From Google Safe Browsing, it said the website is redirecting visitors to a dangerous websites: p3olnuew3tan????.ws.
You may try to check your web page source files, and/or the database table (e.g.) wp_options for any suspicious.
Hi CCTO, yes we’ve removed the malware. But it takes Google 72 hours to review the site and they have not given it the “all-clear” yet.
But this may or may not have anything to do with the 403 error that is returned when you go beyond this warning to the actual site.
At present, there will be no 403 error, because I’ve deleted all WP-Security’s code that it puts into the .htaccess file…
@colfetski
Disable any enabled setting one after another in the System Tweaks section of the iTSec plugin Settings page.
dwinden
Thanks @dwinden
I found that the offending setting is “Enable HackRepair.com’s blacklist feature”
For some reason this causes the 403 Forbidden error. So this makes me wonder, is my IP Address somehow on the hackrepair blacklist? Or my server’s IP? I don’t really understand how it works exactly.
It’s working, and that’s the main thing. But I am left wondering why this causes an issue on this site and none of our other wordpress sites?
@colfetski
Ah right, that setting would have been my next choice to disable …
There are a LOT of rules added to the .htaccess file by the HackRepair.com’s blacklist setting.
These rules are basically filtering out requests from bad User Agents and/or some known bad HTTP referrers.
You would have to identify the exact line that causes the 403 in order to get an answer to your question.
And as to why this feature only seems to affect this particular site I noticed the web server used for this site is probably LiteSpeed. Perhaps that is the differentiator.
dwinden
Thanks @dwinden
I don’t think that LiteSpeed is the issue, as many of our sites run on that.
We’ll have to go on a fishing expedition to work out which User Agent / Referrer is causing a hiccup and will post back here if we have any discoveries of interest.
Thanks for your help.
@colfetski
I didn’t think so either but I just thought I better mention it.
Good luck with the fishing 😉
dwinden
