worpressy

Hi @qtwrk

Yeah, tested again and still happens.

Hi @qtwrk

This is what it shows via browser:

array(6) {
  ["headers"]=>
  object(Requests_Utility_CaseInsensitiveDictionary)#1212 (1) {
    ["data":protected]=>
    array(7) {
      ["content-type"]=>
      string(16) "application/json"
      ["etag"]=>
      string(22) ""960210-1646268284;;;""
      ["x-litespeed-cache"]=>
      string(3) "hit"
      ["content-length"]=>
      string(4) "1719"
      ["date"]=>
      string(29) "Thu, 03 Mar 2022 00:45:38 GMT"
      ["server"]=>
      string(9) "LiteSpeed"
      ["alt-svc"]=>
      string(170) "quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000"
    }
  }
  ["body"]=>
  string(1719) "["101.53.133.36","102.129.254.77","102.221.36.98","102.221.36.99","103.152.118.219","103.152.118.72","103.164.203.163","103.199.16.151","103.236.150.198","103.28.90.190","104.225.142.116","104.244.77.37","109.248.43.212","124.150.139.239","135.148.120.32","135.148.148.230","137.220.36.137","139.162.89.149","139.59.21.152","141.164.38.65","146.59.17.163","146.88.239.197","147.135.115.64","149.28.11.90","152.228.171.66","154.16.57.184","156.67.209.151","16.170.121.215","163.182.174.161","163.47.20.24","163.47.21.168","164.52.202.100","165.227.116.222","172.104.44.18","178.17.171.177","18.192.146.200","181.215.183.135","185.116.60.231","185.116.60.232","185.126.236.167","185.126.237.129","185.205.187.233","185.228.26.40","185.53.57.40","185.53.57.89","192.99.38.117","193.203.202.215","194.36.144.221","195.231.17.141","199.59.247.242","2.58.28.32","200.58.127.145","204.10.163.237","207.246.71.239","209.208.26.218","213.159.1.75","213.183.51.224","213.184.87.75","216.250.96.181","27.131.75.40","27.131.75.41","3.109.250.83","31.131.4.244","31.22.115.186","31.220.111.172","34.247.229.180","37.120.131.40","37.143.128.237","38.129.107.18","41.185.29.210","41.223.53.163","43.231.0.46","45.124.65.86","45.132.244.92","45.248.77.61","45.32.210.159","45.56.77.123","45.76.17.119","45.9.249.220","46.250.220.133","49.12.102.29","5.134.119.103","5.134.119.194","5.188.183.13","51.81.186.219","51.81.33.156","54.162.162.165","54.36.103.97","64.225.34.246","64.227.16.93","65.108.105.194","65.21.81.50","65.21.81.51","74.3.163.74","79.172.239.249","81.31.156.246","83.229.71.151","86.105.14.231","86.105.14.232","91.201.67.57","91.228.7.67","91.239.234.48","92.38.139.226","93.95.227.66","94.26.84.39","94.75.232.90"]"
  ["response"]=>
  array(2) {
    ["code"]=>
    int(200)
    ["message"]=>
    string(2) "OK"
  }
  ["cookies"]=>
  array(0) {
  }
  ["filename"]=>
  NULL
  ["http_response"]=>
  object(WP_HTTP_Requests_Response)#1208 (5) {
    ["response":protected]=>
    object(Requests_Response)#1209 (10) {
      ["body"]=>
      string(1719) "["101.53.133.36","102.129.254.77","102.221.36.98","102.221.36.99","103.152.118.219","103.152.118.72","103.164.203.163","103.199.16.151","103.236.150.198","103.28.90.190","104.225.142.116","104.244.77.37","109.248.43.212","124.150.139.239","135.148.120.32","135.148.148.230","137.220.36.137","139.162.89.149","139.59.21.152","141.164.38.65","146.59.17.163","146.88.239.197","147.135.115.64","149.28.11.90","152.228.171.66","154.16.57.184","156.67.209.151","16.170.121.215","163.182.174.161","163.47.20.24","163.47.21.168","164.52.202.100","165.227.116.222","172.104.44.18","178.17.171.177","18.192.146.200","181.215.183.135","185.116.60.231","185.116.60.232","185.126.236.167","185.126.237.129","185.205.187.233","185.228.26.40","185.53.57.40","185.53.57.89","192.99.38.117","193.203.202.215","194.36.144.221","195.231.17.141","199.59.247.242","2.58.28.32","200.58.127.145","204.10.163.237","207.246.71.239","209.208.26.218","213.159.1.75","213.183.51.224","213.184.87.75","216.250.96.181","27.131.75.40","27.131.75.41","3.109.250.83","31.131.4.244","31.22.115.186","31.220.111.172","34.247.229.180","37.120.131.40","37.143.128.237","38.129.107.18","41.185.29.210","41.223.53.163","43.231.0.46","45.124.65.86","45.132.244.92","45.248.77.61","45.32.210.159","45.56.77.123","45.76.17.119","45.9.249.220","46.250.220.133","49.12.102.29","5.134.119.103","5.134.119.194","5.188.183.13","51.81.186.219","51.81.33.156","54.162.162.165","54.36.103.97","64.225.34.246","64.227.16.93","65.108.105.194","65.21.81.50","65.21.81.51","74.3.163.74","79.172.239.249","81.31.156.246","83.229.71.151","86.105.14.231","86.105.14.232","91.201.67.57","91.228.7.67","91.239.234.48","92.38.139.226","93.95.227.66","94.26.84.39","94.75.232.90"]"
      ["raw"]=>
      string(2102) "HTTP/1.1 200 OK
Connection: close
Content-Type: application/json
Etag: "960210-1646268284;;;"
X-LiteSpeed-Cache: hit
Content-Length: 1719
Date: Thu, 03 Mar 2022 00:45:38 GMT
Server: LiteSpeed
Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

