Comments stopped working

I'm running a Network system at EverythingOuterBanks.com. I just noticed my comments were not working. When I try to post one (logged in or out) I get sent to my 403 page.
I tried everything, disabled all plugins, checked various themes, checked file permissions were 644 (and other settings) on wp-comments-post.php and it keeps showing 403 info on wp-comments-post.php.
Looked at things in my .htaccess but I am weak here. Temporarily overcame the issue on the main blog by using Facebook comments.
Will pay for support on this.

  • LubyG

    Hi Arun,
    Sorry for the delay in responding. I did not get an email notification for some reason that you had replied. Here is the contents of the .htaccess:

    RewriteEngine On
    RewriteBase /

    RewriteCond %{HTTP_COOKIE} !^.*e91074111fb59a14a6c9499eab499ebe.*$
    RewriteRule ^wp-comments-post.php - [F,L]

    #uploaded files
    RewriteRule ^(.*/)?files/$ index.php [L]
    RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
    RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]
    RewriteRule ^(.*/)?sitemap.xml wp-content/sitemap.php [L]

    # add a trailing slash to /wp-admin
    RewriteCond %{REQUEST_URI} ^.*/wp-admin$
    RewriteRule ^(.+)$ $1/ [R=301,L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule . - [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
    RewriteRule . index.php [L]

    <IfModule mod_security.c>
    <Files async-upload.php>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </Files>
    </IfModule>

    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    deny from 85.114.136.128/25

    ## EXPIRES CACHING ##
    <IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access 1 month"
    ExpiresByType image/jpeg "access 1 month"
    ExpiresByType image/gif "access 1 month"
    ExpiresByType image/png "access 1 month"
    ExpiresByType text/css "access 1 month"
    ExpiresByType application/pdf "access 1 month"
    ExpiresByType application/x-shockwave-flash "access 1 month"
    ExpiresByType image/x-icon "access 1 year"
    ExpiresDefault "access 2 days"
    </IfModule>
    ## EXPIRES CACHING ##

    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
    RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
    RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
    RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
    RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
    RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
    RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Zeus
    RewriteRule ^.* - [F,L]
    RewriteCond %{HTTP_HOST} ^everythingouterbanks.biz$ [OR]
    RewriteCond %{HTTP_HOST} ^www.everythingouterbanks.biz$
    RewriteRule ^/?$ "http\:\/\/everythingouterbanks\.com\/obxbusinessdirectory\.php" [R=301,L]
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://everythingouterbanks.biz/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://everythingouterbanks.biz$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://everythingouterbanks.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://everythingouterbanks.com$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.everythingouterbanks.biz/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.everythingouterbanks.biz$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.everythingouterbanks.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.everythingouterbanks.com$ [NC]
    RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

    deny from 80.243.191.178
    deny from 173.254.207.14
    deny from 203.192.128.0/18
    deny from 141.105.65.153
    deny from 142.22.16.53

  • LubyG

    PS I tried removing the line:
    RewriteCond %{HTTP_COOKIE} !^.*e91074111fb59a14a6c9499eab499ebe.*$
    RewriteRule ^wp-comments-post.php - [F,L]

    and of course that broke the comments too. I may have once had Cookies for Comments installed. This looks like a left over code. However, like I said, I'm no .htaccess guy.

    Guess I could remove the bullet proof .htaccess items too now that I use Cloudflare.

  • LubyG

    Hi Aaron,
    As I mentioned above. That does not work completely.

    Go to EverythingOuterBanks.com and leave a comment under the first or any post.

    For some reason it freezes at the wp-commentsp-post.php page and does not redirect back to the post showing the comment.

    The comment does get entered so we are half way there. Any further ideas?

    Line removed was:
    RewriteCond %{HTTP_COOKIE} !^.*e91074111fb59a14a6c9499eab499ebe.*$
    RewriteRule ^wp-comments-post.php - [F,L]

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.