Home / Forums / DynamiX Support / bot protection- click to unlock?

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts

  • daz smith
    Participant

    Hiya another problem (sigh) im hoping you can help me with. I use Fasthosts hosting in the UK – one of the largest.
    I now get a message on trying to load the two grid galleries (generated by the server) saying bot protection click to unlock.

    this is what i sent to my server people:

    we now have another problem in that we keep getting a “Bot protection, click to unlock” button appearing on both Portfolio/Feedback sections. This leads to an Ajax php page when clicked, with a 0 in the top left of the page and the page does not reload. I note you say that bot protection had been rolled out on some legacy servers so, assuming this is the case on this 88.208.252.232 server, please could you arrange to have bot protection removed? We cannot have clients being unable to get further than the ajax page.

    this is what they said:

    ——————————————-
    The bot protection on this server cannot be turned off for your website as it is applied to the entire server and not individual website’s on it.
    This protection is also in place on your test website’s and only occurs once per session. A bit more information on this in our document below.
    https://help.fasthosts.co.uk/app/answers/detail/a_id/2777/kw/bot%20protection
    The bot protection will only trigger when persons attempt to access specific areas of WordPress such as the xmlrpc.php or wp-admin.php.
    Thanks again for contacting Fasthosts.
    Best regards,
    ————————————————
    AND…
    ———————————————–
    The bot protection cannot be removed from this server. These are shared servers and this protection has been added to protect all of our customers website’s on this server.

    Bot protection protects specific core WordPress files that are targeted by hackers or malicious users. In this case your website is accessing the core file admin-ajax.php and so is generating the prompt.

    The reason you see a 0 on clicking bot protection is because the file is then loaded directly by the browser rather than as part of the website and this is the value it returns.

    You would need to either use another file (or file name) if you wanted to avoid the bot protection or set up a redirect to automatically display the home page again.

    Thanks again for contacting Fasthosts

    ———————————————————————————

    ANY Ideas on this?


    daz smith
    Participant

    Ok just spoke to the hosting company
    they bot protect certain wordpress files admin-ajax.php is one of them.

    when inspecting the code for the grid galley in this DVI container;

    <div class=”vc_grid-container vc_clearfix wpb_content_element vc_masonry_grid” data-initial-loading-animation=”zoomIn” data-vc-grid-settings=”{"page_id":3548,"style":"all-masonry","action":"vc_get_vc_grid_data","shortcode_id":"1469006680302-f3638c9a-5ba5-4","tag":"vc_masonry_grid"}” data-vc-request=”http://ebceducation.co.uk/wp-admin/admin-ajax.php” data-vc-post-id=”3548″ d…

    it references this bot protected file and hence the problems, any way around this?

    Hi @daz_smith

    I am afraid there is no way around that from our end/theme. It is pretty odd that they force that on each sites they host. Yes xmlrpc.php and admin-ajax.php are vulnerable targets for attacks but they can implement rules to block attempts to it or secure the 2 files instead of completely blocking requests for it.

    xmlrpc.php can be blocked without any issues specially if you do not use other editors to post content to your but on admin-ajax.php, that is pretty weird as not everyone of your visitors will understand such restrictions. You can implement the redirect they mentioned , or you can try to upgrade your account if they can disable the block if you choose another hosting plan.

    You can also try forcing them a bit more as they’ll probably give in. 🙂

    Regards,


    daz smith
    Participant
    This reply has been marked as private.

    Renaming the file will break your installation as a number of functions on the WP Dashboard rely on admin-ajax.php. Also, we do not support such change and you will need to coordinate with your hosting provider for that.

    Regards,


    daz smith
    Participant

    So you cant help in nay way with this matter then and I can no longer user your theme on Fasthost servers in the UK?
    You dont have any other ideas on this?

    i will have to coordinate this to the developer to check if there’s any easy way around this.

    Regards,


    daz smith
    Participant

    thankyou – my hosts (FASTHOSTS) are the largest in the UK, so this maybe a future/growing issue.

    daz

    We will update you once I receive an update from the developer.

    Regards,


    daz smith
    Participant

    did you get any response on this (below)?

    (You would need to either use another file (or file name) if you wanted to avoid the bot protection)

    Hi @daz_smith

    I have confirmed with the developer and he confirmed that there is too much work to be done to work around that bot protection they enabled. Also, there is too many Wordpres processes, plugins and themes that relies on admin-ajax.php, so it should be their ‘bot protection’ rules that should be adjusted and not the other way around.

    The bot protection is too much of a hassle that I can’t even login to your site as accessing http://ebceducation.co.uk/wp-admin and http://ebceducation.co.uk/wp-login.php shows the ‘bot protection’ button and clicking on it redirects me to http://ebceducation.co.uk/not_found

    If you are able to login, can you please check if Lazy Load is enabled on your grids? If they are, please disable it, clear you browser cache and recheck if the issue persists? If the issue still persists with Lazy Load disabled, I am afraid we can’t work around it anymore.

    Regards,


    daz smith
    Participant

    no lazy load isnt enabled its the ‘show all’ option im using in the grids.
    My hosts tell me the problem is within the WPBakery Visual Composer plugin.

    Hi @daz_smith

    That is the main issue there. WP Visual Composer and a whole of plugins and themes rely access to admin-ajax.php so it is unreasonable for a hosting company to limit/block access to admin-ajax.php. Of the many sites and hosting companies we have encountered, this is the first time we’ve seen this 🙂

    The best option you have is to force them to remove the bot protection or upgrade the account if it means they will be able to remove bot protection on the higher hosting plans they offer.

    Thanks!

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.