Request error not JSON, insert post not loading

Just another note that when we try to insert the post in the newsletter, it results in this on the server…

Error! IP was blocked - block Removed. Block Reason: csf.deny: 114.77.126.182 # lfd: (mod_security) mod_security

Then I have to manually unblock the IP.

This happened about 3 times already. I think it could be related.

Hi, do you have any security plugins enabled in your website?

Can you please check if you can access wp-admin/admin-ajax.php on your website? It should return a “0” if it’s ok.

Thanks for your response, vvaz. We haven’t got any security plugins and no change in plugins since everything was last working alright so that’s really strange. We only have 2 plugins which is Mailpoet and Events Manager (Pro).

I’ve checked wp-admin/admin-ajax.php and it’s returning “0” so it’s ok.

Anything else I can check? Thanks!

Hi,

I am having the same problem with my websites. I understand from my hosting provider that the problem is caused by an well-known vulnerability called ModSecurity (CVE-2014-3907).
The guys from MailPoet should fix this as quickly as possible. My hosting provider has configured some restrictions, for security reasons. Until this problem is resoved, I cannot use MailPoet ??

Hello,

You should read the CVE-2014-3907 link in: https://www.cvedetails.com/cve/CVE-2014-3907/
So, if you have the latest version of MailPoet installed (you should!) you don’t need to worry.
This relates to 2.6.11 (almost a year ago), we’re now on 2.6.16
The problem here is that your mod_security shouldn’t trigger any warning.
We suggest that you ask your host to update the mod_security lists because they’re outdated.

Hi Valerio,

I noticed that you’re right to say that the older version of MailPoet had the mod_security issue as the IP blocks that I’ve reported actually happened before we upgraded. So after upgrading, I noticed that the IP block did not happen but it’s still not working.

It could be a different problem now, the list is just loading when trying to add a post when drafting the newsletter. Just can’t add any posts into the newsletter. Please help!

Hi Valerio,

I have contacted the host and they have asked me to test turning off mod_security using htaccess. I’ve done that and now I can insert posts into the newsletter.

The question is whether it is advisable to turn off mod_security or is there a solution that won’t conflict with mod_security. We do have the latest MailPoet ver 2.6.16.

Please advise. Thanks!

Hello Valerio,

MailPoet plugin worked just fine until the last update.
I have raised the problem with my hosting provider and they explained that for security reasons they cannot add any exceptions on their server, so I will be forced to use another newsletter plugin ??
Search the forum, there are many users that experience the same issue.

Hi,

Sorry to hear that, and we will definitely be investigating this in the future.

Thanks,
The MailPoet Team

Hi all,
My host has confirmed that the mod_security lists on their server are up-to-date.
Please investigate the problem. I am still getting this error:

Request error not JSON:<!DOCTYPE html>
<html style=”height:100%”>
<head><title> 403 Forbidden
……………..
……………..

I would also want to mention that I have installed MailPoet on another WordPress site, hosted by another provider and I encountered the same problem.

I am also encountering this problem.

Try this: https://support.mailpoet.com/error-403-on-admin-ajax-php/

I am having similar issues to everyone else on this post. When I try to insert a post, the dialogue box just hangs…..then when I try to send a test email I get the following:

Request error not JSON:<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don’t have permission to access /wp-admin/admin-ajax.php
on this server.</p>
</body></html>

Also, when trying to duplicate a newsletter I get 403 error message: Forbidden

You don’t have permission to access /wp-admin/admin.php on this server.

This has only recently happened and I need to send out a relatively urgent communication. I’ve tried updating .htaccess according to the support suggestion in 14 but neither option seems to work. I’d really appreciate a fix on this asap. Surely this must also be affecting paid subscriptions as well?

@sleepyday Please get in touch with your host’s support and report this to them, they might be able to find the origin of this block on your admin-ajax.php