Recent Posts
61
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« Last post by Starburst on November 16, 2024, 02:32:44 PM »The problem looks like a WordPress plugin called Burst Statistics.
Disable that plugin, and see if the error goes away.
Programmers sometime use malicious code in valid programs, which can give 'false positives'.
If the error goes away, maybe check out MonsterInsights instead.
Only other option would be to disable the rule being triggered - 22_SQL_SQLi.conf
But I never recommend doing that, because it could leave the system open to attack.
Disable that plugin, and see if the error goes away.
Programmers sometime use malicious code in valid programs, which can give 'false positives'.
If the error goes away, maybe check out MonsterInsights instead.
Only other option would be to disable the rule being triggered - 22_SQL_SQLi.conf
But I never recommend doing that, because it could leave the system open to attack.
62
CentOS 7 Problems / Re: Problems with webmail
« Last post by cyberspace on November 16, 2024, 11:56:06 AM »I'm having a problem on my server where webmail is becoming inaccessible from time to time.
What error message does your browser show when the problem appears ?
63
Installation / Re: PDO_dblib
« Last post by Dennis54 on November 16, 2024, 06:53:12 AM »Thank you for sharing this information..
https://jcpenneykiosk.fyi
https://jcpenneykiosk.fyi
64
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« Last post by zeejdeej on November 16, 2024, 03:11:50 AM »[Sat Nov 16 04:08:49.493070 2024] [:error] [pid 1333365:tid 1333386] [client 182.183.59.223:63036] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?
?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:21|||ep=https://fizascollection.co.uk/|||rf=(none)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "fizascollection.co.uk"] [uri "/favicon.ico"] [unique_id "ZzgMwaSdHEb44HSsRSRFyAAAAEA"], referer: https://fizascollection.co.uk/
[Sat Nov 16 04:08:48.967452 2024] [:error] [pid 1333365:tid 1333390] [client 182.183.59.223:63036] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(??:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:21|||ep=https://fizascollection.co.uk/|||rf=(none)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "fizascollection.co.uk"] [uri "/"] [unique_id "ZzgMwKSdHEb44HSsRSRFxwAAAEI"]
?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:21|||ep=https://fizascollection.co.uk/|||rf=(none)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "fizascollection.co.uk"] [uri "/favicon.ico"] [unique_id "ZzgMwaSdHEb44HSsRSRFyAAAAEA"], referer: https://fizascollection.co.uk/[Sat Nov 16 04:08:48.967452 2024] [:error] [pid 1333365:tid 1333390] [client 182.183.59.223:63036] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?
?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:21|||ep=https://fizascollection.co.uk/|||rf=(none)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "fizascollection.co.uk"] [uri "/"] [unique_id "ZzgMwKSdHEb44HSsRSRFxwAAAEI"]65
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« Last post by zeejdeej on November 16, 2024, 02:55:06 AM »The Comodo fix was for WooCommerce.
What Rule does WAF show is being triggered by WordPress.
Haven't seen any conflict with Comodo and WordPress on AL8 or AL9.
i am using AlmaLinux 9 with comodo waf rules that you shared i.e. Installed version: 1.241
its blocking all wordpress websites , only main page is opened and if i click on any other link or page on site it blocks, see below logs if you can figure out whats wrong
[Sat Nov 16 03:50:54.257704 2024] [:error] [pid 1330522:tid 1330564] [client 182.183.59.223:64832] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/wp-content/plugins/burst-statistics/endpoint.php"] [unique_id "ZzgIjkgvZjUGsoby_ov1fQAAAIQ"], referer: https://karimsonline.com/[Sat Nov 16 03:50:54.020822 2024] [:error] [pid 1330522:tid 1330563] [client 182.183.59.223:64832] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/"] [unique_id "ZzgIjkgvZjUGsoby_ov1fAAAAIM"], referer: https://karimsonline.com/[Sat Nov 16 03:50:52.725801 2024] [:error] [pid 1330522:tid 1330562] [client 182.183.59.223:64832] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/"] [unique_id "ZzgIjEgvZjUGsoby_ov1ewAAAII"], referer: https://karimsonline.com/[Sat Nov 16 03:50:46.468741 2024] [:error] [pid 1330502:tid 1330505] [client 182.183.59.223:64830] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/blog/"] [unique_id "ZzgIhpCaZKKW28uOR-L7sQAAAAA"][Sat Nov 16 03:48:36.874131 2024] [:error] [pid 1330019:tid 1330074] [client 