Account Registration Error Code: Cookie = humans_21909=1

A customer in Nigeria tried to register as affiliate on our e-commerce website ( https://www.hetogrowshop.com/affiliate ) but encountered an error message: <script>document.cookie = "humans_21909=1"; document.location.reload(true)</script>.

He contacted us about the problem with detailed video screen recording and pictures.

TheRegion/State field was disabled so the customer couldn’t see the pick list

I thought it was the cookie notification which he hadn’t accepted.But that wasn’t the problem because he tried using another phone but had thesame issue.

The Region/State field was disabled so he couldn’t see the picklist. I tried it here in the UK and it was ok. I sent messages to friends andfamily to test the page and they all had the same problem - failed to work on phonenetwork but okay on home broadband/laptop; both in Nigeria and South Africa. Thistest was done to isolate network, hardware and software problems like browser cacheand cookies, IP address or firewall and proxy issues, etc. vs. ModSecurity – a webapplication firewall that can actively look for attacks to the system and stopmalicious activity. But, sometimes these server level codes can be triggered when legitimate work is being done, to effectively block or limit website access.This can happen when hosting companies do systems checks/updates. The solutionfor this is called whitelisting, which basically is granting specific accessby IP address or URL.

An indication of this problem is sudden inability to log into yourDash Board especially if it is IP restricted. Don’t just update your IP, run asit-wide check to ensure your customers don’t have difficulties transacting on yourwebsite. I had this problem last week but I just fixed it for my self notrealising it had wider implication.

No coding updates had been done on the website recently. Moreover,the affiliate registration form had been working perfectly. I did cursory checkon the website to isolate malware/scripting issues. All looked okay.

I did a detailed search on the internet and found that many websites built on different Apps have had this problem including  WordPress, OpenCart, Magento, etc.

 Apparently so many others out there have s had this problem. The most common root causes are

1. Hosting company's security settings suddenly changed
2. Hosting service provider blocked file names and urlsthat contain words like checkout, registration or contact.
3. New protection on the server. May require disabling Mod_Security if it's enabled onthe server and restarting Apache.
4. Rename the register.php file to something like register2.php, registernew, registration.php, etc . The keyword "register" might be reserved hence causing the error.
5. Can be caused by an extension that makes all pages have SEO friendly url
   

I felt that changing the register file name wouldnecessitate changing all occurrences and references in other files. This couldcomplicate the problem. I didn’t think it was a smart fix. Besides, if it hadbeen working okay as evidenced my new registration emails up to now, and giventhat there had been no script editing recently, the web files didn’t need to bealtered.

I contacted the hosting company and theyimmediately denied culpability and asked me to contact my web developer. I toldthem I am the web developer and there's been no problem with the website. After over10 hours of denials and arguments, they said:

“ just to set your expectation, while we are the hostingprovider, there's a thin borderline of what we can support as Tech Support andbeing a web developer. As a tech specialist, we assist in making sure that ourserver works fine and can load your website. Design, scripting, web developingon the other hand must be handled by the website owner or their webdeveloper. If its working at your end and another country is not, then it seemsthat the issue is with the coding on the scripts on the affiliate page .”

I noted that if the issue is with coding,customers wouldn't have been able to register up till recently. Moreover that argumentfails given the fact that the website works perfectly in some countries and on somegadgets; but not others. It always worked in all countries on all gadgets. Surelythe problem must have been caused by server related setting / recent update.

Finally, after about 10 hours and 4 different Tech Supportspecialists, they agreed that it wasn’t a scripting issue. They didsomething on the server and the problem was resolved.

 
If you’ve had a similar problem with accountregister, checkout or contact, there are 2 things you can do. If like me you didn’tdo any file modifications recently, focus on option 1:

1. Check with hosting company regarding server mod_securityand other settings or recent updates.
2. In your Controller folder, change the name ofthe file/function that returns the error, e.g ‘register.php’ to ‘new-reg.php’. But be very careful with this. Make backups first before modifying files. Make a note of all changes with detailed references so you can easily find and undo them if necessary.