Tagged: x
-
AuthorPosts
-
October 16, 2016 at 10:01 pm #1218837
kawadataroParticipantNot sure why but it happened twice today. Asked my hosting and their reply was …
Your web scripts contains XSS vulnerability which is causing your IP blocked by firewall for security reasons. We have unblocked the IP for you, you should be able to access now.
To avoid similar blocking, you may need to fix the security hole in your web script by upgrading all scripts to latest version and remove all security vulnerable plugins and theme.Anyway to fix this?
October 16, 2016 at 10:01 pm #1218838
kawadataroParticipantThis reply has been marked as private.October 16, 2016 at 11:44 pm #1218905
Paul RModeratorHi,
Would you mind providing us with login credentials so we can take a closer look? To do this, you can make a post with the following info:
– Link to your site
– WordPress Admin username / password
– FTP credentialsDon’t forget to select Set as private reply. This ensures your information is only visible to our staff.
October 17, 2016 at 12:05 am #1218917
kawadataroParticipantThis reply has been marked as private.October 17, 2016 at 12:17 am #1218922
Paul RModeratorHi,
Upon checking, I can see all theme and plugins are up to date.
I check the plugins and all are listed to be compatible with xtheme.
Can you try to contact your host again and let them specify which plugin or script is causing the issue.
Thanks
October 17, 2016 at 1:24 am #1218979
kawadataroParticipantThis reply has been marked as private.October 17, 2016 at 2:52 am #1219039
RadModeratorHi there,
Your hosting’s security detected XSS attack. It usually is done through @import, iframe, backgrounds, and any resources that load on a site. And the attack usually happens when an attacker supplies different URL as the gateway for them. According to that log, it detected the CSS’s @import which usually comes with the theme. The problem with that is they can’t really tell if it’s an attack or a valid request. The theme supplies those URLs and not by attackers, another example is google fonts, they use and recommend @import when linking fonts.
The solution for this is to verify if those requests are really an attack or just a false positive. If they are valid, then they should allow it, if not, then they should point out which URLs are doing that attack.
Thanks!
October 17, 2016 at 2:59 am #1219048
kawadataroParticipantThis reply has been marked as private.October 17, 2016 at 3:34 am #1219083
RadModeratorHi there,
Managed is better than shared, still, it’s not related to the security the hosting has. You should contact the hosting provider to solve all security issues. It can’t be controlled by WordPress, hence its theme and plugins too.
Thanks!
October 17, 2016 at 4:16 am #1219114
kawadataroParticipantUgh… yeahhost is not responding to my requests well. Anyway, is it possible if i develop the site locally ie, xampp, then upload it to the live site?
October 17, 2016 at 5:56 am #1219199
Paul RModeratorHi,
Yes that’s possible.
Just note that you need to follow our migration guidelines for your site to work correctly after transfer.
https://community.theme.co/kb/cornerstone-migration/
Thanks
-
AuthorPosts
- <script> jQuery(function($){ $("#no-reply-1218837 .bbp-template-notice, .bbp-no-topic .bbp-template-notice").removeClass('bbp-template-notice'); }); </script>