["101.53.133.36","102.129.254.77","102.221.36.98","102.221.36.99","103.152.118.219","103.152.118.72","103.164.203.163","103.199.16.151","103.236.150.198","103.28.90.190","104.225.142.116","104.244.77.37","109.248.43.212","124.150.139.239","135.148.120.32","135.148.148.230","137.220.36.137","139.162.89.149","139.59.21.152","141.164.38.65","146.59.17.163","146.88.239.197","147.135.115.64","149.28.11.90","152.228.171.66","154.16.57.184","156.67.209.151","16.170.121.215","163.182.174.161","163.47.20.24","163.47.21.168","164.52.202.100","165.227.116.222","172.104.44.18","178.17.171.177","18.192.146.200","181.215.183.135","185.116.60.231","185.116.60.232","185.126.236.167","185.126.237.129","185.205.187.233","185.228.26.40","185.53.57.40","185.53.57.89","192.99.38.117","193.203.202.215","194.36.144.221","195.231.17.141","199.59.247.242","2.58.28.32","200.58.127.145","204.10.163.237","207.246.71.239","209.208.26.218","213.159.1.75","213.183.51.224","213.184.87.75","216.250.96.181","27.131.75.40","27.131.75.41","3.109.250.83","31.131.4.244","31.22.115.186","31.220.111.172","34.247.229.180","37.120.131.40","37.143.128.237","38.129.107.18","41.185.29.210","41.223.53.163","43.231.0.46","45.124.65.86","45.132.244.92","45.248.77.61","45.32.210.159","45.56.77.123","45.76.17.119","45.9.249.220","46.250.220.133","49.12.102.29","5.134.119.103","5.134.119.194","5.188.183.13","51.81.186.219","51.81.33.156","54.162.162.165","54.36.103.97","64.225.34.246","64.227.16.93","65.108.105.194","65.21.81.50","65.21.81.51","74.3.163.74","79.172.239.249","81.31.156.246","83.229.71.151","86.105.14.231","86.105.14.232","91.201.67.57","91.228.7.67","91.239.234.48","92.38.139.226","93.95.227.66","94.26.84.39","94.75.232.90"]"
      ["headers"]=>
      object(Requests_Response_Headers)#1210 (1) {
        ["data":protected]=>
        array(7) {
          ["content-type"]=>
          array(1) {
            [0]=>
            string(16) "application/json"
          }
          ["etag"]=>
          array(1) {
            [0]=>
            string(22) ""960210-1646268284;;;""
          }
          ["x-litespeed-cache"]=>
          array(1) {
            [0]=>
            string(3) "hit"
          }
          ["content-length"]=>
          array(1) {
            [0]=>
            string(4) "1719"
          }
          ["date"]=>
          array(1) {
            [0]=>
            string(29) "Thu, 03 Mar 2022 00:45:38 GMT"
          }
          ["server"]=>
          array(1) {
            [0]=>
            string(9) "LiteSpeed"
          }
          ["alt-svc"]=>
          array(1) {
            [0]=>
            string(170) "quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000"
          }
        }
      }
      ["status_code"]=>
      int(200)
      ["protocol_version"]=>
      float(1.1)
      ["success"]=>
      bool(true)
      ["redirects"]=>
      int(0)
      ["url"]=>
      string(27) "https://quic.cloud/ips?json"
      ["history"]=>
      array(0) {
      }
      ["cookies"]=>
      object(Requests_Cookie_Jar)#1207 (1) {
        ["cookies":protected]=>
        array(0) {
        }
      }
    }
    ["filename":protected]=>
    NULL
    ["data"]=>
    NULL
    ["headers"]=>
    NULL
    ["status"]=>
    NULL
  }
}

