Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - venty

Pages: [1] 2 3 ... 23
1
Mod_Security / Re: test mod security..???
« on: March 28, 2024, 09:32:14 AM »
Why does your URL show an appended SQL query?

Hi,

I don't know why there is such a request, I downloaded the logs, please see the answer below...

Thanks in advance!

BR
Venty

2
Mod_Security / Re: test mod security..???
« on: March 28, 2024, 09:28:42 AM »
What did the logs show?

You should receive a Forbidden if it blocks an attack like it should, and the log should reflect that.

Also Comodo released ruleset version 1.241 that fixes the WooCommerce bug.

Hi,

when I click the test mod security button in the access log:

91.238.255.4 - - [28/Mar/2024:11:07:05 +0200] "GET /index.php?SELECT%20*%20FROM%20mysql.users HTTP/1.0" 403 199


in the error log :

[Thu Mar 28 11:07:05.172107 2024] [:error] [pid 60252:tid 139766892787456] [client 91.238.255.4:54650] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgUzOSQ7YW9-nwQzwPEtQwAAANA"], referer: https://hosting.ven.com:2031/

Mail message:

Time: Thu Mar 28 11:15:49 2024 +0200
IP: 91.238.255.4 (BG/Bulgaria/4.bgports.bg)
Failures: 5 (mod_security)
Interval: 3600 seconds
Blocked: Permanent Block [LF_MODSEC]

Log entries:

[Thu Mar 28 11:07:05.172107 2024] [:error] [pid 60252:tid 139766892787456] [client 91.238.255.4:54650] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgUzOSQ7YW9-nwQzwPEtQwAAANA"], referer: https://hosting.ven.com:2031/
[Thu Mar 28 11:15:38.619353 2024] [:error] [pid 59712:tid 139766859216640] [client 91.238.255.4:54738] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgU1OnV9zH5PZsJbMuf24AAAAJQ"], referer: https://hosting.ven.com:2031/
[Thu Mar 28 11:15:43.853579 2024] [:error] [pid 60252:tid 139767018678016] [client 91.238.255.4:54740] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgU1PyQ7YW9-nwQzwPEtYgAAAME"], referer: https://hosting.ven.com:2031/
[Thu Mar 28 11:15:45.091700 2024] [:error] [pid 59712:tid 139766850823936] [client 91.238.255.4:54742] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgU1QXV9zH5PZsJbMuf24QAAAJU"], referer: https://hosting.ven.com:2031/
[Thu Mar 28 11:15:45.868421 2024] [:error] [pid 59712:tid 139766842431232] [client 91.238.255.4:54744] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgU1QXV9zH5PZsJbMuf24gAAAJY"], referer: https://hosting.ven.com:2031/

What do I do?
Thanks in advance!

BR
Venty



3
Mod_Security / test mod security..???
« on: March 27, 2024, 05:07:44 PM »
Hi,

when I click the test mod security button:  https://prnt.sc/UtFDAi3VYELK

, the result is this: https://prnt.sc/JgSZ1-UxDYNU


Where could the problem be?

Thanks in advance!

BR
Venty

4
Information / How many disks are physically installed on the server?
« on: February 13, 2024, 10:33:28 AM »
Hi,

Can I find out through the panel how many disks are physically installed on the server?

Thanks !

BR
Venty

5
CentOS-WebPanel GUI / the memory is constantly busy...
« on: January 31, 2024, 02:27:09 PM »
Hi,

please look: https://prnt.sc/SqGY9XII8l4X

... the memory is constantly busy, when I restart the server it goes down, but after a while the lines fill up again ...

What to do?

Thanks in advance!

BR
Venty

6
PHP / upgrade the version of ICU???
« on: January 31, 2024, 11:51:39 AM »
Hi,

how to upgrade the version of ICU, to a higher one - pls look: https://prnt.sc/F_9T_pt2l7rt ?
Is the ICU version tied to the PHP version or can either be added?

Thanks in advance!

