Page not found

Hi Ilan,

This is a really strange issue!

Can you please try to regenerate you permalinks, simply navigating to WP Dashboard -> Settings -> Permalinks and saving your options as they are?

Besides, if you’re using a cache system, please be sure to empty your page cache before to check again your site

If the problem persist, can you please share with us a link where I can check the problem?

Have a nice day! ??

Hi,

I tried the permalinks regeneration as you said,
but the problem persist.

see the site:
https://www.shalevsoft.com

thank you,

Hi again,

I just checked your site, but I don’t get a 404 error.
My browser informs me of a timeout problem, and stops connection

Can you please double check with your hosting if there are service problems?

Disabling wishlist plugin, your site comes back to life?
Let me know

Hello,

I’ve moved the site to VPS and now it’s up and running again.
can you check it please?

i got this massage from the server log, if it helps:

Log entries:

[Sun Feb 14 12:58:51.444984 2016] [:error] [pid 32633] [client 31.154.158.133] ModSecurity: Access denied with redirection to https://www.shalevsoft.com/ using status 302 (phase 2). Pattern match “(?i:(?:,.*?[)\\\\da-f\\”‘][\\"'](?:[\\”‘].*?[\\"']|\\\\Z|[^\\”‘]+))|(?:\\\\Wselect.+\\\\W*?from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s*?\\\\(\\\\s*?space\\\\s*?\\\\())" at REQUEST_COOKIES:yith_wcwl_products. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf"] [line "82"] [id "981257"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22quantity\\x22:1,\\x22wishlist_id\\x22:false}] found within REQUEST_COOKIES:yith_wcwl_products: [{\\x22prod_id\\x22:\\x22341\\x22,\\x22quantity\\x22:1,\\x22wishlist_id\\x22:false}]"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: www.shalevsoft.com"] [tag "application-multi"] [tag "language-mutli"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.shalevsoft.com"] [uri "/"] [unique_id "VsBd68B0MQ0AAH95nBkAAAAA"] [Sun Feb 14 12:58:51.494751 2016] [:error] [pid 2019] [client 31.154.158.133] ModSecurity: Access denied with redirection to https://www.shalevsoft.com/ using status 302 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'][\\”‘](?:[\\"'].*?[\\”‘]|\\\\Z|[^\\"']+))|(?:\\\\Wselect.+\\\\W*?from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s*?\\\\(\\\\s*?space\\\\s*?\\\\())” at REQUEST_COOKIES:yith_wcwl_products. [file “/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf”] [line “82”] [id “981257”] [rev “2”] [msg “Detects MySQL comment-/space-obfuscated injections and backtick termination”] [data “Matched Data: ,\\x22quantity\\x22:1,\\x22wishlist_id\\x22:false}] found within REQUEST_COOKIES:yith_wcwl_products: [{\\x22prod_id\\x22:\\x22341\\x22,\\x22quantity\\x22:1,\\x22wishlist_id\\x22:false}]”] [severity “CRITICAL”] [ver “OWASP_CRS/3.0.0”] [maturity “9”] [accuracy “8”] [tag “Host: https://www.shalevsoft.com”%5D [tag “application-multi”] [tag “language-mutli”] [tag “platform-multi”] [tag “attack-sqli”] [tag “OWASP_CRS/WEB_ATTACK/SQL_INJECTION”] [hostname “www.shalevsoft.com”] [uri “/”] [unique_id “VsBd68B0MQ0AAAfj7SMAAAAR”] [Sun Feb 14 12:58:51.541395 2016] [:error] [pid 1988] [client 31.154.158.133] ModSecurity: Access denied with redirection to https://www.shalevsoft.com/ using status 302 (phase 2). Pattern match “(?i:(?:,.*?[)\\\\da-f\\”‘][\\"'](?:[\\”‘].*?[\\"']|\\\\Z|[^\\”‘]+))|(?:\\\\Wselect.+\\\\W*?from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s*?\\\\(\\\\s*?space\\\\s*?\\\\())" at REQUEST_COOKIES:yith_wcwl_products. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf"] [line "82"] [id "981257"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22quantity\\x22:1,\\x22wishlist_id\\x22:false}] found within REQUEST_COOKIES:yith_wcwl_products: [{\\x22prod_id\\x22:\\x22341\\x22,\\x22quantity\\x22:1,\\x22wishlist_id\\x22:false}]"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: www.shalevsoft.com"] [tag "application-multi"] [tag "language-mutli"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.shalevsoft.com"] [uri "/"] [unique_id "VsBd68B0MQ0AAAfEvccAAAAI"] [Sun Feb 14 12:58:51.586806 2016] [:error] [pid 982] [client 31.154.158.133] ModSecurity: Access denied with redirection to https://www.shalevsoft.com/ using status 302 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'][\\”‘](?:[\\"'].*?[\\”‘]|\\\\Z|[^\\"']+))|(?:\\\\Wselect.+\\\\W*?from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s*?\\\\(\\\\s*?space\\\\s*?\\\\())” at REQUEST_COOKIES:yith_wcwl_products. [file “/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf”] [line “82”] [id “981257”] [rev “2”] [msg “Detects MySQL comment-/space-obfuscated injections and backtick termination”] [data “Matched Data: ,\\x22quantity\\x22:1,\\x22wishlist_id\\x22:false}] found within REQUEST_COOKIES:yith_wcwl_products: [{\\x22prod_id\\x22:\\x22341\\x22,\\x22quantity\\x22:1,\\x22wishlist_id\\x22:false}]”] [severity “CRITICAL”] [ver “OWASP_CRS/3.0.0”] [maturity “9”] [accuracy “8”] [tag “Host: https://www.shalevsoft.com”%5D [tag “application-multi”] [tag “language-mutli”] [tag “platform-multi”] [tag “attack-sqli”] [tag “OWASP_CRS/WEB_ATTACK/SQL_INJECTION”] [hostname “www.shalevsoft.com”] [uri “/”] [unique_id “VsBd68B0MQ0AAAPWgkgAAAAD”] [Sun Feb 14 12:58:51.615974 2016] [:error] [pid 1985] [client 31.154.158.133] ModSecurity: Access denied with redirection to https://www.shalevsoft.com/ using status 302 (phase 2). Pattern match “(?i:(?:,.*?[)\\\\da-f\\”‘][\\"'](?:[\\”‘].*?[\\"']|\\\\Z|[^\\”‘`]+))|(?:\\\\Wselect.+\\\\W*?from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s*?\\\\(\\\\s*?space\\\\s*?\\\\())” at REQUEST_COOKIES:yith_wcwl_products. [file “/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-42-APPLICATION-ATTACK-SQLI.conf”] [line “82”] [id “981257”] [rev “2”] [msg “Detects MySQL comment-/space-obfuscated injections and backtick termination”] [data “Matched Data: ,\\x22quantity\\x22:1,\\x22wishlist_id\\x22:false}] found within REQUEST_COOKIES:yith_wcwl_products: [{\\x22prod_id\\x22:\\x22341\\x22,\\x22quantity\\x22:1,\\x22wishlist_id\\x22:false}]”] [severity “CRITICAL”] [ver “OWASP_CRS/3.0.0”] [maturity “9”] [accuracy “8”] [tag “Host: https://www.shalevsoft.com”%5D [tag “application-multi”] [tag “language-mutli”] [tag “platform-multi”] [tag “attack-sqli”] [tag “OWASP_CRS/WEB_ATTACK/SQL_INJECTION”] [hostname “www.shalevsoft.com”] [uri “/”] [unique_id “VsBd68B0MQ0AAAfBfqkAAAAF”]

