blocked by the server provider for security reasons after the 4.4.1 update

  • The server provider says the Anti-Hacker security Firewall detects security hole in code set and website content (set of two) and blocked.
    The security hole detected is called: “COMODO WAF: Potential Obfuscated Javascript in Output – Excessive fromCharCode”

    Thanks for any help if possible

    AG

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator James Huff

    (@macmanx)

    You’ll have to contact your hosting provider about that.

    Did you update anything besides WordPress?

    Hi,

    the same happened to my site. I got a 403 (You don’t have permission to access /index.php on this server) after updating to wp 4.4.1. The error did not dissapear even if i removed all of my site plugins.

    Also, the error appeared to only one of my updated sites. I host 6 wp sites on the same shared hosting provider and only one of them had this problem.

    Moderator James Huff

    (@macmanx)

    It’s probably the same as we’ve seen reported from a similarly timed mod_security update: https://www.ads-software.com/support/topic/read-this-first-wordpress-44-master-list?replies=7&view=all#post-7857957

    You’ll have to contact your hosting provider about that.

    Thread Starter togomes

    (@togomes)

    Hi James Huff,

    Yes, I contacted the error was reported by the hosting provider. I update all plugins today as recommended by post you referred.

    The template is Impreza 2.7 Themeforest, I’ll find out if you have reported similar problems.

    Thanks

    Thread Starter togomes

    (@togomes)

    Here is the log sent by hosting provider if can help

    [Thu Jan 07 13:15:42.403129 2016] [:error] [pid 637515:tid 47770806995264] [client 41.79.124.233] ModSecurity: Access denied with code 403 (phase 4). Pattern match "(?i)(String\\\\.fromCharCode\\\\(.*?){4,}" at RESPONSE_BODY. [file "/usr/local/apache/conf/modsec_vendor_configs/comodo_apache/14_Outgoing_FilterGen.conf"] [line "28"] [id "214560"] [rev "1"] [msg "COMODO WAF: Potential Obfuscated Javascript in Output - Excessive fromCharCode"] [data "Matched Data: String.fromCharCode(55356,56806,55356,56826),0,0),d.toDataURL().length>3e3):\\x22diversity\\x22===a?(e.fillText(String.fromCharCode(55356,57221),0,0),c=e.getImageData(16,16,1,1).data.toString(),e.fillText(String.fromCharCode(55356,57221,55356,57343),0,0),c!==e.getImageData(16,16,1,1).data.toString()):(\\x22simple\\x22===a?e.fillText(String.fromCharCode( found within RESPONSE_BODY: <!DOCTYPE HTML>\\x0a<html class=\\x22\\x22 lang=\\x22pt-PT\\x22>\\x0a<head>\\x0a\\x09<meta charset=\\x22UTF-8\\x22>\\x0a\\x0a\\x..."] [severity "CRITICAL"] [hostname "www.???????.com"] [uri "/site1/index.php"] [unique_id "Vo5k-MMIOx0ACbpLLZgAAABD"]

    Moderator James Huff

    (@macmanx)

    Yeah, that’s something which will need to be changed in mod_security on the server.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘blocked by the server provider for security reasons after the 4.4.1 update’ is closed to new replies.