Unusable website by allowed users!!!

  • Resolved Ivan Bacchi

    (@stiledivitasa)


    4 years, 5 months ago

    Hello,

    I have a big problem as the log shows me that every movement that users make on my site are intercepted as errors!
    In particular, when users try to reset their access password, by submitting the new password they receive a blocking message “We’re sorry, you are not allowed to proceed”.
    In the traffic inspector log activities I see many errors:

    01.11.2020, 11:12 /wp-admin/admin-ajax.php
    HTTP POST 403 Forbidden386 ms Details
    Form submission denied IP address is locked out

    01.11.2020, 11:11 /wp-admin/admin-ajax.php
    HTTP POST 403 Forbidden436 ms Details
    IP blocked Multiple erroneous requests
    Spam form submission denied Bot detected

    01.11.2020, 11:24 /en/?wc-ajax=get_refreshed_fragments
    POST HTTP 403 Forbidden277 ms Details
    Form submission denied IP address is locked out

    However, it is the users who are trying to recover their password in a legitimate way!

    I thought that these features were already automatically excluded from the interceptions of the plugin, being standard functions of wordpress and woocommerce. Instead it seems that every form or form that customers want to fill in, are subject to blocking intervention by the plugin!

    I have already put several strings in the traffic inspector white list, for example:

    /wp-admin/admin-ajax.php
    / en /
    / en / my-account /
    / en / my-account / lost-password /

    But I’m afraid it doesn’t make sense to put so many in for everything. Furthermore, even with the traffic inspector deactivated, the problem of blocking authorized users is not solved!

    I point out that I also use the anti-spam function with Invisible reCAPTCHA.

    I would like to purchase the license, but if the plugin is too restrictive to the point of blocking legitimate requests, I am not encouraged to make this purchase.

    How can I regulate this situation? How can I go about granting legitimate requests?

    Thanks for a quick reply as I have blocked users (customers)!

    Regards,
    Ivan B.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    Users can not recover password because their IP addresses are locked out. That’s the reason. I think you have to disable “Erroneous Request Shielding” in the Traffic Inspector settings.

    If someone is unable to do something on your website, it means their IP address is locked out. Go to the Activiy log and check all requests from that IP address. You’ll get an idea of what led to the lockout.

    Thread Starter Ivan Bacchi

    (@stiledivitasa)

    Hi Gregory,

    thank you for reply.

    Unfortunately the system continues to block our authorized users and makes us lose the sales of our online shop !!!
    Even the system does not even allow you to insert an item in the cart. This gesture is identified by the system as a Bot !!! (Spam form submission denied – Bot detected).

    In order to allow users to register and place orders I have to completely disable all Anti-spam functions. This is not normal, because I would like to stay protected from spam attempts, but not block authorized users as well! I’ve tried a myriad of different configurations, including whitelisting queries, but it doesn’t work in any way! Also I can’t whitelist every query of every product, as well as being an impossible job it doesn’t make any sense either.

    What should I do? This is really starting to get frustrating.

    Thank you for answer.

    Plugin Author gioni

    (@gioni)

    Obviously, the default config of WP Cerber’s anti-spam is not compatible with the active theme or a plugin that you use on your website. If you want to make it work, you have to whitelist those blocked requests. You do not need to whitelist all possible requests. You have to whitelist only part of the request: https://wpcerber.com/antispam-exception-for-specific-http-request/

    Thread Starter Ivan Bacchi

    (@stiledivitasa)

    Thanks for the answer, but if I have to whitelist all the parts of the site involved in a user function what is the point of keeping the protection active? Everything I imposed on the white list also applies to bots, right? At this point it is how to keep the Anti-spam function deactivated and therefore, all parts of the site put in the white list are vulnerable and also accessible to spam attacks. I don’t find this an acceptable solution.

    If I could understand what is the characteristic of a plug-in that affects the good functioning of the Anti-spam function, maybe I could understand how to solve the problem. The last plug-in I have installed is B2BKing which manages all the functions concerning users (B2B and B2C). However, I very much doubt that this plug-in has any effect on Anti-spam security, as it only comes into effect after the user has logged in. My problem, however, concerns the range of visitors (Anonymous).
    In any case, even if I were to discover that the plug-in responsible for a possible conflict is B2BKing, I still could not give up on it as there are too many indispensable functions for the needs of the site that are linked to this plug-in.

    Other possible solutions?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Unusable website by allowed users!!!’ is closed to new replies.