Hi again,

I’m sorry, but I can’t access your site (infinite load time, terminated with a “Connection timed out” message)

Besides, server log is quite cryptct: it seems that an attack is detected and blocked, but the content shown is a quite normal json encoded string, with wishlist content

Can you please contact your hosting provider and ask more info about this message log?
Can you ask them why a cookie with this content

[{"prod_id":"341","quantity":1,"wishlist_id":false}]

is interpreted as a possible attack?

Thank you
Have a nice day

Hello,

I found this on my server (I have a virtual server that I manage):

The security that blocking your script is:
ModSecurity? Tools
The Rule of ModSecurity have an Information:
A vendor configuration file provides this rule. You cannot edit vendor rules. You can enable or disable this rule with the controls below.

this is the rule (and it can not be changed):
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* “(?i:(?:,.*?[)\da-f\”‘][\"'](?:[\”‘].*?[\"']|\Z|[^\”‘`]+))|(?:\Wselect.+\W*?from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s*?\(\s*?space\s*?\())” “phase:request, rev:’2′, ver:’OWASP_CRS/3.0.0′, maturity:’9′, accuracy:’8′, capture, t:none,t:urlDecodeUni, block, msg:’Detects MySQL comment-/space-obfuscated injections and backtick termination’, id:’981257′, tag:’application-multi’, tag:’language-mutli’, tag:’platform-multi’, tag:’attack-sqli’, tag:’OWASP_CRS/WEB_ATTACK/SQL_INJECTION’, logdata:’Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}’, severity:’CRITICAL’, setvar:’tx.msg=%{rule.msg}’, setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score}, setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, setvar:’tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/SQLI-%{matched_var_name}=%{tx.0}'”

so the only thing i see is attack on the SQL, do you request cookies from the server or from the client? do the request try to go directly to the DB? how many requests do your plugin have in a second?

i still think something is wrong at the code. sorry.

Hello again,

I found the rules to disabled:
981246
981245
and i disabled theme.
now the plugin works fine!

THANKS!!
I’m AWESOME!

Hi Ilan,

Glad to hear good news! ??
Hope you can enjoy our plugin

Marking this topic as resolved

Have a nice day