Tips and Tricks HQ Support

Support site for Tips and Tricks HQ premium products

eStore has script that triggers security rule and causes blocked IP addresses

by

Tips and Tricks HQ Support Portal Forums WP eStore Forum eStore has script that triggers security rule and causes blocked IP addresses

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • November 20, 2010 at 4:05 am #2261
    webenter
    Member

    Hi,

    I have used the WP eStore plugin on a site that has 3 different people acting as admin. We have all three, at times, been shut out of the site by the server firewall after accessing the shopping cart plugin. Can you please help me to fix this? I love this plugin and I’d hate to have to stop using it.

    Is there a way to attach a screen shot here? I’ll try to paste the code here so you can see what the log says. the site in question is: http://storieswithmorals.net

    Thanks!

    Jayne

    Here’s the log entry:

    More over this seems the client have enabled a wordpress plugin (/wp-content/plugins/wp-cart-for-digital-products/lib/jquery.cookie.js) which is causing the issue.

    ===================

    lfd: 5 (mod_security) rule triggers from 69.81.49.42 (US/United States/user-12l2c9a.cable.mindspring.com) in the last 300 secs – Thu Nov 18 09:28:12 2010

    /etc/csf/csf.tempip:69.81.49.42|1|1290094092

    ===================

    [Thu Nov 18 09:28:10 2010] [error] [client 69.81.49.42] ModSecurity: Access denied with code 406 (phase 2). Pattern match “(?:b(?:(?:type\b\W*?\b(?:text\b\W*?\b(?:j(?:ava)?|ecma|vb)|application\b\W*?\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\b.{0,100}?\bsrc)\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d …” at REQUEST_FILENAME. [file “/usr/local/apache/conf/modsec2.user.conf”] [line “117”] [id “950004”] [msg “Cross-site Scripting (XSS) Attack”] [data “.cookie”] [severity “CRITICAL”] [tag “WEB_ATTACK/XSS”] [hostname “www.storieswithmorals.net”] [uri “/wp-content/plugins/wp-cart-for-digital-products/lib/jquery.cookie.js”] [unique_id “TOVGCgyEwT8AAGLCl44AAAAf”

    ==================

    November 20, 2010 at 2:08 pm #26726
    wzp
    Moderator

    Does this only happen with people logged in as admin, or does it happen with regular users (both WP users and visitors) as well?

    November 20, 2010 at 2:16 pm #26727
    wzp
    Moderator

    You can try this…

    https://support.tipsandtricks-hq.com/forums/topic/xss-attack-caused-by-wp-cart-for-digital-productslibjquerycookiejs

    November 24, 2010 at 3:40 pm #26728
    webenter
    Member

    I tried the fix suggested in the article above – it did fix the triggering of the security module, but now the display shopping cart function, especially the widget is acting somewhat eratically. When items are added to the cart the widget still says the cart is empty. Has the deletion of the line of code caused this behavior and how can it be addressed?

    November 25, 2010 at 12:54 am #26729
    amin007
    Participant

    Deletion of that line should not cause what you are seeing. Can you please post a link to the page? Are you using a Caching plugin?

    I have also added a workaround in the plugin which I think should get rid of this whole issue. Download a new build of eStore from here and let me know how it goes:

    https://support.tipsandtricks-hq.com/update-request

    February 26, 2011 at 9:22 pm #26730
    webenter
    Member

    Thank you for the reply and notice of update. I somehow missed this a few months ago. Since I was installing again I had the same problem. The Updated eStore now seems to be working without issue. Thanks for making the change.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.