Home › Forums › BulletProof Security Pro › Malformed syntax admin-ajax, possibly firewall issue
- This topic has 4 replies, 2 voices, and was last updated 6 years, 5 months ago by Tina Dubinsky.
-
AuthorPosts
-
Tina DubinskyParticipant
I have an addon domain with its own IP and SSL.
I’ve just migrated it from a non secure domain and a different host, but where it had all the same plugins with BPS Pro working fine.
When I migrated my process included deactivating and uninstalling BPS Pro.
Once the dedicated IP and SSL were set up, I did a fresh install of wordpress, added all the same plugins (except BPS Pro at this stage) and then took my saved SQL database (minus BPS Pro data) and installed it.
In SQL tables, i changed the http reference to https for the options.
Noticed some things (mostly images) weren’t showing as secure so began editing the code etc.
Installed BPS Pro and requested a new activation code. Set up BPS Pro and added custom code. I noticed after installing BPS that a couple of pages which had previously indicated they had some unsecure elements no longer stated this even though I hadn’t yet edited them.
I then went to edit another page and when clicking on the update button, received a 400 error as a pop-up above the button: /wp-admin/admin-ajax.php?action=proxy_atd&_wpnonce=1fe627c361&url=/checkDocument
I can still save the changes by clicking it a second time or third time. I noticed the grammar check function doesn’t happen. My first thought was it might be a Yoast SEO conflict, then a Redirection (plugin) conflict. I deactivated both of these plugins but the error continues to appear. Then perhaps a custom code .htaccess issue so I removed the code I had added for permanently changing http to https but the error continued.
In the security log this appears:
400 GET Bad Request: October 20, 2017 - 2:08 am] BPS Pro: 13.3.3 WP: 4.8.2 Event Code: The request could not be understood by the server due to malformed syntax. Solution: N/A - Malformed Request - Not an Attack REMOTE_ADDR: My IP Host Name: My host SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: https://tinadubinsky.com/wp-admin/post.php?post=9625&action=edit REQUEST_URI: /wp-admin/admin-ajax.php?action=proxy_atd&_wpnonce=fb0db4c4dc&url=/checkDocument QUERY_STRING: action=proxy_atd&_wpnonce=fb0db4c4dc&url=/checkDocument HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
I originally thought this might be a WordPress error, so I posted about this issue over at WordPress Support. The response I’ve received is that it’s probably a firewall issue, which is why I’m posting here about it and wondering if you might be able to help me shed some light on it.
website: tinadubinsky.com
I’ve just moved my website to a new host and server and updated to an SSL certificate.
I’m currently editing pages for non-secure items. (mostly images)
When I’m pressing the update button 50% of the time, I’m getting the following error message: /wp-admin/admin-ajax.php?action=proxy_atd&_wpnonce=1fe627c361&url=/checkDocument
Normally, when I press this after editing I would get the message about WordPress making suggestions. (That’s only happened once since I moved to SSL.)
Pressing the update button a second time generaly saves the page. If not, it does on the third attempt.
I’m just wondering how to fix the ajax error that I’m getting, so it works the first time around.
My host is using modsecurity. But I probably need to eliminate BPS as the problem firewall before asking them to look into modsecurity.
Cheers
Tina
AITpro AdminKeymasterWhen I google this part of the Query String – “action=proxy_atd” I found 2 search results that show this has to do with Jetpack > After the deadline module. My guess would be that you would need to resave your jetpack After the deadline module settings to update them after you have done a migration. Most likely the jetpack After the deadline module settings still have your old site settings saved and once you update the settings they will be current to your newly migrated site.
Tina DubinskyParticipantThanks, I’ve tried turning off and turning back on the settings that appear to be triggering it but it’s still happening (when turned off no error came up, but turning back on, it came back). So, I’ve now taken the issue to Jetpack support to see if we can sort out a solution. Thanks for your help, greatly appreciate it.
Tina DubinskyParticipantJust an update: Jetpack have confirmed that this is their spellcheck module. They believe BPS is blocking it from working. I attempted to write a skip rule for it without success. I’ll go back to working through the troubleshooting steps tomorrow.
Cheers
-Tina
[Added by AITpro Admin to keep all info one place]
https://wordpress.org/support/topic/malformed-syntax/#post-9604424Through further investigations (trial and error), I have discovered that when I turn the “proofreading” feature in Jetpack off the error goes away. Which is not really ideal as I’d like to use this feature.
______________________________________That call is indeed made by Jetpack’s spellchecker feature. If you use the most recent version of Jetpack it should work out of the box, but obviously something is blocking that call on your new site.
I ran a few extra tests on your site, and it seems that some of our requests are blocked by your security plugin, Bulletproof Security. Here is the response we get when we try to make XML-RPC requests and communicate with your site from some of our servers:
https://gist.github.com/jeherve/e64e3486ad3d940b49a9690f46e68cdfWhen we try to push data to your site, still via XML-RPC, the response still fails but is a bit different:
https://gist.github.com/jeherve/f6236065260e955d6243e730d239b9a0The
bpsMessage
container added around the message tells me that page is also outputted by Bulletproof Security.Could you try to play with your Bulletproof Security settings and see if you can find something to unblock those requests? That should help!
Tina DubinskyParticipantThanks for all your help in getting this sorted both here and over at the WordPress.org.
Much appreciated.
-Tina
-
AuthorPosts
- You must be logged in to reply to this topic.