Error in combination with Translationpress

  • Resolved thalakus

    (@thalakus)


    4 years, 9 months ago

    Hello together,

    running the NinjaFirewall in FULL WAF and using translatepress (both plugins most recent update) I get following Errors in the chrome-console:

    POST 403 error on /plugins/translateepress-multilingual/includes/trp-ajax.php with jquery.min.js?ver=3.5.1:2

    Notice: TranslatePress trp-ajax request uses fall trp-translate-dom-ch…ges.js?ver=2.0.5:55 back to admin ajax

    POST 403 with /wp-admin/admin-ajax.php with jquery.min.js?ver=3.5.1:2
    TranslatePress AJAX Request Error trp-translate-dom-ch…ges.js?ver=2.0.5:58

    Deactivating Rule 128 in the firewall-rules helped and now that problem doesn’t show anymore.

    Anyway I thought about telling you about this “problem” so that maybe it helps other people and I’m not sure if deactivating this rule 128 is really the best way.

    Plugins and theme-data is not customized

    Have a great day!

    • This topic was modified 4 years, 9 months ago by thalakus.
Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Author nintechnet

    (@nintechnet)

    4 years, 9 months ago

    Are you logged-in (which role?) or not when that happened?

    Rule 128 is about JS code in an HTML attribute. Does your plugin sends some JS code in the payload? You may see that in the firewall’s log.

    Thread Starter thalakus

    (@thalakus)

    4 years, 9 months ago

    Hello, thanks for the quick reply.

    I searched the log and noticed that it refers to some translated content out of the text, that derives from the “Cookie Notice & Compliance for GDPR/CCPA” Plugin.

    The log shows the following:

    19/Jul/21 11:18:37  #5575105  CRITICAL   128  2003:d9XXXXXX  POST /wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php - Attribute JS injection - [POST:originals = ["To offer you the best browsing-experience, we use cookies. If you continue using our site, we assume your agreement.","OK","Dataprotection","THISISMYDOMAIN.de/en/datensc...] - THISISMYDOMAIN.de
19/Jul/21 11:18:37  #8212232  CRITICAL   128  2003:d9XXXXXX  POST /wp-admin/admin-ajax.php - Attribute JS injection - [POST:originals = ["To offer you the best browsing-experience, we use cookies. If you continue using our site, we assume your agreement.","OK","Dataprotection","THISISMYDOMAIN.de/en/datensc...] - THISISMYDOMAIN.de
19/Jul/21 11:18:41  #1864010  CRITICAL   128  2003:d9XXXXXX  POST /wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php - Attribute JS injection - [POST:originals = ["To offer you the best browsing-experience, we use cookies. If you continue using our site, we assume your agreement.","OK","Dataprotection","THISISMYDOMAIN.de/en/datensc...] - THISISMYDOMAIN.de
19/Jul/21 11:18:41  #8065856  CRITICAL   128  2003:d9XXXXXX  POST /wp-admin/admin-ajax.php - Attribute JS injection - [POST:originals = ["To offer you the best browsing-experience, we use cookies. If you continue using our site, we assume your agreement.","OK","Dataprotection","THISISMYDOMAIN.de/en/datensc...] - THISISMYDOMAIN.de

    Best regards!

    • This reply was modified 4 years, 9 months ago by thalakus.
    Plugin Author nintechnet

    (@nintechnet)

    4 years, 9 months ago

    The JS tag or code is not visible in the log, because the firewall truncates the payload to 200 characters. I assume it is added by your “Cookie Notice & Compliance for GDPR/CCPA” plugin.
    If you want to increase the 200-character limit in order to log more data and find the JS code, you can use the .htninja script and define the NFW_MAXPAYLOAD constant as per follows:

    <?php
/*
 +===========================================================================================+
 | NinjaFirewall optional configuration file                                                 |
 |                                                                                           |
 | See: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/ |
 +===========================================================================================+
*/
// Increase the size of the data written to the log
define('NFW_MAXPAYLOAD', 300);

    This would increase it to 300 characters for instance.

    • This reply was modified 4 years, 9 months ago by nintechnet.
    Thread Starter thalakus

    (@thalakus)

    4 years, 9 months ago

    Thanks for the reply.
    Anyway I think it might be good for you to inspect it on a test environment in combination with cookie notice and Translatepress, since both plugins are used by millions of users and then they will work fine with your plugin.

    Best regards

    Thread Starter thalakus

    (@thalakus)

    4 years, 9 months ago

    Hello,

    checked it now with the following result:

    Even though that in the log it’s talking about my translation plugin translatepress, the error doesn’t occur anymore when the cookie-notice-plugin is deactivated.
    Deactivating rule 128 also doesn’t show the error anymore.

    Maybe you look into the combination of translatepress (free version) and the cookie-notice-plugin (also free) to help that further users won’t be confronted with that error.

    Best regards!

    Thread Starter thalakus

    (@thalakus)

    4 years, 9 months ago

    Hello together,

    seems like in the new version 4.4 that error doesn’t occur anymore. Did you fix it in the update?

    Best regrads!

    Plugin Author nintechnet

    (@nintechnet)

    4 years, 9 months ago

    There was a modification done to the latest security rules (2021-07-27.1).

    Thread Starter thalakus

    (@thalakus)

    4 years, 5 months ago

    hello together, yesterday occured some similar-error:

    20/Nov/21 14:58:56  #2449187  CRITICAL   128  79.47.60.xxx     POST /wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php - Attribute JS injection - [POST:originals = ["TRANSLATE with ","x","English","Arabic","Hebrew","Polish","Bulgarian","Hindi","Portuguese","Catalan","Hmong Daw","Romanian","Chinese Simplified","Hungarian","Russian","Chinese Tradi...] – MY DOMAIN
20/Nov/21 14:58:56  #8073214  CRITICAL   128  79.47.60.xxx     POST /wp-admin/admin-ajax.php - Attribute JS injection - [POST:originals = ["TRANSLATE with ","x","English","Arabic","Hebrew","Polish","Bulgarian","Hindi","Portuguese","Catalan","Hmong Daw","Romanian","Chinese Simplified","Hungarian","Russian","Chinese Tradi...] – MY DOMAIN

    Maybe there was something changed in the rule 128 of Ninja-Firewall?

    Best regards!!

    Plugin Author nintechnet

    (@nintechnet)

    4 years, 5 months ago

    There was no change in the rule 128 since last July.
    If you can see the whole POST:originals payload, check for a javascript: substring and paste it here, I’ll see if I can adjust the rule.

    Thread Starter thalakus

    (@thalakus)

    4 years, 5 months ago

    thanks for the reply!
    How can I check for the whole payload? What I posted was everything I found in the logs

    Best regards!

    Plugin Author nintechnet

    (@nintechnet)

    4 years, 5 months ago

    You can configure the length of the payload as mentioned in my message here

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Error in combination with Translationpress’ is closed to new replies.