• Resolved bashibuzuk

    (@bashibuzuk)


    Hello, I was signing out and suddenly…
    “We’re sorry, you are not allowed to proceed
    Our server stopped processing your request. Your request looks suspicious or similar to automated requests from spam posting software.
    If you believe you should be able to perform this request, please let us know.”
    … appears on my screen…
    My IP was blocked for : Probing for vulnerable PHP code (?)

    This never happened before since the last update of Cerber.
    Have I done somethng wrong ? (signing out ?)

    Best regard

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Author gioni

    (@gioni)

    Hi! I think you have the .php extension in your Custom login URL. Just remove it.

    It is also happening to me (from a whitelisted ip# !) and to other legit users, specifically while (legitimally) using index.php. Links on my website use this a lot, as it is shorter than the long name of the post.

    It happens with some numbered posts (like index.php/?p=175), even though I have (since this started happening yesterday) whitelisted /index.php.

    Oddly enough, it is not happening to all my numbered posts, only to some.

    One example: http://www.ardeahhw.nl/wordpress/index.php/?p=175

    Plugin Author gioni

    (@gioni)

    That means you have no index.php file in the root folder as it should be. Yes the Cerber security rules are pretty strict but they protect a normal WordPress installation effectively.

    Thank you for your quick reply! And that on a Sunday – hats off!

    I do see an index.php in my root, very short with just a define and a require command, starting with:
    * Front to the WordPress application. This file doesn’t do anything, but loads
    * wp-blog-header.php which does and tells WordPress to load the theme.

    So that does not seem to be the issue. Furthermore, I’m using this setup, including WP Cerber, for over a year without having this issue. Isn’t it odd that it happens to some, but not all messages?

    Other thoughts?

    Got it – the link mistakingly has /wordpress/ in between. Sorry – my bad.

    Thread Starter bashibuzuk

    (@bashibuzuk)

    @gioni
    Thanks for your answer – that was it – I found it later on the same day – but forgot to write about it.

    superninchen

    (@superninchen)

    It has been driving me nuts that I got locked out from all five of my WordPress pages, forcing me to manually disable the plugin via FTP.

    Removing the “.php” part from the custom login page URL did the trick.

    I wish there was a warning or a note directly in the settings page, telling me to omit the “.php” extension from the custom login page URL. That would save a lot of people a lot of time.

    Other than that: AWESOME plugin. Love it, and keep recommending it to anyone (though, not so much since the v6 update, with which the lock-outs started). 🙂

    Plugin Author gioni

    (@gioni)

    @superninchen That’s my bad. I’ll add a validator for the Custom login URL field in the next version.

    superninchen

    (@superninchen)

    @gioni Great! That will make everything clear to everybody. Will save you time, too, not having to answer the same question over and over again. 😀

    Cheers,
    Sascha

    Thread Starter bashibuzuk

    (@bashibuzuk)

    “@superninchen That’s my bad. I’ll add a validator for the Custom login URL field in the next version.”

    🙂 Cool

    Hello team,

    My website https://wakad.in is getting this error now. I did remove the .php extension from the cerber main settings about 2 months ago and then this issue went away. I have comeup again last couple of days at this website. Appreciate your thoughts please.

    thanks & regards,
    parag

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘We’re sorry, you are not allowed to proceed’ is closed to new replies.