Hi @qtwrk,

That it what we originally thought was taken place and after 2 days it was still the same. Even when creating new content.

The only thing that works is disabling the plugin LiteSpeed Cache.

Best regards

Hi @qtwrk,

We went ahead and disabled JS defer, cleared all caches and database, executed a full cache purge on Cloudflare and executed a new crawl by Bing.

The /data:text/javascript;base64 is still getting appended to the URL, triggering a WAF rule and blocking Bing from crawling.

This is the actual info getting appended to the URL:

/data:text/javascript;base64,kgfkc2j5z29vz2xlpxdpbmrvdy5hzhniewdvb2dszxx8w10plnb1c2goe30p

What is really strange is that we are not seeing this /data:text/javascript;base64 on the page source HTML.

We also monitored the blocking live to make sure we were not seeing a cached version of the site.

Report number: DDDVDCGP

Best regards,

Hi @qtwrk

We have been busy trying to figure this thing out and the more we look the worst it gets.

I will be opening a separate support request for another problem we are having, but regarding this particular issue this is where we are.

You were right, turning object cache off did not resolve the issue.

So we cloned the site exactly as the original but with one major difference, we ran the site on Apache instead of using a Litespeed server (version 6.0.10) and the problem was resolved.

It looks like this is a PHP error we are going to have to live with while using a Litespeed server.

Best regards`

Hi @qtwrk

We have tried your suggestions but to no resolution.

One of the biggest problem is that we don’t know how it gets triggered, so it’s hard to test when you don’t know the reason.

The second problem is that it takes hours for the PHP error to show up, so when we try something we have to wait several hours to see if what we did actually worked.

On retracing back about when this started taking place we found out that it was right after we installed LSMCD (LiteSpeed MemCacheD), maybe it has something to do with it, maybe not, we are just taking a wild guess here.

Best regards,

Hi @qtwrk

Thank you so much for the explaining this, it really help us where and what to look for.

Best regards,

Hi @qtwrk

Thanks for the explanation. No we don’t have any security plugins.

By the way, can you explain what does optimizer.cls.php actualy do so I have a better understanding?

Thanks

Hi @qtwrk

I have made a request to the client as I need authorization from them to create what you have suggested, but in the meantime I was wondering the following….

in every single case the error has this path:

/wp-content/plugins/litespeed-cache/src/optimizer.cls.php

We have in our .htaccess file the following rule and I was wondering if it could be that this is the root of the issue:

RewriteCond %{REQUEST_URI} !^/wp-content/plugins/litespeed-cache/guest\.vary\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ – [R=404,L]

Just taking a wild guess.

Best regards.

Hi @qtwrk

Created the PHP file, saw the blank page and yes a test.js.tmp was created as you said.

Best regards,

Hi @qtwrk

Actually we tried a few things on our end to see if there was a way to triggered but could we not find it. The errors just show up at random.

Here is another sample:

2021-10-28 20:41:24.169112 [NOTICE] [25016] [T0] PHP Warning: unlink public_html/wp-content/litespeed/css/104cde2c74cc27668bb8d95b585f9327.css.tmp): No such file or directory in public_html/wp-content/plugins/litespeed-cache/src/optimizer.cls.php on line 121

Best regards,

Hi @qtwrk

Thank you so much!

it works.

Cheers!

Report number
LRASWRUM

Hi @qtwrk

Thanks for the link. I will create a ticket there.

Hi @qtwrk

Not with regular memcached.

Currently regular memcached has been disabled and not installed, only LiteSpeed Memcached (LSMCD) is enabled.