“Sorry, your request cannot be accepted.”

  • Hello,

    Could you please help me with the follwing issue:

    1. Customer advises me that this message appears “IP Geo Block: Once you logout, you will be unable to login again because the number of login attempts reaches the limit. Please execute “Clear cache” on Statistics tab to prevent locking yourself out.”, that sometimes she gets the message “Sorry, your request cannot be accepted.” by clicking certain pages and that after a certain time it would work again.
    2. I delete the IP Geo Block plugin folder on the server.
    3. I login into WordPress using my admin account and reinstall the plugin.
    4. On activation it falls back to the message “Sorry, your request cannot be accepted.”. The dashboard isn’t accessible either. So, I’m unable to access and modify the settings of the plugin.

    I checked this FAQ page and I’m unable to perform Step 1, 3 and 4 because of the mentioned reason. Step 2 shows no Javascript errors.

    In Step 5 I’m not sure what to enter. The URL for the plugin activation is https://www.example.tld/wp-admin/plugins.php?activate=true&plugin_status=all&paged=1&s=. Other URLs would be required too. I doubt that this is the way to resolve the issue. Mind that other customers on the same shared hosting server reported the same thing.

    Final step: Where do I find the mentioned ‘plugin settings section’, is it in the settings of the IP Geo Block plugin? Anyway, I’m trying to list the items of this specific customer:

    PHP and WordPress:
    – PHP 5.6.31
    – WordPress 4.8.1
    – Multisite no

    Theme:
    – Academica Child => other customers with other themes

    Plugins:
    – Add Meta Tags
    – Akismet Anti-Spam
    – Black Studio TinyMCE Widget
    – Broken Link Checker
    – Companion Auto Update
    – Easy HTTPS (SSL) Redirection
    – Footer Text
    – Google XML Sitemaps
    – Image Widget
    – Login Logo
    – MailChimp for WordPress
    – MailChimp for WordPress – Captcha
    – Maintenance
    – Mobile Navigation
    – Page Builder by SiteOrigin
    – Posts in Page
    – Simple IP Ban (not active)
    – SiteOrigin Widgets Bundle (not active)
    – smart User Slug Hider
    – Social Icons Widget by WPZOOM
    – Social Media Widget
    – TinyMCE Advanced
    – Tracking Code
    – Unique Headers
    – WP Limit Login Attempts
    – WP Mailto Links – Manage Email Links
    – WP Mobile Plugin (not active)
    – WP Rollback

    Error log:
    2017-09-12 14:47:48 Warning ***.***.**.*** (32)Broken pipe: mod_fcgid: ap_pass_brigade failed in handle_request_ipc function, referer: https://www.example.tld/wp-admin/plugin-install.php?s=IP+Geo&tab=search&type=term
    2017-09-12 14:57:51 Warning ***.***.**.*** (32)Broken pipe: mod_fcgid: ap_pass_brigade failed in handle_request_ipc function, referer: https://www.example.tld/wp-admin/plugin-install.php?s=ip&tab=search&type=term

    Domo arigato in advance for your help!

Viewing 15 replies - 1 through 15 (of 20 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @sankari,

    I’m sorry for this issue and thank you for the effort to identify the cause.

    Now due to your report, I can smoothly start to investigate the compatibility with your plugins.

    And please disable “Prevent Zero-day Exploit” to avoid your customer’s inconvenience.

    It will take certain period, so please forgive me to take some time. And I hope to keep watching to this topic.

    Thanks for your reporting.

    Thread Starter sankari

    (@sankari)

    @tokkonopapa

    Thank you for your reply and for looking into this issue.

    Please advise how to disable the ‘Prevent Zero-day Exploit’ option as the plugin’s settings aren’t accessible via the WordPress backend.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @sankari,

    Sorry for the inconvenience.

    1. Rename ip-geo-block in /wp-content/plugins/ to ip-geo-block- using FTP or file manager. Then IPGB will be deactivated.

