Daylon Deon
asked 6 years ago

Ok I did a little investigating and this is what the server guys had as causing the repeated IP blocks. 
 
 
Web request that caused the issue was “/wp-content/themes/dw-gamez_1.0.3_theme/assets/js/jquery.cookie.js?ver=20130716 HTTP/1.1”
 
Mod_security_message
 
Access denied with code 406 (phase 2). Pattern match “(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| …” at REQUEST_FILENAME. [file “/usr/local/apache/conf/modsec2.user.conf”] [line “117”] [id “1234123404”] [msg “Cross-site Scripting (XSS) Attack”] [data “.cookie”] [severity “CRITICAL”] [tag “WEB_ATTACK/XSS”]
 
Is there anything I can do to fix this? 

3 Answers
well wisher
answered 6 years ago

The message is for cross site scripting attack that’s XSS did you tried installing the fresh copy of the theme itself,thats what happens when we leave our directory open for traversal attackers find weak points and reads the whole site directory system and inject a malicious code in the executable files such as  js and php
Did you tried reinstalling all plugins and the theme and checked if the issue still remains there?

Daylon Deon
answered 6 years ago

Nope but I’ll do a fresh install of the theme and see.

well wisher
replied 6 years ago

do let us know if that resolves the issue and i recommend you to do it as soon as possible cos if your are the shared hosting then other websites on the same shared environment are vulnerable to the attack which may lead to termination of your hosting account from your hosting provider if not resolved at the earliest
Thanks

Daylon Deon
replied 6 years ago

I certainly will let you know. So far I haven’t seen that particular line pop up with Wordfence since the clean install but I’m waiting on the host to verify.

Kido D
answered 6 years ago

Hi there,
About this issue, you can try to rename the file from jquery.cookie.js to jquery-cookie.js Then, open up 2 files: functions.php (around line 140) and inc/customizer.php (around line 353), find the code below:

wp_enqueue_script( 'dw-gamez-cookie', get_template_directory_uri() . '/assets/js/jquery.cookie.js', array() );

… and change it into this:

wp_enqueue_script( 'dw-gamez-cookie', get_template_directory_uri() . '/assets/js/jquery-cookie.js', array() );

P.S: You can also follow the discussion with this issue in the topic here:
http://forums.cpanel.net/f5/mod-security-blocking-jquery-cookie-javascript-drupal-installation-191002.html
Hope this helps!

Powered by DW Question & Answer Pro