Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - CtrlTR

Pages: [1]
1
Mod_Security / ModSecurity - Google Social Login Conflict
« on: December 24, 2021, 05:56:32 PM »
Hello Forum,
I'm encountering a modsecurity issue on one of my websites.
My website is built with wordpress and has premium themes and plugins. I am getting such error because of modsecurity in google social login link.

I've never had a problem with mod security before and I've always used Comodo WAF rules actively, now I don't know what to do. If anyone can explain it step by step in its simplest form I would be happy.
Can someone tell me exactly what I should do?
I don't want to turn off modsecurity.
Thanks in advance.


Code: [Select]
[Fri Dec 24 20:17:22.402321 2021] [:error] [pid 12737:tid 139702417987328] [client 88.250.77.19:50964] [client 88.250.77.19] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||piyons.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "piyons.com"] [uri "/"] [unique_id "YcYAoskwV5djLbZ8l9nztAAAAIs"], referer: https://accounts.google.com.tr/
[Fri Dec 24 18:27:28.756921 2021] [:error] [pid 12680:tid 139702392809216] [client 40.117.88.131:44626] [client 40.117.88.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/usr/local/apache/modsecurity-cwaf/rules/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "piyons.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "YcXm4C-jAcqDJzyFyCUNHQAAAE4"]
[Fri Dec 24 16:37:57.172353 2021] [:error] [pid 12681:tid 139702367631104] [client 209.159.152.105:38092] [client 209.159.152.105] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.159.152.105 (+1 hits since last alert)|piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcXNNccOeIH92OCKz2zvvAAAANE"]
[Fri Dec 24 16:37:51.759860 2021] [:error] [pid 13147:tid 139702556350208] [client 207.180.204.135:38046] [client 207.180.204.135] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "piyons.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "YcXNL9LcgVYD8uKXiJ0JSAAAAAM"]
[Fri Dec 24 15:23:47.907405 2021] [:error] [pid 13147:tid 139702325667584] [client 143.198.159.180:33752] [client 143.198.159.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 143.198.159.180 (+1 hits since last alert)|piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW709LcgVYD8uKXiJ3--gAAABY"]
[Fri Dec 24 15:23:47.138734 2021] [:error] [pid 13147:tid 139702376023808] [client 143.198.159.180:33748] [client 143.198.159.180] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW709LcgVYD8uKXiJ3--QAAABA"]
[Fri Dec 24 15:23:47.137496 2021] [:error] [pid 13147:tid 139702376023808] [client 143.198.159.180:33748] [client 143.198.159.180] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW709LcgVYD8uKXiJ3--QAAABA"]
[Fri Dec 24 15:23:44.876348 2021] [:error] [pid 12680:tid 139702417987328] [client 143.198.159.180:33728] [client 143.198.159.180] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW70C-jAcqDJzyFyCUKEwAAAEs"]
[Fri Dec 24 15:23:44.874794 2021] [:error] [pid 12680:tid 139702417987328] [client 143.198.159.180:33728] [client 143.198.159.180] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW70C-jAcqDJzyFyCUKEwAAAEs"]
[Fri Dec 24 15:23:44.061437 2021] [:error] [pid 13147:tid 139702384416512] [client 207.180.204.135:33696] [client 207.180.204.135] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW70NLcgVYD8uKXiJ3-9QAAAA8"]
[Fri Dec 24 15:23:44.056242 2021] [:error] [pid 13147:tid 139702384416512] [client 207.180.204.135:33696] [client 207.180.204.135] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcW70NLcgVYD8uKXiJ3-9QAAAA8"]
[Fri Dec 24 15:23:42.665104 2021] [:error] [pid 13147:tid 139702426380032] [client 207.180.204.135:33696] [client 207.180.204.135] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/apache/modsecurity-cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "piyons.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "YcW7ztLcgVYD8uKXiJ3-8wAAAAo"]
[Fri Dec 24 12:13:29.461312 2021] [:error] [pid 13147:tid 139702401201920] [client 88.250.77.19:50462] [client 88.250.77.19] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/usr/local/apache/modsecurity-cwaf/rules/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||piyons.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile openid https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "piyons.com"] [uri "/"] [unique_id "YcWPOdLcgVYD8uKXiJ3h6gAAAA0"], referer: https://piyons.com/
[Fri Dec 24 11:52:20.211321 2021] [:error] [pid 13147:tid 139702384416512] [client 147.182.224.190:49112] [client 147.182.224.190] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 147.182.224.190 (+1 hits since last alert)|piyons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKRNLcgVYD8uKXiJ3ehwAAAA8"]
[Fri Dec 24 11:52:19.361272 2021] [:error] [pid 12737:tid 139702350845696] [client 147.182.224.190:49108] [client 147.182.224.190] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQ8kwV5djLbZ8l9nMqwAAAJM"]
[Fri Dec 24 11:52:19.360003 2021] [:error] [pid 12737:tid 139702350845696] [client 147.182.224.190:49108] [client 147.182.224.190] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQ8kwV5djLbZ8l9nMqwAAAJM"]
[Fri Dec 24 11:52:16.970719 2021] [:error] [pid 13147:tid 139702443165440] [client 147.182.224.190:49092] [client 147.182.224.190] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQNLcgVYD8uKXiJ3eggAAAAg"]
[Fri Dec 24 11:52:16.968977 2021] [:error] [pid 13147:tid 139702443165440] [client 147.182.224.190:49092] [client 147.182.224.190] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQNLcgVYD8uKXiJ3eggAAAAg"]
[Fri Dec 24 11:52:16.086914 2021] [:error] [pid 13147:tid 139702468343552] [client 207.180.204.135:49074] [client 207.180.204.135] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||piyons.com|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQNLcgVYD8uKXiJ3egAAAAAU"]
[Fri Dec 24 11:52:16.083164 2021] [:error] [pid 13147:tid 139702468343552] [client 207.180.204.135:49074] [client 207.180.204.135] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "piyons.com"] [uri "/xmlrpc.php"] [unique_id "YcWKQNLcgVYD8uKXiJ3egAAAAAU"]