    2. Backup ip-geo-block.php in ip-geo-block- to your PC.

    3. Edit ip-geo-block.php to enable “Emergent Functionality“. You can download the edited version from here.

    3. Upload the above ip-geo-block.php to ip-geo-block-.

    4. Rename ip-geo-block- to the original name and activate IPGB. You may not be blocked. Then you can re-configure settings.

    5. Upload the original ip-geo-block.php in 2. to /wp-content/plugins/ip-geo-block.

    I hope this may help you.

    Thread Starter sankari

    (@sankari)

    Thank you for your guidance, @tokkonopapa.

    It helped indeed. And here is the complete installation information for investigation:

    – Server: Apache
    – PHP: 5.6.31
    – WordPress: 4.8.1
    – Multisite: no
    – Zlib: yes
    – ZipArchive: yes
    – BC Math: yes
    – mb_strcut: yes
    – DNS lookup: available [0.5 msec]
    – **CUSTOM TEMPLATE** 1.0.0
    – Akismet Anti-Spam 3.3.4
    – Black Studio TinyMCE Widget 2.4.2
    – Broken Link Checker 1.11.5
    – Column Shortcodes 1.0
    – Companion Auto Update 2.9.6
    – Easy HTTPS (SSL) Redirection 1.7
    – Footer Text 2.0.2
    – IP Geo Block 3.0.4.1
    – Login Logo 0.7
    – Meta Generator and Version Info Remover 3.3
    – Meta Tag Manager 2.1
    – Simple Download Monitor 3.4.6
    – Simple IP Ban 1.3.0
    – smart User Slug Hider 1.4
    – TinyMCE Advanced 4.6.3
    – Tracking Code 1.1
    – Velvet Blues Update URLs 3.2.7
    – WP Author Slug 1.3.0
    – WP Display Header 4
    – WP Limit Login Attempts 2.6.2
    – WP Mailto Links – Manage Email Links 2.1.6
    – WP Meta SEO 3.5.2
    – WP Rollback 1.5
    – 2017-09-15 18:01:54 limited GET:/wp-admin/options-general.php
    – 2017-09-15 10:55:53 limited GET:/wp-admin/plugins.php?activate=true&plugin_status=all&paged=1&s=
    – 2017-09-07 20:04:04 limited GET:/wp-admin/plugins.php?activate=true&plugin_status=all&paged=1&s=
    – 2017-09-07 20:02:38 limited GET:/wp-admin/
    – 2017-09-07 20:02:28 limited GET:/wp-admin/plugins.php?activate=true&plugin_status=all&paged=1&s=
    – 2017-09-07 19:59:04 limited GET:/wp-admin/
    – 2017-09-07 19:57:03 failed GET:/wp-login.php?captcha=7e5a3
    – 2017-09-07 19:56:54 failed GET:/wp-login.php?redirect_to=https%3A%2F%2Fwww.*************.tld%2Fwp-admin%2F&reauth=1

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @sankari,

    Thank you for the additional information. It is very useful for me.

    It seems that you failed to login because of captcha and IPGB counted “login fail” illegally. So I think that one of the cause your issue may be the same as this topic.

    I’ll keep investigating the compatibility with the plugins you are using and will report the result in here.

    Thanks.

    Thread Starter sankari

    (@sankari)

    @tokkonopapa

    Thanks very much.

    I checked the installed plugins of another customer who experiences the same issue with a different hosting provider. The plugins which are identical with the installation mentioned earlier are:

    – Akismet Anti-Spam 3.3.4
    – Companion Auto Update 2.9.6
    – IP Geo Block 3.0.4.1
    – Login Logo 0.7
    – smart User Slug Hider 1.4
    – TinyMCE Advanced 4.6.3
    – WP Mailto Links – Manage Email Links 2.1.6
    – WP Rollback 1.5

    I hope this helps you to identify and cure the cause.

    Thread Starter sankari

    (@sankari)

    @tokkonopapa

    By the way: The Zero-day exploit option is not activated for this customer.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @sankari,

    Sorry to keep you waiting.

