- This topic has 5 replies, 5 voices, and was last updated 14 years, 3 months ago by
.
-
Posts
-
I am having an issue useing the Wp Estore plugin. This is the response i got from my server. The plugin shuts down my sites due to this. Please Help. There is no way i could even begin to know how to resolve this. Thanks Jay
“Hello,
It seems one of the modsecurity rules is being trigerred by the plugins you are using. Please see the log snippet given below. You need to consult with a developer regarding how to write the code without trigerring the modsecurity rules.
ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
[Sat Jul 03 04:02:38 2010] [error] [client 76.236.125.49] ModSecurity: Access denied with code 406 (phase 2). Pattern match “(?
b(?
?:type\b\W*?\b(?:text\b\W*?\b(?:j(?:ava)?|ecma|vb)|application\b\W*?\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\b.{0,100}?\bsrc)\b|on(??:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d …” at REQUEST_FILENAME. [file “/usr/local/apache/conf/modsec2.user.conf”] [line “117”] [id “950004”] [msg “Cross-site Scripting (XSS) Attack”] [data “.cookie”] [severity “CRITICAL”] [tag “WEB_ATTACK/XSS”] [hostname “www.mywebblinks.com”] [uri “/wp-content/plugins/wp-cart-for-digital-products/lib/jquery.cookie.js”] [unique_id “TC78rgyEwT4AADppARMAAAAc”]
Best Regards,
Antony
Gvo Support”
Looks like your server is complaining about the following JQuery library
jquery.cookie.js
This is a library from JQuery (http://jquery.com/) so it can be trusted and I have never heard anything like this before from any other hosting provider.
Anyway, lets try to exclude this library and see how it goes. Please open the “wp_eStore1.php” file and search for the following lines:
echo '<script type="text/javascript" src="'.WP_ESTORE_URL.'/lib/jquery.cookie.js"></script>';wp_enqueue_script('jquery.cookie',WP_ESTORE_LIB_URL.'/jquery.cookie.js');Once you find those tow lines just delete them then save and upload this modified file to your server then give it a go. Let me know if it makes a difference.
I am having the same issue. I purchased and installed the WP-Estore plugin today, and just as I started using it I got blocked by my web host. When I asked them about it they sent a similar message from their server log:
[Tue Aug 03 10:45:45 2010] [error] [client 71.169.184.71] ModSecurity: Access denied with code 406 (phase 2). Pattern match “(?
b(??:type\b\W*?\b(?:text\b\W*?\b(?:j(?:ava)?|ecma|vb)|application\b\W*?\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\b.{0,100}?\bsrc)\b|on(??:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d …” at REQUEST_FILENAME. [file “/usr/local/apache/conf/modsec2.user.conf”] [line “120”] [id “950004”] [msg “Cross-site Scripting (XSS) Attack”] [data “.cookie”] [severity “CRITICAL”] [tag “WEB_ATTACK/XSS”] [hostname “www.ethanhw.com”] [uri “/avocado/wordpress/wp-content/plugins/wp-cart-for-digital-products/lib/jquery.cookie.js”] [unique_id “TFgrmUH@LmAAAByNucoAAAAL”]I found this post and made the modification suggested to wp_estore1.php, and uploaded the modified file. When I tried logging in to WordPress and working with the WP-estore settings the same thing happened. Any other ideas about how to fix this? I’d love to be able to use the plugin, but obviously it’s not working for me currently. Thanks!
Ethan
Hi, We will need to take a closer look at your site to see what is happening. I have sent you a site access request via email. Please let me know if you do not receive this email.
- You must be logged in to reply to this topic.