Being kicked out of my server when saving resources

Hi there,

I have been kicked out of my server when saving a resource. Turns out my IP address was blocked due to multiple CAPTCHA submissions (so the server company said).

All I was doing was saving a resource.

Then they sent these logs - can anyone make sense of these?

2025-02-25 14:56:00.720557 [INFO] [1359239] [T0] [XX.XXX.XXX.XXX:54810-H3:DBDA7DBB2AB7A8DE-728#APVH_sitename:443] Cookie len: 977, twk_idm_key=uBDMqQ3LPu9fTTa5qBjcL; poptin_user_id=0.t5awrozbod; cookieconsent_status=dismiss; _gcl_au=1.1.1479826419.1738779449; _swa_u=315b5a0d-f3e9-482b-8aed-129085f526b6; _ga=GA1.1.188166022.1738779449; _ga_0ML4LZ29V9=GS1.1.1739552690.8.1.1739553152.0.0.0; poptin_old_user=true; PHPSESSID=XXXXXXXXXX; mf_has_cookie=1; poptin_referrer=sitename/manager/?a=resource/update&id=6242&reload=67bdd1437f30a4.82885036&class_key=modDocument&context_key=web; poptin_referrer_protocol=secure; poptin_previous_url=sitename/manager/?a=resource/update&id=6242&reload=67bdd1437f30a4.82885036&class_key=modDocument&context_key=web; poptin_previous_url_protocol=secure; TawkConnectionTime=0; twk_uuid_591eecb276be7313d291d889=%7B%22uuid%22%3A%221.7xZlMB5ngySM5Iv9pBalyVJ8WFTO76MJHy1uuyOiKYLsk1Snnk0OFsTTg1rTnuCVNx61picNK3AHaIx8GrukBkPPqoVBqLsJzDzCQB0sdxURuqoxoAYRRSUg%22%2C%22version%22%3A3%2C%22domain%22%3A%22sitename%22%2C%22ts%22%3A1740495356060%7D

Does this make any sense to anyone?

It happened when I hit ‘save’ on the resource, and has happened a few times on this site. I have several other sites on the same server without a problem.

Wonder if Tawk.to is interfering when you’re viewing it logged in to MODX?

Yes I think it must be that - strange thing is that it hangs when I hit save on the resources in MODX - I can’t see why TALK.to can have any bearing on this?

Are you running into mod_security?

Also note that posting all your cookies like that would allow someone to take over your session and login to the manager. Make sure to wipe sessions.

Thanks Mark,

It’s Immunify which is kicking in on the server.
No idea if it’s mod-Security - how would i know?

Re cookies - I thought as I have hidden the site and IP address it couldn’t be traceable?

Immunify? Oh, I know all about that one. It is the new spinning wheel of death to me, if it gets agressive. Stops the WayBack Machine from also saving your site over time.

Drives me up the wall sometimes but with an Expression Engine powered site and not MODX. Different issues will happen with any CMS when trying to save a resource, create a post or do anything when that is happening. Basically what happens is that Immunify feels the site is being targeted and starts being agressive with you, the site’s administrator. It doesn’t care that you are legitimately logged in to any CMS. I can’t even finish a post or even logout because of that at times. Now Expression Engine and MODX work differently when this happens but the effect is the same: You can’t really do anything.

I have to completely close all windows that are connected to the server, even if logged in, and change IP addresses via VPN (maybe turning it off if it was on as a sure way to get around it temporarily) and then waiting a little and log in new (maybe use Private Browsing for MODX login). The reason I say that is that Expression Engine that I am using is programmed to logout within so much time of no activity (another irritating security measure) when MODX won’t and therefore you would still be logged in. I can’t say if that will effect Immunify’s response or not since I don’t have any MODX sites with Immunify on the server.

If you can’t shut it off or change its behaviour yourself or do anything about it (like yours truly), get used to it and find ways around it.