Erroraccess Denied: Possible Csrf Attack

Hey guys,

I have been in the process of setting up more product for my website. I have had no such errors previously.

When updating some pictures for the "option combination" tab, it takes me back to my dashboard and has this message in red "ErrorAccess denied: Possible CSRF attack"

Anyone know this came up all of a sudden, and how to get rid of it?

Thanks

We've seen this ... if you have a VPS or dedicated server you should check the value of max_post_size & max_input_vars.

Increase both of them until you no longer see that error.

If you do not have access to this setting ... look for.. or create a php.ini file and adjust there.

The values will look like:

upload_max_filesize = 10M

post_max_size = 10M

max_input_vars = 10000;

Thank you for your reply, that was the problem. all fixed now.

I am not on VPS or dedicated server, but I encountered similar error when adding options. This happens when I am trying to add more than 70 product options. Is there any maximum product options?

I am not on VPS or dedicated server, but I encountered similar error when adding options. This happens when I am trying to add more than 70 product options. Is there any maximum product options?

See the FDGWEB reply,

The more products/options/features you have on a page the bigger values should be.

I suppose if you update values accordingly to FDGWEB suggestion everything should work.

Glad we could help. :)

I've made everything as suggested but its still doesn work. Whn one clicks login to account via popup - results ends with CRSF erroR message

			max_input_vars
		
			10000
	
			post_max_size
		
			20M
	
			upload_max_filesize
		
			16M
	

PLEASE HELP!!!!!

I've made everything as suggested but its still doesn work. Whn one clicks login to account via popup - results ends with CRSF erroR message

max_input_vars 10000 post_max_size 20M upload_max_filesize 16M

PLEASE HELP!!!!!

Speak to your host they can fix it

Speak to your host they can fix it

what they can fix ? i manage server myself and made all values as suggested, is doesn't helped at all

your call

Have you verfied that after setting those values that they are in fact being set? If you make them too big, there are compiled limits in PHP that will reject the request for increase. Using 20M is probably overkill.

yes, all set. actually to me all this requirements make no sense at all as i just have problem only when

i click - my account - login, and when entered login/password i get this error!

login/password entered Karl! not 10000 vars or post body > 10M just simple login form, so problem is not there

When i click on link Login and enter login password - i see error

access Denied: Possible Csrf Attack

but normal web login form works ok

whats wrong ?

started to happen after last upgrade, using UniTheme

This notice appears if security_hash parameter is missing in the POST request. In most cases it happens if server truncates the request. The above solutions shoul help to resolve the problem. In some cases you may also need to increase the value of the pcre.backtrack_limit PHP directive.

If this does not help, please contact us via Help desk and provide access to your server so that we could examine the issue.

When i click on link Login and enter login password - i see error

access Denied: Possible Csrf Attack

but normal web login form works ok

whats wrong ?

started to happen after last upgrade, using UniTheme

you are right security_hash is not sent, have no idea why. sent support questiosn to all - cs-cart and uniTheme dont know whos bug is it

I see this on occasion with clients who let their browsers auto-fill their logins. I.e. the return_url is either invalid or is not valid for that account. I always suggest that they simply strip any admin login down to the example.com/admin.php (adjusted for your site). I generally have NOT seen it when someone tries to access an admin page but their session has expired which then causes the redirect to login with the return_url being the page they were on.

Hope that helps.

ErrorAccess denied: Possible CSRF attack

Hi how to fix this... when I do key-in logistic database for Shipping method > shipping time and rates > show rates for rate area > weight dependencies :

I key-in to many line by line from 0kg to 30kg when I save all lost. page bring me to main Dashboard and

ErrorAccess denied: Possible CSRF attack <<< this notification come out ...

I see this on occasion with clients who let their browsers auto-fill their logins. I.e. the return_url is either invalid or is not valid for that account. I always suggest that they simply strip any admin login down to the example.com/admin.php (adjusted for your site). I generally have NOT seen it when someone tries to access an admin page but their session has expired which then causes the redirect to login with the return_url being the page they were on.

Hope that helps.

Our customers complained about CSRF attack error when login.

I can reproduce this error on https sites when login is made with popup (My account->Sign in) when "Remember me" option is offered and checked.

Procedure is this:

- sign in as customer with popup login on https site, check "Remember me" box
- save your password with username
- sign out
- clear cookies and sessions in browser

- sign in as customer with popup login and use browser saved username and password

The result is an error: Access denied. Possible CSRF attack. I reproduced this in latest Chrome, Edge and Firefox browser.

csrf-attack.png

Does anyone have a solution to this?

Thank you!

ErrorAccess denied: Possible CSRF attack

i have the same issue, I edited the php.ini as following

allow_url_fopen = Off
allow_url_include = Off
display_errors = Off
enable_dl = Off
file_uploads = On
max_execution_time = 30
max_input_time = 60
max_input_vars = 10000
memory_limit = 512M
post_max_size = 10M
session.gc_maxlifetime = 1440
session.save_path = "/var/cpanel/php/sessions/ea-php73"
upload_max_filesize = 10M
zlib.output_compression = Off
but still i have the same error
I'm on a VPS 6 Cores and 16 GB RAM from Contabo
what should i do?? please advice
thank you