Forbidden Pop-Up Box
I manage a WordPress blog and over the last month or so, some of our Firefox users are reporting a forbidden error.
When they access the blog, a small rectangular pop-up box appears that says forbidden. Once they click on the OK inside the box, it disappears and they are then able to access the blog. It doesn't happen when I access the blog through my Firefox browser, but a handful of members are having this issue.
I've researched your help forums, but can’t seem to locate the issue. Can someone help? Thanks.
Krejt Përgjigjet (6)
Have you gotten any screenshots to see whether it is a JavaScript alert, a pop-up window, etc.?
Did those members mention using a saved/bookmarked URL that has any parameters you might not have tested?
You might also want to check for a possible server hack that is only triggered by certain kinds of accesses. For example, to fly under a webmaster's radar, pharma spam hacks may only inject into pages when a blog is accessed through a search engine results page (HTTP_REFERER populated with a known search engine domain) rather than through a bookmark or the address bar.
Thanks for your quick reply. I'll gather some more information from my members and report back.
I've attached a screenshot. It appears that everyone is performing a search rather than using a bookmark. The common theme among everyone is that they are using Firefox Browser.
Comments from those who are experiencing the problem: "I use Firefox, a quick click and the forbidden box goes away for maybe 5 mins .. or I may not see it reappear for a 1/2 hour."
"Yes, I use Firefox also, and as john stated, a click on the “o.k.” box makes it go away, it just seems weird that this “forbidden” message shows up as though I’m opening a can of plutonium or something."
"yes I am using Firefox and cleared the cache in the cookies and data sites and in the history. Will see how it goes tomorrow."
"Lately, within the past few weeks every time I access this blog, I receive a small rectangular pop-up which has the word “Forbidden” in it. Is this an issue with Firefox Browser?"
Thanks again!
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
Websites don't load - troubleshoot and fix error messages
http://kb.mozillazine.org/Error_loading_websites
Interesting. It seems to be a message generated by this WordPress plugin:
https://wordpress.org/plugins/cleantalk-spam-protect/
It sends a background POST request to https://theyflyblog.com/wp-admin/admin-ajax.php
The server responds with a 403 Forbidden code and a page with the heading "Access Denied - GoDaddy Website Firewall" (this part isn't displayed).
This triggers an alert().
Since the code is minified, it is very hard to follow why that request is even being sent. ??
Thank you, jscher2000. That explains it. I just added that spam plugin a couple months ago and right around the time it started happening.
I appreciate the insight. Now I know which haystack to look in.