[URGENT] - Cloudflare Challenge Blocking Joomla Extension Update Servers – HTTP 403 - Question | JoomShaper

[URGENT] - Cloudflare Challenge Blocking Joomla Extension Update Servers – HTTP 403

A

APD

SP Page Builder 19 hours ago

Hello JoomShaper Support,

I am experiencing an issue with the Joomla extension update checker on our production website.

When I go to:

System → Update → Extensions → Check for Updates

Joomla displays the following errors:

Update: Could not open update site #213 “SP Simple Portfolio Module” Update: Could not open update site #216 “Helix Ultimate Framework” Update: Could not open update site #219 “shaper_helixultimate” Update: Could not open update site #221 “SP Simple Portfolio” Update: Could not open update site #222 “SP Easy Image Gallery” Update: Could not open update site #225 “SP Page Builder”

I rebuilt the Joomla Update Sites list, but the same problem continued.

I then tested the update endpoint directly from the VPS: curl -I https://www.joomshaper.com/updates/com-sp-page-builder-pro-next.xml

the server receives:

HTTP/2 403 content-type: text/html; charset=UTF-8 cf-mitigated: challenge server: cloudflare cf-ray: a1ac62620c876dd6-DFW

The response body is a Cloudflare page with the title:

Just a moment...

the same HTTP 403 response occurs when accessing the JoomShaper homepage and the Helix Ultimate update XML endpoint directly from the server.

This indicates that Cloudflare is presenting a browser challenge to requests coming from our VPS. Joomla’s server-side update checker cannot execute JavaScript or complete this challenge, so it cannot retrieve the XML update files.

Example affected endpoint:

https://www.joomshaper.com/updates/com-sp-page-builder-pro-next.xml

Could you please review the Cloudflare security event associated with this Ray ID and verify whether our server IP or hosting network is being challenged or blocked?

Please also consider excluding the /updates/ XML endpoints from browser-based Cloudflare challenges, since Joomla and other automated extension update clients cannot complete them.

This issue prevents Joomla from detecting available maintenance and security updates for SP Page Builder, Helix Ultimate, and other JoomShaper extensions.

Thank you for your assistance.

Best regards, Leandro Lourenzo

P.S. Could this Cloudflare challenge also explain why our Joomla installation did not receive or detect the SP Page Builder update that was required to prevent the recent security incident on our website?

Our site was compromised before we became aware that SP Page Builder needed to be updated. We understand that updating alone does not remove malware already present, but we would like to know whether the blocked update endpoints may have prevented Joomla from notifying us that the security update was available.

0
1 Answers
Atick Eashrak Shuvo
Atick Eashrak Shuvo
Accepted Answer
Support Agent 10 hours ago #228746

Hi Leandro,

Thank you for your detailed report, and we sincerely apologize for the inconvenience.

The issue you're experiencing is related to an ongoing DDoS attack targeting JoomShaper.com. To keep our services available, we have temporarily enabled stricter Cloudflare security protections, including rate limiting and browser challenge rules. These measures help distinguish legitimate browser traffic from malicious automated requests, but unfortunately they can also affect automated clients such as Joomla's extension update checker, which cannot complete the Cloudflare JavaScript challenge.

As a result, requests to the update XML endpoints may receive a Cloudflare challenge instead of the expected XML file, causing Joomla to report that it cannot access the update sites.

Please rest assured that this is a temporary measure. We are continuously monitoring the situation, and once the attack subsides, we will relax these restrictions so the update endpoints can be accessed normally again.

We completely understand how frustrating this is, especially given the recent security update. Unfortunately, these protective measures are necessary to mitigate the ongoing attack and ensure our infrastructure remains available. While we regret the impact on extension update checks, the situation is outside of our direct control as it is being caused by malicious third-party activity.

We sincerely appreciate your patience and understanding, and we're very sorry for the inconvenience caused.

0