• Irene

    (@arlinaite)


    Hi
    I have Not a Valid JSON Response Error, when trying to update a post due to the following script:
    <div data-vi-partner-id=”P000xxxxx” data-vi-language=”es” data-vi-currency=”USD” data-vi-partner-type=”AFFILIATE” data-vi-url=”103576P16,5674RPBIKE,106570P5″></div>

    <script async=”” src=”https://www.viator.com/orion/partner/widget.js”></script&gt;

    I use the .ninja can you please tell me how to whitelist?
    Thanks in advance

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Can you show me the firewall log line that blocked it as I need to know which rule blocked it and which input field was blocked?

    Also, which editor are you using, WordPress Gutenberg or a 3rd-party editor?

    Thread Starter Irene

    (@arlinaite)

    Hi,

    Thanks for your answer.
    I use WordPress Gutenberg Editor with some blocks plugin
    This is the part of the log where I see that my IP and my server IP has being blocked

    31/May/21 15:50:50  #2837717  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"status":"draft","title":"Barrio","content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_1b2090-3c\",\"columns\":1,\"colLayout\":\"equal\",\"topPadding\":30,\"bottomPadding\"...] - surdelsur.com
    31/May/21 15:58:24  #4670769  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"objectID":778,"objectType":"post","meta":{"rank_math_seo_score":13},"content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_1b2090-3c\",\"columns\":1,\"colLayout\":\"equal\",\"topPadding\":...] - example.com
    31/May/21 15:58:24  #2450585  CRITICAL   115  1181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"id":778,"content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_1b2090-3c\",\"columns\":1,\"colLayout\":\"equal\",\"topPadding\":30,\"bottomPadding\":0,\"leftPadding\":25,\"rightPadding\":2...] - example.com
    31/May/21 16:05:50  #6162542  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"status":"draft","title":"Barrio","content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_1b2090-3c\",\"columns\":1,\"colLayout\":\"equal\",\"topPadding\":30,\"bottomPadding\"...] - example.com
    
    31/May/21 16:44:08  #1803379  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"objectID":787,"objectType":"post","meta":{"rank_math_seo_score":15},"content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_f6fd72-86\",\"columns\":1,\"colLayout\":\"equal\",\"currentOverla...] - example.com
    31/May/21 16:44:08  #6617408  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"id":787,"content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_f6fd72-86\",\"columns\":1,\"colLayout\":\"equal\",\"currentOverlayTab\":\"grad\",\"minHeight\":500,\"topPadding\":80,\"bottom...] - example.com
    31/May/21 17:00:42  #7034862  INFO         -  181.88.MY.IP   GET /wp-admin/plugins.php - Plugin deactivated by example - [Name: ultimate-post/ultimate-post.php] - example.com
    31/May/21 17:01:13  #7092660  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"objectID":787,"objectType":"post","meta":{"rank_math_seo_score":15},"content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_f6fd72-86\",\"columns\":1,\"colLayout\":\"equal\",\"currentOverla...] - example.com
    31/May/21 17:01:14  #6023080  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"id":787,"content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_f6fd72-86\",\"columns\":1,\"colLayout\":\"equal\",\"currentOverlayTab\":\"grad\",\"minHeight\":500,\"topPadding\":80,\"bottom...] - example.com
    31/May/21 17:01:50  #2186861  MEDIUM       -  45.77.SER.VER    POST /wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - example.com
    31/May/21 17:02:06  #2631474  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"objectID":778,"objectType":"post","meta":{"rank_math_seo_score":10},"content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_1b2090-3c\",\"columns\":1,\"colLayout\":\"equal\",\"topPadding\":...] - example.com
    31/May/21 17:02:06  #2341366  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"id":778,"content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_1b2090-3c\",\"columns\":1,\"colLayout\":\"equal\",\"topPadding\":30,\"bottomPadding\":0,\"leftPadding\":25,\"rightPadding\":2...] - example.com
    31/May/21 17:02:51  #4669837  MEDIUM       -  45.77.SER.VER    POST /wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - example.com
    31/May/21 17:03:56  #8377698  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"objectID":787,"objectType":"post","meta":{"rank_math_seo_score":15},"content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_f6fd72-86\",\"columns\":1,\"colLayout\":\"equal\",\"currentOverla...] - example.com
    31/May/21 17:03:56  #1742783  CRITICAL   115  181.88.MY.IP   POST /index.php - Cross-site scripting - [RAW:POST = {"id":787,"content":"<!-- wp:kadence/rowlayout {\"uniqueID\":\"_f6fd72-86\",\"columns\":1,\"colLayout\":\"equal\",\"currentOverlayTab\":\"grad\",\"minHeight\":500,\"topPadding\":80,\"bottom...] - example.com
    31/May/21 17:03:57  #8835665  MEDIUM       -  45.77.SER.VER    POST /wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - example.com
    31/May/21 17:05:34  #7661312  MEDIUM       -  45.77.SER.VER    POST /wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - example.com
    31/May/21 17:06:41  #2703499  MEDIUM       -  45.77.SER.VER    POST /wp-admin/admin-ajax.php - Blocked access to admin-ajax.php - [bot detection is enabled] - example.com
    31/May/21 17:07:41  #6728225  INFO         -  181.88.MY.IP   GET /wp-admin/network/plugins.php - Plugin deactivated by example - [Name: ninjafirewall/ninjafirewall.php] - example.com

    Thanks for your help

    Plugin Author nintechnet

    (@nintechnet)

    You would need to disable rule #115, because you’re trying to add JS code to the post and only the admin is allowed to do that.
    Go to “NinjaFirewall > Security Rules”, click on the “Rules Editor” tab and disable rule #115.

    Thread Starter Irene

    (@arlinaite)

    I don’t get it.
    I am the super administrator of the multisite, moreover I am the only one accessing the backend for the network.
    In example.com/ba where I have the issue, under the users tab of the subsite I have the administrator role.
    I disabled the rule as you say but, If I am the admin there must be another fix.
    What do I have to do to fix this?

    Plugin Author nintechnet

    (@nintechnet)

    If you’re the network admin, then you shouldn’t be blocked.

    You can try to debug this by following this post:
    https://blog.nintechnet.com/ninjafirewall-php-sessions-debugging/

    Simply add the define('NFW_SESSION_DEBUG_USER', 'YOURNAME'); to the .htninja or the wp-config.php and you should see the “NF” logo, either green or red when you are logged-in in.

    * Replace YOURNAME with your admin login name.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.