Recent Posts

Pages: [1] 2 3 ... 10
1
there will be always rules updates to get things more secure so you simply need to learn how to whitelist rules.
3
CentOS-WebPanel GUI / DKIM/SPF For Hostname
« Last post by ejsolutions on Today at 05:28:05 PM »
Try as I might, I can find no means of setting up proper email authentication for the hostname. The GUI displays irrelevant domains, including nameservers but no entry for the hostname itself.

Surprising that others haven't come across this.
4
Mod_Security / Re: mod_security 403 forbidden
« Last post by kandalf on Today at 02:42:15 PM »
The rule 211290 if breaking many websites, how to stop it?
5
Softaculous / Unauthorised web access
« Last post by Solsku on Today at 01:59:48 PM »
When I try to access Softaculous via admin panel, I get the following error: "Unauthorised web access". This is happening on a two different servers, both running CWPpro version 0.9.8.836.

I also get the same error when trying to access Softaculous via user panel.

Any ideas what might be causing this? I remember receiving an update notice from Softaculous last friday to version 5.2.3.
6
That's all good and well, however on an already functioning system that was happily singing along, this shouldn't have happened in the first place.
7
Mod_Security / Re: mod_security 403 forbidden
« Last post by internetuser on Today at 09:09:29 AM »
issue fixed ,i went through the error logs, collected the errors by id , added them to each & every account, for now that seems to be working.
9
Mod_Security / Error 403 on Opencart
« Last post by zondar on Today at 07:30:51 AM »
Hello.
Who can faced a problem on Opencart. When I try to save changes in the settings of the modules or template, I get an error:

Forbidden
You don't have permission to access /admin/index.php on this server.


Fix Permissions does not help.
The files have 644 permissions, and 755 on folders.

It only helps to disable ModSecurity for the domain.
I use Comodo WAF

The last entry in the domain.com.error.log file:
Code: [Select]
[Sun Jun 23 15:44:57.234813 2019] [:error] [pid 29001:tid 139648344995584] [client 109.198.206.170:49082]
[client 109.198.206.170]
ModSecurity: Access denied with code 403 (phase 2).
Pattern match "(?:'\\\\xbf?\\\\x22|\\\\x22\\\\xbf?'|^\\\\+?$)" at ARGS_POST:banner_image[1][0][link]. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"]
[line "199"]
[id "211290"] [rev "3"]
[msg "COMODO WAF: XSS and SQLi vulnerability||domain.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
[hostname "domain.com"] [uri "/admin/index.php"] [unique_id "XQ90ScHhCrL7AehvkFkUHgAAANA"], referer:
https://domain.com/admin/index.php?route=design/banner/edit&user_token=7FUNhvhi3k17PeRhIFApSmj07xtIQX8V&banner_id=8

Is it possible to fix this somehow without resorting to disabling ModSecurity?
Thank you in advance.
**********************************************
Здравствуйте.
Может кто сталкивался с проблемой на Opencart. При попытки сохранить изменения в настройках модулей или шаблона получаю ошибку:

Forbidden
You don't have permission to access /admin/index.php on this server.


Fix Permissions не помогает.
На файлах выставлены права 644, а на папках 755.

Помогает только отключение ModSecurity для домена.
Использую Comodo WAF
Можно-ли это как то исправить не прибегая к отключению  ModSecurity?
Заранее спасибо.

10
with mod security you will always need to whitelist some rules per domain so you simply need to learn how to do that!

ModSecurity rules can't be for everyone as each website is different (using different plugins, mods, themes) that is the reason why per domain whitelisting exists.

The best rules are the one OWASP has as they are much more strict and for each website requires detailed testing and more than several rules to be whitelisted...but they provide the best security as they block much more things.

In short, if you want higher and better security you should use more advanced and more complicated rules.
Whitelisting is so simple and requires less than a minute to check and whitelist some rules.

Example procedure
- check error logs for a domain having an issue: tail -n 100 /usr/local/apache/domlogs/DOMAIN.error.log
- go to mod_security: click on "Edit rules" of some domain and simply click on "Add ID Rule"

Pages: [1] 2 3 ... 10