Here’s the specific security error generated by my log:
Wed Jun 08 03:27:26 2011] [error] [client 223.204.134.118] ModSecurity: Access denied with code 403 (phase 2). Match of “rx (/wp-content/plugins/one-click-plugin-updater)|(www/delivery/ajs.php)|(www/admin/dashboard.php)|(/wp-content/(themes|uploads)(?:/(\\\\w+))*/(tim)?thumb.php|/pl/download\\\\?file=http|/index\\\\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedi …” against “REQUEST_FILENAME” required. [file “/opt/mod_security/hg_rules.conf”] [line “91”] [id “1234234”] [msg “JITP:1234234-RFI-REQUEST_FILENAME=cheapestlaptop.cheapandworth.com”] [hostname “www.richardsilverstein.com”] [uri “/tikun_olam/”] [unique_id “Te8ybkMSE@IAAGKbHmIAAABH”]
The cheapestlap.com filename looks absolutely weird. IS that spam or should that be called as part of the upgrade? It appears the error is being caused by the one-click plugin updater, which may not be related to your plugin specifically. But whatever it is this is one helluva strange set of behaviors.
Just to clarify, as per our email correspondence, this issue was *not* due to YARPP and was your hosting company’s misconfiguration of your server. Glad the issue was resolved! 🙂
No, not a misconfiguration on the host’s part. For some reason they set a security exception for scripts downloading files in the manner that the one-click plugin updater does because they had someone take down their server w. a script that operated in a similar way.
But they’re trying to get my site whitelisted so this doesn’t happen again.
And no, it wasn’t the fault of YARPP.