Thank you!

We have detected when we have the plugin active it is causing my site to produce an error disabling my ability to update or publish any pages to my website.

This site is on GoDaddy.

the error says:

Oops … this page cannot be accessed It looks like the web page at https://www.onereason.com.mx/wp-admin/post.php?post=14&action=edit has problems, or may have been moved from permanently to a new web address.

ERR_HTTP2_PROTOCOL_ERROR

this is the log on WooComerce section:

### WordPress Environment ###

WordPress address (URL): https://www.onereason.com.mx
Site address (URL): https://www.onereason.com.mx
WC Version: 5.7.1
REST API Version: ✔ 5.7.1
WC Blocks Version: ✔ 5.7.2
Action Scheduler Version: ✔ 3.2.1
WC Admin Version: ✔ 2.6.5
Log Directory Writable: ✔
WP Version: 5.8.1
WP Multisite: –
WP Memory Limit: 368 MB
WP Debug Mode: –
WP Cron: ✔
Language: es_ES
External object cache: –

### Server Environment ###

Server Info: Apache
PHP Version: 7.4.16
PHP Post Max Size: 64 MB
PHP Time Limit: 90
PHP Max Input Vars: 1000
cURL Version: 7.71.0
OpenSSL/1.1.1d

SUHOSIN Installed: –
MySQL Version: 5.6.51-cll-lve
Max Upload Size: 64 MB
Default Timezone is UTC: ✔
fsockopen/cURL: ✔
SoapClient: ✔
DOMDocument: ✔
GZip: ✔
Multibyte String: ✔
Remote Post: ✔
Remote Get: ✔

### Database ###

WC Database Version: 5.7.1
WC Database Prefix: wp_
Tama?o total de la base de datos: 8.05MB
Tama?o de los datos de la base de datos: 5.72MB
Tama?o del índice de la base de datos: 2.33MB
wp_woocommerce_sessions: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_woocommerce_api_keys: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_woocommerce_attribute_taxonomies: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_woocommerce_downloadable_product_permissions: Datos: 0.02MB + índice: 0.06MB + Motor InnoDB
wp_woocommerce_order_items: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_woocommerce_order_itemmeta: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_woocommerce_tax_rates: Datos: 0.02MB + índice: 0.06MB + Motor InnoDB
wp_woocommerce_tax_rate_locations: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_woocommerce_shipping_zones: Datos: 0.02MB + índice: 0.00MB + Motor InnoDB
wp_woocommerce_shipping_zone_locations: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_woocommerce_shipping_zone_methods: Datos: 0.02MB + índice: 0.00MB + Motor InnoDB
wp_woocommerce_payment_tokens: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_woocommerce_payment_tokenmeta: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_woocommerce_log: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_actionscheduler_actions: Datos: 0.02MB + índice: 0.13MB + Motor InnoDB
wp_actionscheduler_claims: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_actionscheduler_groups: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_actionscheduler_logs: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_commentmeta: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_comments: Datos: 0.05MB + índice: 0.09MB + Motor InnoDB
wp_e_submissions: Datos: 0.02MB + índice: 0.27MB + Motor InnoDB
wp_e_submissions_actions_log: Datos: 0.02MB + índice: 0.11MB + Motor InnoDB
wp_e_submissions_values: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_links: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_options: Datos: 2.02MB + índice: 0.06MB + Motor InnoDB
wp_postmeta: Datos: 1.52MB + índice: 0.47MB + Motor InnoDB
wp_posts: Datos: 1.17MB + índice: 0.09MB + Motor InnoDB
wp_termmeta: Datos: 0.05MB + índice: 0.03MB + Motor InnoDB
wp_terms: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_term_relationships: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_term_taxonomy: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_tinvwl_analytics: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_tinvwl_items: Datos: 0.02MB + índice: 0.00MB + Motor InnoDB
wp_tinvwl_lists: Datos: 0.02MB + índice: 0.00MB + Motor InnoDB
wp_usermeta: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_users: Datos: 0.02MB + índice: 0.05MB + Motor InnoDB
wp_wc_admin_notes: Datos: 0.05MB + índice: 0.00MB + Motor InnoDB
wp_wc_admin_note_actions: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_wc_category_lookup: Datos: 0.02MB + índice: 0.00MB + Motor InnoDB
wp_wc_customer_lookup: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_wc_download_log: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_wc_order_coupon_lookup: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_wc_order_product_lookup: Datos: 0.02MB + índice: 0.06MB + Motor InnoDB
wp_wc_order_stats: Datos: 0.02MB + índice: 0.05MB + Motor InnoDB
wp_wc_order_tax_lookup: Datos: 0.02MB + índice: 0.03MB + Motor InnoDB
wp_wc_product_meta_lookup: Datos: 0.02MB + índice: 0.09MB + Motor InnoDB
wp_wc_reserved_stock: Datos: 0.02MB + índice: 0.00MB + Motor InnoDB
wp_wc_tax_rate_classes: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB
wp_wc_webhooks: Datos: 0.02MB + índice: 0.02MB + Motor InnoDB

