Support » Plugin: WP Store Locator » Cant change any settings
Cant change any settings
-
Hi there,
Have installed the plugin OK, but every time I try and make a config change, on the WP Store Locator: Settings page I get a “Forbidden” message from http://www.showmethehoney.org/wp-admin/options.phpCan you give me any idea whats going on? I’ve deleted and reinstalled the plug-in without success.
Best regards
Simon
-
Could you ask your host if mod_security is active on the server? http://www.modsecurity.org/ I had one user in the past who had the same problem as you, and in that case mod_security was the reason it failed.
I haven’t had time to implement a fix for it, but if it’s active on your host then I will make a custom version so you can test it out. So let me know what they say. Or check the apache log file yourself and search for ‘
modsec_rules’Hi Tijmen,
Thanks for the prompt response on this. Yes it does appear that my host uses mod-security as I can see its presence on the log files, although I’m awaiting formal confirmation from their support team.Thanks and best regards,
Simon
Can you send the part of the log file where it mentions modsec_rules to info at tijmensmit.com?
Hi Tijmen,
Is this what you want?
[Wed Apr 23 08:06:50 2014] [error] [client 200.46.73.42] Invalid URI in request GET HTTP/1.1 HTTP/1.1
[Wed Apr 23 08:06:50 2014] [error] [client 200.46.73.42] ModSecurity: [file “/etc/httpd/modsecurity.d/50_asl_rootkits.conf”] [line “58”] [id “390145”] [rev “11”] [msg “Atomicorp.com WAF Rules: Rootkit attack: Generic Attempt to install shell”] [severity “CRITICAL”] Access denied with code 403 (phase 2). Match of “rx (?:/event\\\\.ng/|horde/services/go\\\\.php|tiki-view_cache\\\\.php|^/\\\\?out=http://|homecounter\\\\.php\\\\?offerid=.*ureferrer=http|__utm\\\\.gif\\\\?|/plugins/wpeditimage/editimage\\\\.html|/spc\\\\.php)” against “REQUEST_URI” required. [hostname “showmethehoney.org”] [uri “/”] [unique_id “YGoYYG1LoQUAAHvv96IAAAAS”]
[Wed Apr 23 08:07:55 2014] [error] [client 157.55.36.35] File does not exist: /var/www/vhosts/beegood.co.uk/showme/robots.txt
[Wed Apr 23 08:15:13 2014] [error] [client 157.56.93.72] File does not exist: /var/www/vhosts/beegood.co.uk/showme/robots.txtCan you search in the logfile for ‘wpsl_search[radius]’ and see if that returns any hits? If so, then the log data around it is what I would like to see 🙂
Tue Apr 22 22:49:32 2014] [warn] [client 86.173.244.157] mod_fcgid: stderr: PHP Warning: Creating default object from empty value in /var/www/vhosts/beegood.co.uk/showme/wp-content/plugins/Anticipate/anticipate-maintenance-plugin.php on line 119, referer: http://www.showmethehoney.org/wp-admin/plugins.php?action=delete-selected&checked%5B0%5D=cookie-notice%2Fcookie-notice.php&plugin_status=all&paged=1&s&_wpnonce=71445d73c9
[Tue Apr 22 23:11:10 2014] [error] [client 86.173.244.157] ModSecurity: [file “/etc/httpd/modsecurity.d/11_asl_adv_rules.conf”] [line “79”] [id “341245”] [rev “19”] [msg “Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)”] [data “1,(1),ARGS:wpsl_search[radius]”] [severity “CRITICAL”] Access denied with code 403 (phase 2). detected SQLi using libinjection with fingerprint ‘1,(1)’ [hostname “www.showmethehoney.org”] [uri “/wp-admin/options.php”] [unique_id “5LAJvG1LoQUAAFCF6NsAAAAg”]
[Tue Apr 22 23:12:43 2014] [error] [client 86.173.244.157] ModSecurity: [file “/etc/httpd/modsecurity.d/11_asl_adv_rules.conf”] [line “79”] [id “341245”] [rev “19”] [msg “Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)”] [data “1,(1),ARGS:wpsl_search[radius]”] [severity “CRITICAL”] Access denied with code 403 (phase 2). detected SQLi using libinjection with fingerprint ‘1,(1)’ [hostname “www.showmethehoney.org”] [uri “/wp-admin/options.php”] [unique_id “6j9Ox21LoQUAAFdNe4UAAAAR”]
[Tue Apr 22 23:27:29 2014] [error] [client 86.173.244.157] ModSecurity: [file “/etc/httpd/modsecurity.d/11_asl_adv_rules.conf”] [line “79”] [id “341245”] [rev “19”] [msg “Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)”] [data “1,(1),ARGS:wpsl_search[radius]”] [severity “CRITICAL”] Access denied with code 403 (phase 2). detected SQLi using libinjection with fingerprint ‘1,(1)’ [hostname “www.showmethehoney.org”] [uri “/wp-admin/options.php”] [unique_id “Hwq@121LoQUAAHhp3R8AAABD”]
[Wed Apr 23 00:27:50 2014] [error] [client 86.173.244.157] ModSecurity: [file “/etc/httpd/modsecurity.d/11_asl_adv_rules.conf”] [line “79”] [id “341245”] [rev “19”] [msg “Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)”] [data “1,(1),ARGS:wpsl_search[radius]”] [severity “CRITICAL”] Access denied with code 403 (phase 2). detected SQLi using libinjection with fingerprint ‘1,(1)’ [hostname “www.showmethehoney.org”] [uri “/wp-admin/options.php”] [unique_id “9uJY721LoQUAAHe-8I4AAAAE”]Thanks, that’s what I was looking for. Could you send me an email at info at tijmensmit.com? Then I can send you a fix once I have made one and you can test if it fixed the issue.
- The topic ‘Cant change any settings’ is closed to new replies.