Please have a look at your site code, I am getting a lot of logs that scripts are trying to execute malicious code. See the example below.
The script is /js/gritter/jquery.cookie.js
Access denied with code 406 (phase 2). Pattern match "(?:\\b(??:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?pyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(??:mo(?:use(?(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "1234123404"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"]
I am sorry that I missed this.Hi Chris,
My webhost is complaining about the script used by Gritter. I have disabled it for the time being. Could you please have a look?
Absolutely not. It isn't dissimilar from the default notices system.does this add on cause server cpu high load for high traffic websites?
Shelley... how about doing a custom Oreo Cookie notice?Keep up the great work Chris. I've just recently moved the XF default cookie guest notice from the default notices into your brilliant notifications.
That is expected behaviour because logging out clears all of your XenForo cookies including those set by Notifications.
How many people really log out?
I never use a public or shared PC so I never bother logging out. I thought most people would be the same. Of course if they're using multiple PCs then cookies only apply to the current PC anyway so if they use 3 machines they'll get continuously bothered about it anyway until they close it on each one.
There is one alternative.
Set the notification hide period to 0 (this just sets a cookie for the current session - so until the browser is restarted). But allow the Notification to be dismissible.
The idea of dismissing a notification is to permanently hide it. This is done at the database level so it will not be affected by logging off or moving to a different PC.
Each Notification has a "Reset Notification" button. This will reset the notification for anyone who has dismissed it. Meaning, it will come back until they dismiss it again.
Of course it requires some manual intervention from you every few days, but it may be more robust than relying on cookies.
The Time to hide notification option is purely cookie based so the Reset Notification button will have no effect.The option: Time to hide notification when close is clicked (days)
when it is set to x days the notification will be hidden as required But when setting it back to 0 days the notification will not come back even if Reset Notification Botton is hit, the only way to bring the notification back it to clear the browser cookies, is that a bug?
If it is set to 0 days then the notification should come back when the browser is closed and opened again. It sets a session cookie. You shouldn't need to clear the browser cookies.
We use essential cookies to make this site work, and optional cookies to enhance your experience.