### Post Type Counts ###

attachment: 231
customize_changeset: 49
elementor_library: 3
mc4wp-form: 1
nav_menu_item: 63
page: 48
post: 6
product: 63
product_variation: 4
revision: 11
shop_order: 19
wpcf7_contact_form: 4

### Security ###

Secure connection (HTTPS): ✔
Hide errors from visitors: ✔

### Active Plugins (13) ###

FiboSearch - AJAX Search for WooCommerce: por Equipo de FiboSearch – 1.13.0
Bacola Core: por KlbTheme – 1.0.9
Contact Form 7: por Takayuki Miyoshi – 5.4.2
Elementor Pro: por Elementor.com – 3.4.1
Elementor: por Elementor.com – 3.4.4
Envato Market: por Envato – 2.0.6
Kirki Customizer Framework: por David Vongries – 3.1.9
Limit Login Attempts Reloaded: por Limit Login Attempts Reloaded – 2.23.1
Maintenance: por WebFactory Ltd – 4.03
Meta Box: por MetaBox.io – 5.4.7
TI WooCommerce Wishlist: por TemplateInvaders – 1.28.4
Variation Swatches for WooCommerce: por Emran Ahmed – 1.1.19
WooCommerce: por Automattic – 5.7.1

### Inactive Plugins (0) ###

### Must Use Plugins (1) ###

installatron_hide_status_test.php: por  –

### Settings ###

API Enabled: –
Force SSL: –
Currency: USD ($)
Currency Position: left
Thousand Separator: ,
Decimal Separator: .
Number of Decimals: 2
Taxonomies: Product Types: external (external)
grouped (grouped)
simple (simple)
variable (variable)

Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog)
exclude-from-search (exclude-from-search)
featured (featured)
outofstock (outofstock)
rated-1 (rated-1)
rated-2 (rated-2)
rated-3 (rated-3)
rated-4 (rated-4)
rated-5 (rated-5)

Connected to WooCommerce.com: –

### WC Pages ###

Base de la tienda: #13 - /shop/
Carrito: #14 - /cart/
Finalizar compra: ❌ La visibilidad de la página debe ser pública
Mi cuenta: #16 - /my-account/
Términos y condiciones: #3 - /privacy-policy/

### Theme ###

Name: Bacola Child
Version: 1.0.7
Author URL: 
Child Theme: ✔
Parent Theme Name: Bacola
Parent Theme Version: 1.0.7
Parent Theme Author URL: https://themeforest.net/user/KlbTheme
WooCommerce Support: ✔

### Templates ###

Overrides: bacola/woocommerce/archive-product.php
bacola/woocommerce/cart/cart-empty.php
bacola/woocommerce/cart/cart.php
bacola/woocommerce/cart/cross-sells.php
bacola/woocommerce/cart/mini-cart.php
bacola/woocommerce/checkout/form-checkout.php
bacola/woocommerce/content-product.php
bacola/woocommerce/content-single-product.php
bacola/woocommerce/global/breadcrumb.php
bacola/woocommerce/global/quantity-input.php
bacola/woocommerce/global/wrapper-end.php
bacola/woocommerce/global/wrapper-start.php
bacola/woocommerce/loop/add-to-cart.php
bacola/woocommerce/loop/loop-end.php
bacola/woocommerce/loop/loop-start.php
bacola/woocommerce/loop/orderby.php
bacola/woocommerce/myaccount/my-account.php
bacola/woocommerce/myaccount/navigation.php
bacola/woocommerce/single-product/meta.php
bacola/woocommerce/single-product/price.php
bacola/woocommerce/single-product/product-image.php
bacola/woocommerce/single-product/rating.php
bacola/woocommerce/single-product/related.php
bacola/woocommerce/single-product/short-description.php
bacola/woocommerce/single-product/stock.php
bacola/woocommerce/single-product/up-sells.php
bacola/woocommerce/single-product.php

### TI WooCommerce Wishlist Templates ###

Overrides: –

### Action Scheduler ###

Completo: 38
Oldest: 2021-09-22 21:06:34 +0000
Newest: 2021-09-25 23:32:45 +0000

### Status report information ###

Generated at: 2021-09-25 23:54:57 +00:00

It seems that sharing with Threema doesn’t work. => Server not found.

