Author Topic: Wordpress admin problem  (Read 4027 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Wordpress admin problem
« on: June 25, 2015, 05:11:24 PM »
Hi all, very good webpanel and stable up 20 days, 19:53, 1 user, load average: 0.00, 0.00, 0.00 but i have an issue..

I installed mod_security, Contents of File: /usr/local/apache/conf/mod_sec_disabled_rules.conf are:


SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
## Rules for the CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
########################################
## Removed Rules for Joomla, WordPress and Drupal CMSs ## ########################################
## Joomla ##
SecRuleRemoveById 950120
SecRuleRemoveById 950901
SecRuleRemoveById 960024
SecRuleRemoveById 973300
SecRuleRemoveById 973304
SecRuleRemoveById 973333
SecRuleRemoveById 973338
SecRuleRemoveById 981173
SecRuleRemoveById 981245
SecRuleRemoveById 981257
## Wordpress ##
SecRuleRemoveById 958030
SecRuleRemoveById 959073
SecRuleRemoveById 981242
SecRuleRemoveById 981243
SecRuleRemoveById 981246
## Drupal ##
SecRuleRemoveById 981231
## Removed rules for the webftp_simple ##
SecRuleRemoveById 950109
SecRuleRemoveById 950922
SecRuleRemoveById 981000
## phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901



After i create an vhost and install wordpress all is working just fine, i can upload files, delete files, upload/install/delete themes/plugins i can say is 99% ok, but i have one single issue when i try to edit themes from wp-admin/theme-editor.php points to an 403 forbidden error

Forbidden

You don't have permission to access /wp-admin/theme-editor.php on this server.


every time before i make an wordpress install ... and after i upload worpress files to public_html i chown -R myuser:myuser /home/myuser/public_html  and works fine also i have 755 perm on folders and 644 on files i tryed to modify perm for theme-editor.php with 666, 755, 777 and nothing... i can't solve this error, please anyone tryed to edit themes from wp-admin and worked ?
Any ideea ?

edit: my logs from mod_security


Code: [Select]
[Thu Jun 25 21:09:14 2015] [error] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:newcontent. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "mywebsite.com"] [uri "/wp-admin/theme-editor.php"] [unique_id "VYxDyn8AAAIAAAqKBpgAAAAD"]
« Last Edit: June 25, 2015, 06:23:27 PM by skintekx »

Offline
*
Re: Wordpress admin problem
« Reply #1 on: June 25, 2015, 06:30:55 PM »
solved add new rule:

SecRuleRemoveById 959151

Re: Wordpress admin problem
« Reply #2 on: June 26, 2015, 09:00:51 AM »
Better switch to Comodo WAF.

Offline
*
Re: Wordpress admin problem
« Reply #3 on: September 06, 2015, 05:24:21 PM »
Thanks skintekx!  I run into issues with my Wordpress WP-ADMIN access.  Had an error 'Forbidden' 403'.   I was trying to figure for hours and eventually found the culprit in the Mod Security  mod_sec_disabled_rules.conf.   I added these lines and restart the server.
SecRuleRemoveById 981242
SecRuleRemoveById 981246
SecRuleRemoveById 981243
SecRuleRemoveById 959073
SecRuleRemoveById 958030
SecRuleRemoveById 970003
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981317
SecRuleRemoveById 973344
SecRuleRemoveById 981256
SecRuleRemoveById 973301
SecRuleRemoveById 981241
SecRuleRemoveById 973347
SecRuleRemoveById 981248
SecRuleRemoveById 970015
SecRuleRemoveById 950001
SecRuleRemoveById 973335
SecRuleRemoveById 973334
SecRuleRemoveById 973332
SecRuleRemoveById 981318
SecRuleRemoveById 981249
SecRuleRemoveById 981244
SecRuleRemoveById 960035
SecRuleRemoveById 960008
SecRuleRemoveById 960915
SecRuleRemoveById 950907
SecRuleRemoveById 950000
SecRuleRemoveById 981001
SecRuleRemoveById 950103
SecRuleRemoveById 960006
SecRuleRemoveById 958057
SecRuleRemoveById 959072
SecRuleRemoveById 981277
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById 958056
SecRuleRemoveById 950108
SecRuleRemoveById 958056
SecRuleRemoveById 958057
SecRuleRemoveById 959070
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 960010
SecRuleRemoveById 960020
SecRuleRemoveById 981319

solved add new rule:

SecRuleRemoveById 959151
------
http://CyFocus.net - Domain, Hosting, Ecommerce, SEO