• Resolved rctauro

    (@rctauro)


    The plugin is blocking the feature Visual Builder in my Divi (theme) pages.
    This is the message:
    You were blocked by the Shield. Something in the URL, Form or Cookie data wasn’t appropriate.
    Warning: You have 6 remaining transgression(s) against this site and then you will be black listed.
    Seriously, stop repeating what you are doing or you will be locked out.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Jelena

    (@jmisic)

    Hi,

    Thanks for contacting us.

    Please check the Audit Trail log to learn what exactly is being blocked. Please see here:
    https://icontrolwp.freshdesk.com/support/solutions/articles/3000070244-review-your-wordpress-site-activities-with-the-audit-trail-viewer-

    The Audit Trail Viewer is the best way to determine what is blocked by the Shield.

    Let us know what you found.

    Thanks!

    Regards,
    Jelena

    Thread Starter rctauro

    (@rctauro)

    Hi Jelena,

    I found nothing blocked in the viewer. But you saw the message received: ¨You were blocked by the Shield. Something in the URL, Form or Cookie data wasn’t appropriate.
    Warning: You have 6 remaining transgression(s) against this site and then you will be black listed.
    Seriously, stop repeating what you are doing or you will be locked out¨.

    Plugin Author Paul

    (@paultgoodchild)

    Have you definitely enabled the Audit Trail module? Seems odd that it’s empty.

    tecnic30

    (@tecnic30)

    Hi,

    I have the same problem with the plugin.

    Here you have the modsecurity trace log with the 403 code blocking the request:

    
    
    --4b665f6f-A--
    [14/Nov/2017:11:16:12 +0100] WgrCbH8AAAEAAGEUhhsAAACF XXXXXXXXXXXXX 36307 178.255.226.204 7080
    --4b665f6f-B--
    POST /?et_pb_preview=true&et_pb_preview_nonce=c03296f441 HTTP/1.0
    Host: XXXXXXXXXXXXX
    X-Real-IP: XXXXXXXXXXXXX
    X-Accel-Internal: /internal-nginx-static-location
    Connection: close
    Content-Length: 2724
    Cache-Control: max-age=0
    Origin: https://XXXXXXXXXXXXX
    Upgrade-Insecure-Requests: 1
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
    DNT: 1
    Referer: https://XXXXXXXXXXXXX/?et_pb_preview=true&et_pb_preview_nonce=c03296f441
    Accept-Encoding: gzip, deflate
    Accept-Language: es-ES,es;q=0.8
    Cookie: PHPSESSID=XXXXXXXXXXXXXXXXX; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_XXXXXXXXXXXXXXXXXXXXXXX=AFM%7C1511814397%7CgrVBvRKsGOzDKB2vQpXowRmGXjOHtUnB2tXmOBN4658%7C608XXXXXXXXXXXXXXXXXXXXXXX60d265f46c0526689496979; cdp-cookies-plugin-wp=cdp; _ga=GA1.2.1201108977.1510605614; _gid=GA1.2.1961402220.1510605614; et-editor-available-post-48340-bb=bb; et-editor-available-post-48054-bb=bb; et-editor-available-post-48341-bb=bb; et-saved-post-48342-bb=bb; wp-settings-2=libraryContent%3Dbrowse%26imgsize%3Dfull%26editor%3Dtinymce%26advImgDetails%3Dshow%26hidetb%3D1; wp-settings-time-2=1510654292; et-editor-available-post-2-bb=bb; et-editing-post-2-bb=bb
    
