Support » Plugin: WP Social Toolbar » this plugin caused mod_security to ban me & everyone who visits my site

  • So, I installed this plugin, configured it, and then went to look at how it appeared on my front end. Instead, it appeared my server crashed… however that was not what had happened. What happened is that mod_security thinks the plugin is an XSS attack, and then it banned my IP address from even accessing my domain. It also bans anyone who visits my site. I’m in the process of trying to disable mod_security so I can remove the plugin and clear the IP table.

    Here’s the log that ModSecurity creates anytime anyone visits my site with wp-social-toolbar installed, activated, and configured.

    [Sat Jun 04 07:19:44 2011] [error] [client 2.102.208.119] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "wpstorecart.com"] [uri "/wp-content/plugins/wp-social-toolbar/js/jquery.cookie.js"] [unique_id "TeoU0EPeCo8AAE7SMwwAAAAG"]
    [Sat Jun 04 07:19:45 2011] [error] [client 2.102.208.119] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at ARGS:s. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "wpstorecart.com"] [uri "/"] [unique_id "TeoU0UPeCo8AAE7SMw0AAAAG"]
    [Sat Jun 04 07:24:10 2011] [error] [client 2.102.208.119] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "wpstorecart.com"] [uri "/wp-content/plugins/wp-social-toolbar/js/jquery.cookie.js"] [unique_id "TeoV2kPeCo8AAE7SMxgAAAAG"]
    [Sat Jun 04 07:24:13 2011] [error] [client 2.102.208.119] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at ARGS:s. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "wpstorecart.com"] [uri "/"] [unique_id "TeoV3UPeCo8AAE7SMxkAAAAG"]
    [Sat Jun 04 07:24:33 2011] [error] [client 2.102.208.119] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "wpstorecart.com"] [uri "/wp-content/plugins/wp-social-toolbar/js/jquery.cookie.js"] [unique_id "TeoV8UPeCo8AAF5jCRIAAAAC"]
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘this plugin caused mod_security to ban me & everyone who visits my site’ is closed to new replies.