Messages

1

SSL / Should I put bookmarks

« on: April 15, 2024, 04:29:38 PM »

Hi,

should I put bookmarks here: https://prnt.sc/QrVHBhlV7Uih ?

Thanks in advance!

BR
Venty

2

Information / what platform is used to manage the services "client area"

« on: April 15, 2024, 04:24:04 PM »

Hi,

what platform is used to manage the services "client area"  from CWP, for a friend I ask...

Thanks in advance!

BR
Venty

3

Mod_Security / Re: test mod security..???

« on: March 28, 2024, 09:32:14 AM »

Why does your URL show an appended SQL query?

Hi,

I don't know why there is such a request, I downloaded the logs, please see the answer below...

Thanks in advance!

BR
Venty

4

Mod_Security / Re: test mod security..???

« on: March 28, 2024, 09:28:42 AM »

What did the logs show?

You should receive a Forbidden if it blocks an attack like it should, and the log should reflect that.

Also Comodo released ruleset version 1.241 that fixes the WooCommerce bug.

Hi,

when I click the test mod security button in the access log:

91.238.255.4 - - [28/Mar/2024:11:07:05 +0200] "GET /index.php?SELECT%20*%20FROM%20mysql.users HTTP/1.0" 403 199


in the error log :

[Thu Mar 28 11:07:05.172107 2024] [:error] [pid 60252:tid 139766892787456] [client 91.238.255.4:54650] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgUzOSQ7YW9-nwQzwPEtQwAAANA"], referer: https://hosting.ven.com:2031/

Mail message:

Time: Thu Mar 28 11:15:49 2024 +0200
IP: 91.238.255.4 (BG/Bulgaria/4.bgports.bg)
Failures: 5 (mod_security)
Interval: 3600 seconds
Blocked: Permanent Block [LF_MODSEC]

Log entries:

[Thu Mar 28 11:07:05.172107 2024] [:error] [pid 60252:tid 139766892787456] [client 91.238.255.4:54650] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgUzOSQ7YW9-nwQzwPEtQwAAANA"], referer: https://hosting.ven.com:2031/
[Thu Mar 28 11:15:38.619353 2024] [:error] [pid 59712:tid 139766859216640] [client 91.238.255.4:54738] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgU1OnV9zH5PZsJbMuf24AAAAJQ"], referer: https://hosting.ven.com:2031/
[Thu Mar 28 11:15:43.853579 2024] [:error] [pid 60252:tid 139767018678016] [client 91.238.255.4:54740] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgU1PyQ7YW9-nwQzwPEtYgAAAME"], referer: https://hosting.ven.com:2031/
[Thu Mar 28 11:15:45.091700 2024] [:error] [pid 59712:tid 139766850823936] [client 91.238.255.4:54742] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgU1QXV9zH5PZsJbMuf24QAAAJU"], referer: https://hosting.ven.com:2031/
[Thu Mar 28 11:15:45.868421 2024] [:error] [pid 59712:tid 139766842431232] [client 91.238.255.4:54744] [client 91.238.255.4] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||43.105.247.29|F|2"] [data "Matched Data: SELECT * FROM mysql.users found within REQUEST_URI: /index.php?SELECT%20*%20FROM%20mysql.users"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "43.105.247.29"] [uri "/index.php"] [unique_id "ZgU1QXV9zH5PZsJbMuf24gAAAJY"], referer: https://hosting.ven.com:2031/

What do I do?
Thanks in advance!

BR
Venty

5

Mod_Security / test mod security..???

« on: March 27, 2024, 05:07:44 PM »

Hi,

when I click the test mod security button:  https://prnt.sc/UtFDAi3VYELK

, the result is this: https://prnt.sc/JgSZ1-UxDYNU


Where could the problem be?

Thanks in advance!

BR
Venty

6

Information / How many disks are physically installed on the server?

« on: February 13, 2024, 10:33:28 AM »

Hi,

Can I find out through the panel how many disks are physically installed on the server?

Thanks !

BR
Venty

7

CentOS-WebPanel GUI / the memory is constantly busy...

« on: January 31, 2024, 02:27:09 PM »

Hi,

please look: https://prnt.sc/SqGY9XII8l4X

... the memory is constantly busy, when I restart the server it goes down, but after a while the lines fill up again ...

What to do?

Thanks in advance!

BR
Venty

8

PHP / upgrade the version of ICU???

« on: January 31, 2024, 11:51:39 AM »

Hi,

how to upgrade the version of ICU, to a higher one - pls look: https://prnt.sc/F_9T_pt2l7rt ?
Is the ICU version tied to the PHP version or can either be added?

Thanks in advance!

BR
Venty

9

PHP / Re: to PHP Version 8.2.8 and started getting messages like....

« on: September 11, 2023, 09:23:39 AM »

lfd ..., but there are too many, over 100 in 24 hours ....

10

PHP / Re: to PHP Version 8.2.8 and started getting messages like....

« on: September 11, 2023, 05:21:00 AM »

Hi,

Hello, today I upgraded to PHP Version 8.2.8 and started getting messages like:

................................................
Executable: /opt/alt/php-fpm82/usr/sbin/php-fpm
Command Line: php-fpm: pool .....
PID...............


What's going on?

Thanks in advance!

BR
Venty

11

PHP / to PHP Version 8.2.8 and started getting messages like....

« on: September 07, 2023, 01:50:15 PM »

Hi,

Hello, today I upgraded to PHP Version 8.2.8 and started getting messages like:

................................................
Executable: /opt/alt/php-fpm82/usr/sbin/php-fpm
Command Line: php-fpm: pool .....
PID...............


What's going on?

Thanks in advance!

BR
Venty

12

CentOS 7 Problems / Re: is this a server ... please help ...

« on: August 25, 2023, 08:29:57 AM »

...
Then Ajax.
.....

please some guidance and/or direction for Ajax…

13

CentOS 7 Problems / Re: is this a server ... please help ...

« on: August 25, 2023, 07:10:09 AM »

thanks for the reply...

To be honest, I have no information, maybe they use Cpanel...

... but regardless I'm asking for help, I should happen to import this demo..., something to change on my server settings?

Thanks in advance!

14

CentOS 7 Problems / Re: is this a server ... please help ...

« on: August 25, 2023, 05:59:13 AM »

HI,

I'm sorry, but I don't understand...

The demo is developed by a vendor and I can hardly convince him to change anything….

Another question arises the same demo on other servers runs without problems...

What should I change to make it happen on my server too...

Thanks in advance!

BR
Venty

15

CentOS 7 Problems / is this a server ... please help ...

« on: August 24, 2023, 10:22:22 AM »

Hi,

Hello,

I want to upload a WordPress demo and people write that it was uploaded for a maximum of 10 minutes, but for me it runs for 50 minutes and gives me an error, I tried several times and it was not an error 500, 501, 503 and others...

In error logs it gives me some [Thu Aug 24 13:03:18.783980 2023] [core:error] [pid 1627:tid 140575420446464] [client 98.255.202.4:55879] Script timed out before returning headers: admin-ajax.php, referer: http://rd.eu/wp-admin/themes.php?page=rigid-optionsframework

is this a server ... please help ...

BR
Venty