Users getting blocked by ModSecurity

  • RichmondJim

    (@richmondjim)


    12 years ago

    Users are getting locked out of the server by ModSecurity for cPanel. Checking the log, I find error messages like:
    “Cross-site Scripting (XSS) Attack. Matched signature <.cookie>”] [severity “CRITICAL”] [hostname “**redacted**”] [uri “/wp-content/plugins/simple-notices/js/jquery.cookie.js”]
    Any chance you can update the plugin so that it does not generate files with the word “cookie” in the file name?

    https://www.ads-software.com/extend/plugins/simple-notices/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Pippin Williamson

    (@mordauk)

    The word “cookie” in the file name is causing the error message?

    jquery.cookie.js is a very common JS library used in hundreds of plugins / themes.

    Thread Starter RichmondJim

    (@richmondjim)

    Thanks for the speedy reply. It would appear that the block is caused by the word “cookie”. After seeing about a dozen of these blocks over the last 24 hours, I Googled the error message and found that one user had rewritten the plug-in and associated files to use “.wookie” instead of .cookie and the problem resolved.

    Since you say that the jquery.cookie.js is a common library, I’ll forward this first to our server engineer and see what he says. I’ll post an update when I hear back from him.

    Thanks again!

    Plugin Contributor Pippin Williamson

    (@mordauk)

    It seems really weird that the server would block it based on the file name, especially one so common as “cookie”.

    Let me know what they say!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Users getting blocked by ModSecurity’ is closed to new replies.