Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Forbidden Pop-Up Box

  • 6
  • 2
  • 28 views
  • Nzaghachi ikpeazụ nke mosaki2

more options

I manage a WordPress blog and over the last month or so, some of our Firefox users are reporting a forbidden error.

When they access the blog, a small rectangular pop-up box appears that says forbidden. Once they click on the OK inside the box, it disappears and they are then able to access the blog. It doesn't happen when I access the blog through my Firefox browser, but a handful of members are having this issue.

I've researched your help forums, but can’t seem to locate the issue. Can someone help? Thanks.

I manage a WordPress blog and over the last month or so, some of our Firefox users are reporting a forbidden error. When they access the blog, a small rectangular pop-up box appears that says forbidden. Once they click on the OK inside the box, it disappears and they are then able to access the blog. It doesn't happen when I access the blog through my Firefox browser, but a handful of members are having this issue. I've researched your help forums, but can’t seem to locate the issue. Can someone help? Thanks.

All Replies (6)

more options

Have you gotten any screenshots to see whether it is a JavaScript alert, a pop-up window, etc.?

Did those members mention using a saved/bookmarked URL that has any parameters you might not have tested?

You might also want to check for a possible server hack that is only triggered by certain kinds of accesses. For example, to fly under a webmaster's radar, pharma spam hacks may only inject into pages when a blog is accessed through a search engine results page (HTTP_REFERER populated with a known search engine domain) rather than through a bookmark or the address bar.

more options

Thanks for your quick reply. I'll gather some more information from my members and report back.

more options

I've attached a screenshot. It appears that everyone is performing a search rather than using a bookmark. The common theme among everyone is that they are using Firefox Browser.

Comments from those who are experiencing the problem: "I use Firefox, a quick click and the forbidden box goes away for maybe 5 mins .. or I may not see it reappear for a 1/2 hour."

"Yes, I use Firefox also, and as john stated, a click on the “o.k.” box makes it go away, it just seems weird that this “forbidden” message shows up as though I’m opening a can of plutonium or something."

"yes I am using Firefox and cleared the cache in the cookies and data sites and in the history. Will see how it goes tomorrow."

"Lately, within the past few weeks every time I access this blog, I receive a small rectangular pop-up which has the word “Forbidden” in it. Is this an issue with Firefox Browser?"

Thanks again!

more options

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

Websites don't load - troubleshoot and fix error messages

http://kb.mozillazine.org/Error_loading_websites

What do the security warning codes mean

more options

Interesting. It seems to be a message generated by this WordPress plugin:

https://wordpress.org/plugins/cleantalk-spam-protect/

It sends a background POST request to https://theyflyblog.com/wp-admin/admin-ajax.php

The server responds with a 403 Forbidden code and a page with the heading "Access Denied - GoDaddy Website Firewall" (this part isn't displayed).

This triggers an alert().

Since the code is minified, it is very hard to follow why that request is even being sent. ??

more options

Thank you, jscher2000. That explains it. I just added that spam plugin a couple months ago and right around the time it started happening.

I appreciate the insight. Now I know which haystack to look in.