WordPress.org

Ready to get started?Download WordPress

Forums

WP Social Toolbar
this plugin caused mod_security to ban me & everyone who visits my site (3 posts)

  1. jquindlen
    Member
    Posted 3 years ago #

    So, I installed this plugin, configured it, and then went to look at how it appeared on my front end. Instead, it appeared my server crashed... however that was not what had happened. What happened is that mod_security thinks the plugin is an XSS attack, and then it banned my IP address from even accessing my domain. It also bans anyone who visits my site. I'm in the process of trying to disable mod_security so I can remove the plugin and clear the IP table.

    Here's the log that ModSecurity creates anytime anyone visits my site with wp-social-toolbar installed, activated, and configured.

    [Sat Jun 04 07:19:44 2011] [error] [client 2.102.208.119] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "wpstorecart.com"] [uri "/wp-content/plugins/wp-social-toolbar/js/jquery.cookie.js"] [unique_id "TeoU0EPeCo8AAE7SMwwAAAAG"]
    [Sat Jun 04 07:19:45 2011] [error] [client 2.102.208.119] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at ARGS:s. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "wpstorecart.com"] [uri "/"] [unique_id "TeoU0UPeCo8AAE7SMw0AAAAG"]
    [Sat Jun 04 07:24:10 2011] [error] [client 2.102.208.119] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "wpstorecart.com"] [uri "/wp-content/plugins/wp-social-toolbar/js/jquery.cookie.js"] [unique_id "TeoV2kPeCo8AAE7SMxgAAAAG"]
    [Sat Jun 04 07:24:13 2011] [error] [client 2.102.208.119] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at ARGS:s. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "wpstorecart.com"] [uri "/"] [unique_id "TeoV3UPeCo8AAE7SMxkAAAAG"]
    [Sat Jun 04 07:24:33 2011] [error] [client 2.102.208.119] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "wpstorecart.com"] [uri "/wp-content/plugins/wp-social-toolbar/js/jquery.cookie.js"] [unique_id "TeoV8UPeCo8AAF5jCRIAAAAC"]
  2. jquindlen
    Member
    Posted 3 years ago #

    From the log, the specific file that mod_sec is freaking out about is:
    /wp-social-toolbar/js/jquery.cookie.js

  3. Daddydesign
    Member
    Plugin Author

    Posted 3 years ago #

    We fixed the mod_security issue in version 1.3

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic