ModSecurity: Access denied with code 403

  • Modsecurity is blocking me every time I update a product in my wordpress. The WP and plugins version are up to date. I suspect that the database is hacked? Please see the error log below

    [client 213.230.72.158] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o …” at ARGS_NAMES:object_type. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf”] [line “17”] [id “211540”] [rev “12”] [msg “COMODO WAF: Blind SQL Injection Attack||megavolt.uz|F|2”] [data “Matched Data: object_type found within ARGS_NAMES:object_type: object_type”] [severity “CRITICAL”] [tag “CWAF”] [tag “SQLi”] [hostname “megavolt.uz”] [uri “/wp-json/yoast/v1/link_suggestions”] [unique_id “XzGPC2onj7PufP2aGSX2ngAAAAM”], referer: https://megavolt.uz/wp-admin/post.php?post=2240&action=edit

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Getting mod_security to work with WordPress is not a pleasant process. this is probably a mod_security config thing, and not a hack attempt.

    Thread Starter bakhti

    (@bakhti)

    Thanks for the quick response.

    What’s interesting, I’ve been running the website without any problem for about 2 months, no problem had occurred until yesterday. Furthermore, I didn’t install any new plugin recently. And the hosting company didn’t change anything related to modsecurity. Do you know why this problem started occurring yesterday?

    What do you think about yoast wp-json link suggestion? could this also be the reason?

    Thanks

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    I have no idea. You might ask the Yoast folks about it.

    Thread Starter bakhti

    (@bakhti)

    Ok thanks

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Please don’t flag this topic for moderator review, @bakhti There’s no security issue related to the post.

    Thread Starter bakhti

    (@bakhti)

    I hope so. Disabled the modsecurity as you advised. Thanks

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘ModSecurity: Access denied with code 403’ is closed to new replies.