Currently, URLs read: https://compose/?text=Something
Probably should read: threema://compose/?text=Something

Plugin version: 4.6.5

Please check. Thank you!

This site cannot be accessed The web page at https://www.diserglobal.com/wp-admin/customize.php?url=https%3A%2F%2Fwww.diserglobal.com%2F may not work temporarily or permanently moved to a new web address.
ERR_HTTP2_PROTOCOL_ERROR

Same issue even after editing in HTML mode.

Both Classic and Gutemberg Editors, no matter where you place an <a> tag.

==========

Found a solution, you need to add support for the magnet protocol (or any other you need) manually by using the “Plugin Editor” plugin and adding the lines below:

/**
 * Add extra protocols to list of allowed protocols.
 *
 * @param array $protocols List of protocols allowed by default by WordPress.
 *
 * @return array $protocols Updated list including extra protocols added.
 */
function wporg49937_add_more_protocols( $protocols ){
	$protocols[] = 'magnet';
	return $protocols;
}
add_filter( 'kses_allowed_protocols' , 'wporg49937_add_more_protocols' );

Source of the code: https://core.trac.www.ads-software.com/ticket/49937

since October 18th, for the first time I’m getting hit by a wave of IPs all managed by AmazonAWS:

3.210.184.170
52.34.183.195
54.196.64.198
52.70.5.189
52.34.76.65
54.240.197.234
18.228.43.18
54.203.213.125
54.88.251.203
54.190.32.22
54.207.53.208
34.219.184.161
54.202.87.48
34.219.36.191
3.86.187.42
34.219.173.241
34.210.81.177
34.219.176.170
52.90.235.182

and counting…

Except the first IP, all these IP are detected by Wordfence, trying the same type of SQL Injection:
“blocked by firewall for SQL Injection in query string: s=index%2Findex%2Findex”

While report an abuse to the other web hosting like for example as GoDaddy, OVH, DigitalOcean etc, Amazon AWS it’s a pain in the a** at the same level of a Tor Node Exit, meaning that they do almost nothing and those are the scenario:

First Scenario

They receive the abuse report and pass the ball to their customer which basically can tell any story and apparently Amazon AWS is good with that.
The fact is that not being an IT expert nor a Developer there’s not match that I can reply.

Two of their clients answered back this:

The behavior is expected as the Trend Micro’s download service. When the customer uses Trend Micro products to connect to Internet, Trend Micro solution visits the site by using exactly the same approach/URL as the customer then analyze to prevent our customers from hackers. Our servers do not perform any action other than the customers did and do not perform access other than the 1st access to download the page which is for analysis purpose. There won’t following connections from Trend Micro even though the one keep accessing your site.

Once we have assigned a rating to a website, we designate rating of the sites so next customer who subsequently visit that same website will receive the relevant rating automatically from our servers. Our servers would generally no need to access those same websites again. However in some circumstances Trend Micro will still try to analyze your site. For example, there no detection result from your site. – Trend Micro

If I stay stick on Wordfence report, there’s no way that a customer, in order to visit my website as typed the server IP instead of the domain name plus s=index%2Findex%2Findex

On the other hand, Trend Micro refused to provide the supposed exact URL used by their customer.

Another Amazon AWS customer reply back to Amazon:

“This web request was made to determine if the URL was safe to access. It was not unsolicited, nor was it an attempt to catalog, index, probe, or otherwise “crawl” the URL in question. The request does not make spurious DNS requests or create an open proxy for arbitrary requests. It is not an “intrusion attempt” or a “web crawl”

Again, what kind of URL was safe to access? This one server IP/index.php?s=index%2Findex%2Findex

Furthermore Fireeye stated that their customer would have received an email with such link, which makes no sense.

And all of this brings to main question, when Wordfence detect an SQL injection is true? or Wordfence is wrong?

Second Scenario

Sometime, Amazon AWS does not accept the data that I provide from Wordfence, they do it randomly so I guess it depends by the agent that read the abuse report.
When they do not accept Wordfence data, they ask for this:

* Complete, accurate timestamps of the activity including
– Time Zone
* Destination IP(s)
* Destination port(s) and protocol(s)
* Log extracts showing the intensity and duration of the activity

Where I get this data if not from Wordfence/Tools?

thanks

@import url ("https://fonts.googleapis.com/css?family=Barlow:300,400");

that becomes

@import url (//fonts.googleapis.com/css?family=Barlow:300,400);

after css processing

This is a error. External urls in css files should not be changed.