Home

aly22

Forum Replies Created

Viewing 5 posts - 1 through 5 (of 5 total)
Dec 7, 2014 at 2:07 am in reply to: jquery.cookie.js #23345

aly22
Member

Thanks, no I do not see the file anywhere, as I deleted it.
The notifications are coming from my server via email alerts (Using CSF/LFD firewall)

I would ignore, or even disable this specific mod_security rule, but seems risky to turn off in the event of legitimate issues or warnings.
But it is frustrating to have people getting locked out regularly, when I know they are not hackers or doing anything but trying to go read a blog post ๐Ÿ˜‰

Dec 6, 2014 at 2:53 am in reply to: jquery.cookie.js #23332

aly22
Member

Hi Shaon,
I did remove the jquery.cookie.js file but am still getting the same lfd alerts (and user IPs blocked) in reference to that file. I suspect the plugin calls to the jquery.cookie.js file maybe?

This is how the repeated critical notifications appear:

Log entries:

[Fri Dec 05 20:27:31 2014] [error] [client 72.88.27.154] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\\\b.{0,100}?\\\\bsrc)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "111"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "MYSITE.COM"] [uri "/wp-content/plugins/download-manager/js/jquery.cookie.js"] [unique_id "VIJpk0tmGDsAADfJFp0AAAAC]
Dec 2, 2014 at 9:21 pm in reply to: jquery.cookie.js #23178

aly22
Member

Thank you, Shaon! I am trying that now and will watch to see if the lfd alerts quiet down (will let you know).

What is strange though, the alert is being triggered even for those users/visitors who are unlikely to be anywhere near the download manager page(s). That’s what concerns me a bit.

Note: I went to an older, test install of my site that has not yet been updated to the new version of Download Manager. It does not appear to contain the jquery.cookie.js file at all.

Google search suggests that Mod_Security has a long known issue with flagging file names with cookie in them. This may be the issue?

Nov 26, 2014 at 12:33 am in reply to: Updated WP and DM and lost everything! #22955

aly22
Member

Same happened to me, until I went to the Dashboard and there was a big welcome post and migration link that restored my download files. I have to update the shortcode in my download directory page(s) but at least that works now.

Try going to your WP admin dashboard and see if you see that Welcome with info page? It included a link to restore the old version, as well.

I did lose a LOT of site stuff, however. My text widgets in various pages have completely been wiped out. Am trying to restore from backup. Not sure if related, but this was the only update today besides WordPress to 4.0.1

Sep 18, 2013 at 4:54 am in reply to: Download file size 0kb #8579

aly22
Member

Just came looking for this solution and THANK YOU masel – your process.php file (msg #8347) fixed the issue. Disabling NextGen is definitely not an option.

Viewing 5 posts - 1 through 5 (of 5 total)