I use K2 on a number of sites but only have this problem on one site.

If I try to Save and Close a K2 item, I always get the follow error:

"An error has occurred 403. You are not allowed to view this resource."

If I Save the page and then Cancel it, it generally works OK.

However sometimes (possibly if the cache is activated on the site) I will sometimes get a blank page after clicking the Save button.

Also, after a period of time using K2 (and it only ever happens with K2) I will get locked out of the site and receive the following message:

"An appropriate representation of the requested resource could not be found on this server."

There is no consistency in what triggers this. Yesterday, for example, I I merely unpublishing some extra fields.

I then have to contact my hosting company so that they can unblock me.

According to my host:

"this looks like the brute force protection rules within the web application firewall blocked your requests"

Having checked, they find that the site is make "5 POST requests in 14 seconds". And later, "5 POST requests in 13 seconds" and so on.

Having read through many, many posts on the issue, I don't believe it is because of other modules or components on the site.

And the web host assures me:

"This isn't a mod_security issue. CPGuard thinks when you click on the K2 plugin, that you are submitting some sort of brute force attack - too many requests in a short space of time, so it blocks your IP."

Joomla is up-to-date and everything else is up-to-date (with the exception of Simple Image Gallery Pro (3.6.3).

This doesn't just happen on on particular event, it seems to happen on any number of actions within the K2 interface. The res of Joomla work just fine.

I really need to get this resolved.

I am in discussion with my web host and they are in discussion with the developers of cpguard but there is clearly something wrong and would really appreciate some help here.

Thanks

Andrew

Thanks for your reply.

It's a host I've been using for many years and many of my clients are also using them - all with no issues.

It's only this one website and only the K2 element of the website.

Other than 'moving to a proper web host' do you have any other suggestions?

Thanks

They host 20+ Joomla sites for me, including other sites that use K2.

This is the only one that has issues.

Hi,

Since i am having the same issue with another host (hetzner) i wanted to ask:
1. If you manage to find what was causing this or a workaround?
2. Do you happen to use MightySites (by alterbrains) on the affected website?

Thank you

@Fotis Our host blocks the IP after 5 K2 items publish (or unpublish) calls. Only happens with K2, I've tested with articles, modules, and plugins.

I asked about MightySites because it is an uncommon package to use and it is performing some "login" actions after every request.

For example when I press the publish button the network tab on firefox shows the following:

First K2 POSTs to /administrator/index.php which performs the publish action and then 303 redirects to a GET -> /administrator/index.php?option=com_k2&view=items

Then MightySites tries to login on the second site by doing something like:

GET 'www.second-site.com/administrator/index.php?xxxxxxxxxx=1&mighty_login[]=yyyyyyyyyy&nonce=zzzzzzzzzz'

My first thought was ok mod_security sees the POST + the 'mighty_login' string so it blocks the "offending" ip after a few "attempts".

But the same actions happen when we publish/unpublish a joomla article or a module/plugin and the user does not get blocked even after 10 or more actions.