    --4b665f6f-C--
    et_pb_preview_nonce=c03296f441&shortcode=%5Bet_pb_section+bb_built%3D%221%22+fullwidth%3D%22off%22+specialty%3D%22off%22+_builder_version%3D%223.0.86%22+background_color%3D%22%23000000%22%5D%5Bet_pb_row%5D%5Bet_pb_column+type%3D%221_3%22%5D%5Bet_pb_text+_builder_version%3D%223.0.86%22+background_layout%3D%22light%22%5D%0D%0A%0D%0A%3Cp%3EInicio%3C%2Fp%3E%3Cp%3EServicios%3C%2Fp%3E%3Cp%3EEquipo%3C%2Fp%3E%3Cp%3EClientes%3C%2Fp%3E%3Cp%3ELabs+%28pr%C3%B3ximamente%29%3C%2Fp%3E%0D%0A%0D%0A%5B%2Fet_pb_text%5D%5B%2Fet_pb_column%5D%5Bet_pb_column+type%3D%221_3%22%5D%5Bet_pb_code+admin_label%3D%22TW+embebido%22+_builder_version%3D%223.0.86%22%5D%26lt%3Ba+class%3D%26quot%3Btwitter-timeline%26quot%3B+data-lang%3D%26quot%3Bes%26quot%3B+data-width%3D%26quot%3B400%26quot%3B+data-height%3D%26quot%3B200%26quot%3B+data-dnt%3D%26quot%3Btrue%26quot%3B+data-theme%3D%26quot%3Blight%26quot%3B+data-link-color%3D%26quot%3B%23E81C4F%26quot%3B+href%3D%26quot%3Bhttps%3A%2F%2Ftwitter.com%2FXXXXXXXXXX%3Fref_src%3Dtwsrc%255Etfw%26quot%3B%26gt%3BTweets+by+XXXXXXXXXX%26lt%3B%2Fa%26gt%3B+%26lt%3Bscript+async+src%3D%26quot%3Bhttps%3A%2F%2Fplatform.twitter.com%2Fwidgets.js%26quot%3B+charset%3D%26quot%3Butf-8%26quot%3B%26gt%3B%26lt%3B%2Fscript%26gt%3B%5B%2Fet_pb_code%5D%5B%2Fet_pb_column%5D%5Bet_pb_column+type%3D%221_3%22%5D%5Bet_pb_social_media_follow+link_shape%3D%22circle%22+_builder_version%3D%223.0.86%22+text_orientation%3D%22center%22+custom_margin%3D%2230px%7C%7C%7C%22%5D%0D%0A%0D%0A%5Bet_pb_social_media_follow_network+social_network%3D%22facebook%22+url%3D%22https%3A%2F%2Fwww.facebook.com%2FXXXXXXXXXX%2F%22+_builder_version%3D%223.0.86%22+background_color%3D%22rgba%280%2C0%2C0%2C0.19%29%22+box_shadow_style%3D%22preset3%22+link_shape%3D%22circle%22+follow_button%3D%22off%22+url_new_window%3D%22on%22%5Dfacebook%5B%2Fet_pb_social_media_follow_network%5D%5Bet_pb_social_media_follow_network+social_network%3D%22twitter%22+url%3D%22https%3A%2F%2Ftwitter.com%2FXXXXXXXXXX%22+_builder_version%3D%223.0.86%22+background_color%3D%22rgba%280%2C0%2C0%2C0.18%29%22+box_shadow_style%3D%22preset3%22+link_shape%3D%22circle%22+follow_button%3D%22off%22+url_new_window%3D%22on%22%5Dtwitter%5B%2Fet_pb_social_media_follow_network%5D%5Bet_pb_social_media_follow_network+social_network%3D%22linkedin%22+url%3D%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F5397446%2F%22+_builder_version%3D%223.0.86%22+background_color%3D%22rgba%280%2C0%2C0%2C0.19%29%22+box_shadow_style%3D%22preset3%22+link_shape%3D%22circle%22+follow_button%3D%22off%22+url_new_window%3D%22on%22%5Dlinkedin%5B%2Fet_pb_social_media_follow_network%5D%0D%0A%0D%0A%5B%2Fet_pb_social_media_follow%5D%5B%2Fet_pb_column%5D%5B%2Fet_pb_row%5D%5B%2Fet_pb_section%5D&post_title=Home+XXXXXXXXXXXX
    --4b665f6f-F--
    HTTP/1.1 403 Forbidden
    Last-Modified: Thu, 06 Nov 2014 19:01:15 GMT
    ETag: "3ba-50735521014c0"
    Accept-Ranges: bytes
    Content-Length: 954
    Connection: close
    Content-Type: text/html
    
    --4b665f6f-H--
    Message: Access denied with code 403 (phase 2). Pattern match "(?i)([<\xef\xbc\x9c]script[^>\xef\xbc\x9e]*[>\xef\xbc\x9e][\\s\\S]*?)" at ARGS:shortcode. [file "/etc/apache2/modsecurity.d/rules/comodo/08_XSS_XSS.conf"] [line "14"] [id "212000"] [rev "3"] [msg "COMODO WAF: XSS Filter - Category 1: Script Tag Vector||XXXXXXXXXX|F|2"] [data "Matched Data: <script async src=\x22https://platform.twitter.com/widgets.js\x22 charset=\x22utf-8\x22> found within ARGS:shortcode: [et_pb_section bb_built=\x221\x22 fullwidth=\x22off\x22 specialty=\x22off\x22 _builder_version=\x223.0.86\x22 background_color=\x22#000000\x22][et_pb_row][et_pb_column type=\x221_3\x22][et_pb_text _builder_version=\x223.0.86\x22 background_layout=\x22light\x22]\x0d\x0a\x0d\x0a<p>Inicio</p><p>Servicios</p><p>Equipo</p><p>Clientes</p><p>Labs (pr%u00f3ximamente)</p>\x0d\x0a\x0d..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"]
    Action: Intercepted (phase 2)
    Stopwatch: 1510654572241425 21120 (- - -)
    Stopwatch2: 1510654572241425 21120; combined=8485, p1=1386, p2=6149, p3=0, p4=0, p5=650, sr=366, sw=300, l=0, gc=0
    Producer: ModSecurity for Apache/2.9.0 (https://www.modsecurity.org/); CWAF_Apache.
    Server: Apache
    WebApp-Info: "default" "bcbbf4614e1e181003308c71fe12d882" "-"
    Engine-Mode: "ENABLED"
    
    --4b665f6f-Z--
    
    

    For security reasons I tried to masquerade the domain reference and real IP reference.

    Could you help with this problem? I’m having a lot of banned IPs for this reason.

    Regards

    • This reply was modified 7 years ago by tecnic30.
    Plugin Author Paul

    (@paultgoodchild)

    We have no interaction with mod_security. Could you outline the items displayed in the Shield Audit trail?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Divi Visual Builder Blocked’ is closed to new replies.