BR
Venty

7
PHP / Re: to PHP Version 8.2.8 and started getting messages like....
« on: September 11, 2023, 09:23:39 AM »
lfd ..., but there are too many, over 100 in 24 hours ....



8
PHP / Re: to PHP Version 8.2.8 and started getting messages like....
« on: September 11, 2023, 05:21:00 AM »
Hi,

Hello, today I upgraded to PHP Version 8.2.8 and started getting messages like:

................................................
Executable: /opt/alt/php-fpm82/usr/sbin/php-fpm
Command Line: php-fpm: pool .....
PID...............


What's going on?

Thanks in advance!

BR
Venty
???

9
PHP / to PHP Version 8.2.8 and started getting messages like....
« on: September 07, 2023, 01:50:15 PM »
Hi,

Hello, today I upgraded to PHP Version 8.2.8 and started getting messages like:

................................................
Executable: /opt/alt/php-fpm82/usr/sbin/php-fpm
Command Line: php-fpm: pool .....
PID...............


What's going on?

Thanks in advance!

BR
Venty

10
CentOS 7 Problems / Re: is this a server ... please help ...
« on: August 25, 2023, 08:29:57 AM »
...
Then Ajax.
.....

please some guidance and/or direction for Ajax…

11
CentOS 7 Problems / Re: is this a server ... please help ...
« on: August 25, 2023, 07:10:09 AM »
thanks for the reply...

To be honest, I have no information, maybe they use Cpanel...

... but regardless I'm asking for help, I should happen to import this demo..., something to change on my server settings?

Thanks in advance!

12
CentOS 7 Problems / Re: is this a server ... please help ...
« on: August 25, 2023, 05:59:13 AM »
HI,

I'm sorry, but I don't understand...

The demo is developed by a vendor and I can hardly convince him to change anything….

Another question arises the same demo on other servers runs without problems...

What should I change to make it happen on my server too...

Thanks in advance!

BR
Venty

13
CentOS 7 Problems / is this a server ... please help ...
« on: August 24, 2023, 10:22:22 AM »
Hi,

Hello,

I want to upload a WordPress demo and people write that it was uploaded for a maximum of 10 minutes, but for me it runs for 50 minutes and gives me an error, I tried several times and it was not an error 500, 501, 503 and others...

In error logs it gives me some [Thu Aug 24 13:03:18.783980 2023] [core:error] [pid 1627:tid 140575420446464] [client 98.255.202.4:55879] Script timed out before returning headers: admin-ajax.php, referer: http://rd.eu/wp-admin/themes.php?page=rigid-optionsframework

is this a server ... please help ...

BR
Venty

14
CentOS 7 Problems / import from can’t reach following url...
« on: July 23, 2023, 11:46:31 AM »
Hi,
I have a server installed and managed by CWP, I use PHP 8.1.20...

I have WordPress installed and a theme for which I need to run the demo... but it doesn't work, it keeps giving me a timeout..

I received the following response from the author of the theme:

"The only reason we can think of is that the server where you are running the import from can’t reach following url: https://ХХ.wp.com . It is needed because it downloads all images used in the demo from there.

This could lead the script to timeout and we are forcing it to try again up to 10 times before failing at the end.

This is the only reason we can think of. So if above suggestion doesn’t work, the only other way is to use hosting service."


Please help, what to do or which settings to change...

Thanks in advance!

15
Hi,
I have a server installed and managed by CWP, I use PHP 8.1.20...

I have WordPress installed and a theme for which I need to run the demo... but it doesn't work, it keeps giving me a timeout..

I received the following response from the author of the theme:

"The only reason we can think of is that the server where you are running the import from can’t reach following url: https://ХХ.wp.com . It is needed because it downloads all images used in the demo from there.

This could lead the script to timeout and we are forcing it to try again up to 10 times before failing at the end.

This is the only reason we can think of. So if above suggestion doesn’t work, the only other way is to use hosting service."


Please help, what to do or which settings to change...

Thanks in advance!

BR
Venty

Pages: [1] 2 3 ... 23