    I tested some of plugins you reported, e.g. “MailChimp for WordPress”, “MailChimp for WordPress – Captcha”, “Page Builder by SiteOrigin” and “WP Limit Login Attempts”. Those works fine with IPBG.

    I suspect that the issue was caused by the same reason as https://www.ads-software.com/support/topic/locked-out-even-if-whitelisted/#post-9457116 because the “limited” in your report.

    Anyway, I’m dedicating to investigate some issues which were recently reported in this forum.

    Thank you for all your assistance.

    Thread Starter sankari

    (@sankari)

    Hello @tokkonopapa,

    Thank you very much for your testing.

    I just installed a fresh WP website including the IPGB plugin. On activation it showed the error. Here is what I did:

    1. In order to access the plugin settings I activated the emergency function in ip-geo-block.php but could still not access the login form (same error).
    2. I renamed the ip-geo-block plugin directory. The login form then appeared but the captcha image of the WP Limit Login Attempts plugin didn’t show up, so I renamed its plugin directory, too.
    3. Then I was able to access the login form and activate the IPGB plugin.

    Here is the installation information of this site:

    – Server: Apache
    – PHP: 5.6.31
    – WordPress: 4.8.2
    – Multisite: no
    – File system: direct
    – Zlib: yes
    – ZipArchive: yes
    – BC Math: yes
    – mb_strcut: yes
    – DNS lookup: available [0.6 msec]
    – Twenty Seventeen 1.3
    – Akismet Anti-Spam 4.0
    – Anti-spam 4.4
    – Broken Link Checker 1.11.5
    – Bulk Page Creator 1.1.0
    – Companion Auto Update 2.9.6
    – Easy HTTPS (SSL) Redirection 1.7
    – Edit Author Slug 1.5.2
    – Enable Media Replace 3.1.1
    – Footer Text 2.0.2
    – IP Geo Block 3.0.4.4
    – Meta Generator and Version Info Remover 3.3
    – Page Builder by SiteOrigin 2.5.12
    – Posts in Page 1.3.0
    – smart User Slug Hider 1.4
    – Theme Manager 2.0.1
    – TinyMCE Advanced 4.6.3
    – Tracking Code 1.1
    – Wordfence Security 6.3.19
    – WP Custom Login Page Logo 1.4.2
    – WP Display Header 4
    – WP Mailto Links – Manage Email Links 2.1.6
    – WP Meta SEO 3.5.2
    – WP Rollback 1.5
    – 2017-09-28 10:30:50 limited GET:/wp-login.php?redirect_to=https%3A%2F%2Fwp.example.tld%2Fwp-admin%2F&reauth=1
    – 2017-09-27 12:43:04 limited GET:/wp-login.php?redirect_to=https%3A%2F%2Fwp.example.tld%2Fwp-admin%2Fpost.php%3Fpost%3D32%26action%3Dedit&reauth=1
    – 2017-09-27 12:43:00 limited GET:/wp-login.php?loggedout=true

    And here are the custom settings:
    – Your IP address/Country: ***.***.**.*** / CH (Cache)
    – Whitelist of country code: CH,LI
    – Login form: Block by country
    – Admin area: Block by country
    – Admin ajax/post: Block by country
    – Plugins area: Force to load WP core, Block by country
    – Themes area: Force to load WP core, Block by country

    May this help for your further investigations.

    Thank you!

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @sankari,

    Sorry for the trouble so many times.

    – 2017-09-27 12:43:00 limited GET:/wp-login.php?loggedout=true

    This indicates that your IP address reached to the “Max number of failed login attempts per IP address“.

    And what a strange thing is that you had the same issue on 2017-09-28 10:30:50. The default value of “Expiration time [sec]” is 3600 so that the IP address cache should be cleared between 2017-09-27 12:43:00 and 2017-09-28 10:30:50 in normal situation.

    The mechanism of refreshing the IP address cache depends on WP-Cron. So you need to check if WP-Cron works or not.

    In order to do this, after you push “Clear now” button at “Clear cache” in “Statistics in cache” section on “Statistics” tab, I recommend you to install WP Crontrol and find ip_geo_block_cache hook.

    sample of WP Cron Event

    As for me, I’ll google “wp cron not working” to find the solution.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi,

    Here are some additional info.

