paltego
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Comment system gives 404 on certain ‘magic’ wordsStill not quite sorted from my end yet :(, but clearly not a WordPress problem, so yes, I’ve marked it resolved. Thanks for the help and suggestions.
I think I have look at your plugin in the past, but not recently. I’ll give it a shot. Thanks for the pointer.
-paltego
Forum: Fixing WordPress
In reply to: Comment system gives 404 on certain ‘magic’ wordsDipak – Thanks. I’ve found the way to turn it off entirely via cpanel and verified that did in fact fix the problem. The tricky part is I don’t want to turn the whole thing off, given the logs are full of valid stuff it’s blocking (like SQL injection attacks). There’s one particular ‘adult’ rule that’s triggering that I can see, but I’ve yet to figure out how to kill it. Given the rules are pulled in from an external 3rd party supplied it doesn’t seem as simple as editing a configuration file. But I’m working on it 🙂
Thanks,
-paltegoForum: Fixing WordPress
In reply to: Comment system gives 404 on certain ‘magic’ wordsDipak – Thanks for that pointer. I pay for a VPS, so I can actually manage my own security rules. And after digging through the logs in the modsecurity module, you’re right, there’s a badly written rule that’s triggering there. I still haven’t figured out how to fix it yet (as the rule installation seems messed up for some reason), but that was the hint I needed to figure out was going on.
Appreciate your help.
paltego
Forum: Fixing WordPress
In reply to: Comment system gives 404 on certain ‘magic’ wordsDipak – Sure. Pasted it below. This is from the public_html directory
RewriteEngine on
# BEGIN WPSuperCache
# END WPSuperCache# Turn on Expires and set default to 0
ExpiresActive On
ExpiresDefault A0# Set up caching on media files for 1 year (forever?)
<FilesMatch “\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$”>
ExpiresDefault A29030400
Header append Cache-Control “public”
</FilesMatch># Set up caching on media files for 3 months
<FilesMatch “\.(gif|jpg|jpeg|png|swf)$”>
ExpiresDefault A7257600
Header append Cache-Control “public”
</FilesMatch># Set up 2 Hour caching on commonly updated files
<FilesMatch “\.(xml|txt|html|js|css)$”>
ExpiresDefault A7200
Header append Cache-Control “proxy-revalidate”
</FilesMatch># Force no caching for dynamic files
<FilesMatch “\.(php|cgi|pl|htm)$”>
ExpiresActive Off
Header set Cache-Control “private, no-cache, no-store, proxy-revalidate, no-transform”
Header set Pragma “no-cache”
</FilesMatch># BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule># END WordPress
Forum: Fixing WordPress
In reply to: Comment system gives 404 on certain ‘magic’ wordsDipak – Yes. I’ve tried that before, but I just tried it again to absolutely double check and while it does change comment behavior, it doesn’t alter the problem.
With akismet off I see the behavior that all comments get sent for moderation apart from the ones with the magic words (e.g. dominatrix). Those still trigger the 404 issue.
With akismet on I see the behavior that…
– Spammy type comments go to my spam section.
– Safe comments with no adult words get sent for me to moderate.
– Comments with magic words get the 404.So turning the plugin off does what you’d expect but seems orthogonal to this issue.
Forum: Fixing WordPress
In reply to: Puritianical wordpress?Thanks for the advice. I ran through the steps you suggested. That didn’t fix the issue but it did change the behavior slightly.
With the twenty fifteen theme selected and all plug-ins off (and using a clean browser) posting a ‘problematic’ comment would drop my to what looks like a 404 page with an “Oops! That page can’t be found.” The URL displayed at this point was – http://www.femdom-resource.com/wp-comments-post.php
Changing a few of the ‘naughty’ words in the comment to random gibberish would again let the same comment go through correctly and give the right feedback to the person submitting it (i.e. It was awaiting moderation).
I assume that this was actually the same thing that was happening before. Just that before the old comment form/theme was being less descriptive and just giving me the ‘!’ behavior. Now it complains more obviously but doesn’t help me much.
Any ideas on next steps? I’ve switched back to previous theme and turned plug-ins back on for the moment.
-paltego