Ok I did a little investigating and this is what the server guys had as causing the repeated IP blocks.
Web request that caused the issue was “/wp-content/themes/dw-gamez_1.0.3_theme/assets/js/jquery.cookie.js?ver=20130716 HTTP/1.1”
Mod_security_message
Access denied with code 406 (phase 2). Pattern match “(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| …” at REQUEST_FILENAME. [file “/usr/local/apache/conf/modsec2.user.conf”] [line “117”] [id “1234123404”] [msg “Cross-site Scripting (XSS) Attack”] [data “.cookie”] [severity “CRITICAL”] [tag “WEB_ATTACK/XSS”]
Is there anything I can do to fix this?
The message is for cross site scripting attack that’s XSS did you tried installing the fresh copy of the theme itself,thats what happens when we leave our directory open for traversal attackers find weak points and reads the whole site directory system and inject a malicious code in the executable files such as js and php
Did you tried reinstalling all plugins and the theme and checked if the issue still remains there?
Nope but I’ll do a fresh install of the theme and see.
do let us know if that resolves the issue and i recommend you to do it as soon as possible cos if your are the shared hosting then other websites on the same shared environment are vulnerable to the attack which may lead to termination of your hosting account from your hosting provider if not resolved at the earliest
Thanks
I certainly will let you know. So far I haven’t seen that particular line pop up with Wordfence since the clean install but I’m waiting on the host to verify.
Hi there,
About this issue, you can try to rename the file from jquery.cookie.js to jquery-cookie.js Then, open up 2 files: functions.php (around line 140) and inc/customizer.php (around line 353), find the code below:
wp_enqueue_script( 'dw-gamez-cookie', get_template_directory_uri() . '/assets/js/jquery.cookie.js', array() );
… and change it into this:
wp_enqueue_script( 'dw-gamez-cookie', get_template_directory_uri() . '/assets/js/jquery-cookie.js', array() );
P.S: You can also follow the discussion with this issue in the topic here:
http://forums.cpanel.net/f5/mod-security-blocking-jquery-cookie-javascript-drupal-installation-191002.html
Hope this helps!
Please login or Register to submit your answer