    System information” picks up your IP address (“Your IP address/Country: ***.***.**.*** / CH (Cache)” in this case) from the logs and just show them.

    And would you check “IP address in cache” to see if there is an IP address whose “Elapsed [sec]” has been exceeded over 3600?, or the total number of IP addresses is huge or not?

    It displays only 10 of total. For example, the following picture shows there are 21 IPs in the cache.

    IP address in cache

    Thanks.

    • This reply was modified 7 years, 2 months ago by tokkonopapa.
    • This reply was modified 7 years, 2 months ago by tokkonopapa.
    Thread Starter sankari

    (@sankari)

    Hello @tokkonopapa,

    Okay, I cleared the cache and installed WP Crontrol. This is what it shows as cron event:

    ip_geo_block_cache | None | | 2017-09-30 00:39:18 (11 minutes 8 seconds) | Non-repeating

    IP address in cache now shows this:
    IP address | Country code / Access | Elapsed [sec] / Calls
    ***.***.**.*** | CH / admin | 0 / 29

    Before I cleared the cache it showed a total of two IP addresses but I don’t remember if one of them exceeded 3600.

    Hopefully this helps.

    Enjoy the weekend!

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @sankari,

    Sorry but I navigated you to the wrong direction. I found incompatibility with WP Limit Login Attempts and IPGB.

    1) Everytime a capture is showen on the login form, the action hook wp_login_failed would be fired. Although it’s a strange behavior because no attempt occurs at that time, it seems specification of WP Limit Login Attempts. This behavior leads IPGB to “Limited” very easily.

    2) When “Force to load WP core” at “Plugins area” is enabled for IPGB, WP Limit Login Attempts will cause 500 Internal Server Error. This prevent displaying a captcha.

    I made the improved version 3.0.4.5 beta in https://github.com/tokkonopapa/Wordpress-ip-geo-block/tree/3.0.4.5 which solves the above issues. So would you follow the steps to update IPGB?:

    1. Download the zip file and unzip it. You can find “ip-geo-block” folder in the unzipped file.
    2. Deactivate IPGB and upload the above “ip-geo-block” folder of 1. to your plugins directory. Overwriting should be OK.
    3. Activate IPGB again.

    The internal version is 3.0.4.5b which means a beta version. So you will be able to update safely for the future version of IPGB.

    And please note the followings when you enable “Force to load WP core” at “Plugins area“:

    • When you select “Block by country” at “Plugins area“, IPBG will block the requests from outside whitelisted countries.
    • When you select “Prevent Zero-day Exploit” at “Plugins area“, you must select “WP Limit Login Attempts” in “Exceptions” at “Plugins area“. Otherwise, the captcha will be blocked.

    I think you do not need WP Crontrol plugin, so please uninstall it.

    Thank for your time and patience!

    • This reply was modified 7 years, 2 months ago by tokkonopapa.
    Thread Starter sankari

    (@sankari)

    Hi @tokkonopapa

    Thanks very much for your work.

    I followed those steps and the response message of IPGB doesn’t appear anymore, as intended.

    The captcha of “WP Limit Login Attempts” is still blocked. In the settings of IPGB at “Plugin area” I selected “Block by country” or “Prevent Zero-day Exploit” including the selected exception. I retried after a couple of hours but to no avail. However, when I deactivate IPGB the captcha is shown.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Well, I think you already updated to the official version 3.0.4.5. It works perfectly with WP Limit Login Attempts in my environment…

    OK, could you check “System information” in “Plugin settings” section OR your “Logs” to find the request to /wp-content/plugins/wp-limit-login-attempts/captcha.php ?

    It would look like these if the captcha was blocked (in this case by “Prevent Zero-day Exploit”):

    System information: System information

    Logs: Logs

    Thank you for your cooperation so many times!

Viewing 15 replies - 1 through 15 (of 20 total)
  • The topic ‘“Sorry, your request cannot be accepted.”’ is closed to new replies.