2
Installation / Re: Nameserver confused..
« on: October 17, 2021, 09:50:27 PM »
1) Before installing CWP, set a hostname and then install cwp. Example: hostname server.yourdomain.com

2) Add custom nameservers from the domain control panel.
ns1.yourdomain.com
ns2.yourdomain.com
Enter the main ip address that your service provider gave for vps in both of them.
Enter the cwp panel using the ip address. (youripadress:2031)

3) Add nameservers in cwp info section on cwp homepage
ns1.yourdomain.com
ns2.yourdomain.com

4) add a new user and assign yourdomain.com to that user.
Add a subdomain named server.yourdomain.com and make sure you have ssl certificates for all subdomains and maindomains.


After these processes, you should be able to access the cwp panel via server.yourdomain.com. You can build any website you want on yourdomain.com from the panel of the user you added.

Code: [Select]
https://www.youtube.com/watch?v=9BhBggfaFc0&list=PLYPFxrXyK0BwWoBSRogkIawVsHEklPkZs
ALSO you can watch this playlist and check where you went wrong.

3
CentOS 7 Problems / Re: Can't see big files and folder in filemanager
« on: October 17, 2021, 09:31:50 PM »
In cwp navigation, click user accounts then fix permissions - select user and select all 3 options hit fix and you'll see everything works perfectly

4
1) Before installing CWP, set a hostname and then install cwp. Example: hostname server.yourdomain.com

2) Add custom nameservers from the domain control panel.
ns1.yourdomain.com
ns2.yourdomain.com
Enter the main ip address that your service provider gave for vps in both of them.
Enter the cwp panel using the ip address. (youripadress:2031)

3) Add nameservers in cwp info section on cwp homepage
ns1.yourdomain.com
ns2.yourdomain.com

4) add a new user and assign yourdomain.com to that user.
Add a subdomain named server.yourdomain.com and make sure you have ssl certificates for all subdomains and maindomains.


After these processes, you should be able to access the cwp panel via server.yourdomain.com. You can build any website you want on yourdomain.com from the panel of the user you added.

Code: [Select]
https://www.youtube.com/watch?v=9BhBggfaFc0&list=PLYPFxrXyK0BwWoBSRogkIawVsHEklPkZs
ALSO you can watch this playlist and check where you went wrong.

Pages: [1]