ModSecurity, a web application firewall. Our server detected potential SQL injection attempts which seem to be associated with the groundhogg-page-visits cookie added by the Groundhogg plugin. Below are the details of the log observations that led to this issue:Suspicious Data in Cookies:
The server logs indicate that the suspicious data triggering the SQL injection detection were found within REQUEST_COOKIES:groundhogg-page-visits. This suggests that some data contained in this cookie was interpreted by ModSecurity as an SQL injection attempt.Detection Rule:
The detection was associated with ModSecurity rule ID 942100, which is set up to identify suspicious activities associated with SQL injection attempts via libinjection.
We are seeking your assistance to better understand how we can adjust this situation, ensuring the security of our website while effectively utilizing the Groundhogg plugin. The specific questions we have are:
We thank you in advance for your assistance and are available to provide any additional information required or to work with you to resolve this issue.
Warm regards,
Marks
ERROR_LOG:
---k3n6gq1W---H--
ModSecurity: Warning. detected SQLi using libinjection. [file "/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: sos found within REQUEST_COOKIES:groundhogg-page-visits: [["/XXXXXXX/",[[XXXXXXXX,0],[XXXXXXXX,0]]],["/",[[XXXXXXXX,0],[XXXXXXXX,0],[XXXXXXXX,0]]],["/XXXXXXX/XXXXXXX/",[[XXXXXXXX (11 characters omitted)"] [severity "2"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [hostname "XXXXXXX"] [uri "/XXXXXXX/XXXXXXX/XXXXXXX.html"] [unique_id "XXXXXXXXXXXXXXXX"] [ref "v1787,140"]
ModSecurity: Access denied with code 302 (phase 2). Matched "Operator Ge' with parameter5' against variable TX:ANOMALY_SCORE' (Value:5' ) [file "/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "XXXXXXX"] [uri "/XXXXXXX/XXXXXXX/XXXXXXX.html"] [unique_id "XXXXXXXXXXXXXXXX"] [ref ""]
---k3n6gq1W---Z--