182.183.59.223:64816] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/wp-content/plugins/burst-statistics/endpoint.php"] [unique_id "ZzgIBLel4_HzjjsBKm1tKwAAAIo"], referer: https://karimsonline.com/[Sat Nov 16 03:48:36.672057 2024] [:error] [pid 1330019:tid 1330064] [client 182.183.59.223:64816] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/blog/"] [unique_id "ZzgIBLel4_HzjjsBKm1tKgAAAIA"], referer: https://karimsonline.com/[Sat Nov 16 03:48:35.337429 2024] [:error] [pid 1330095:tid 1330097] [client 182.183.59.223:64812] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/wp-content/uploads/2024/07/WhatsApp-Video-2024-07-03-at-1.45.39-PM.mp4"] [unique_id "ZzgIA_A-4WHASGySwtqn9gAAAMA"], referer: https://karimsonline.com/[Sat Nov 16 03:48:34.872764 2024] [:error] [pid 1330019:tid 1330072] [client 182.183.59.223:64816] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/wp-content/uploads/elementor/css/post-8371.css"] [unique_id "ZzgIArel4_HzjjsBKm1tKQAAAIg"], referer: https://karimsonline.com/[Sat Nov 16 03:48:34.846642 2024] [:error] [pid 1330095:tid 1330120] [client 182.183.59.223:64812] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/"] [unique_id "ZzgIAvA-4WHASGySwtqn9QAAANc"], referer: https://karimsonline.com/[Sat Nov 16 03:48:34.698242 2024] [:error] [pid 1330007:tid 1330042] [client 182.183.59.223:64811] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/wp-includes/images/w-logo-blue-white-bg.png"] [unique_id "ZzgIAnBkV9IysqCAxkWtOgAAAEk"], referer: https://karimsonline.com/[Sat Nov 16 03:48:34.632827 2024] [:error] [pid 1330095:tid 1330119] [client 182.183.59.223:64803] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/favicon.ico"] [unique_id "ZzgIAvA-4WHASGySwtqn9AAAANY"], referer: https://karimsonline.com/[Sat Nov 16 03:48:34.406136 2024] [:error] [pid 1330095:tid 1330113] [client 182.183.59.223:64803] [client 182.183.59.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?
?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(??:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_current_add. [file "/usr/local/apache/modsecurity-cwaf/rules/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||karimsonline.com|F|2"] [data "Matched Data: |||rf=(none) found within REQUEST_COOKIES:sbjs_current_add: fd=2024-11-16 02:48:33|||ep=https:/karimsonline.com/|||rf=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "karimsonline.com"] [uri "/wp-content/plugins/burst-statistics/endpoint.php"] [unique_id "ZzgIAvA-4WHASGySwtqn8wAAANA"], referer: https://karimsonline.com/66
Problems on other RedHat linux servers / Re: I saw that AL 9 has missing features and *EL9 is in beta stage ???
« Last post by Starburst on November 16, 2024, 02:28:14 AM »And we have answered you on those other threads.
But CWP is working on AL9, with only the migration tool having some hicups.
But CWP is working on AL9, with only the migration tool having some hicups.
67
Problems on other RedHat linux servers / Re: No SSL / alma
« Last post by Starburst on November 16, 2024, 02:26:55 AM »Check your rDNS.
If that isn't set correctly Let's Encrypt won't generate the SSL.
95% of the time that is the problem.
The other 5% is due to a mis-configured firewall.
If that isn't set correctly Let's Encrypt won't generate the SSL.
95% of the time that is the problem.
The other 5% is due to a mis-configured firewall.
68
Problems on other RedHat linux servers / Re: I saw that AL 9 has missing features and *EL9 is in beta stage ???
« Last post by venty on November 15, 2024, 01:08:57 PM »Are you installing this locally or on a public provider (aka VPS, Dedicated)?
AL9 is working pretty well, as long as you don't need PHP below 7.4.x
AL8 is also working great, and has all the libraries unlike Rocky which for some reason, if missing key libraries.
All new installations we are using AL9.
What error messages are the logs showing?
Hi,
thank you very much for the reply...
...it is VPS....
"SSL needs to resolve the rDNS for Let's Encrypt to issue a SSL."...
From what I have listed here I have laid out the main dramas:
https://forum.centos-webpanel.com/problems-on-other-redhat-linux-servers/no-web-service-alma/
https://forum.centos-webpanel.com/problems-on-other-redhat-linux-servers/no-ssl-alma/
Thanks in advance!
BR
Venty
69
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« Last post by Starburst on November 15, 2024, 10:22:05 AM »The Comodo fix was for WooCommerce.
What Rule does WAF show is being triggered by WordPress.
Haven't seen any conflict with Comodo and WordPress on AL8 or AL9.
What Rule does WAF show is being triggered by WordPress.
Haven't seen any conflict with Comodo and WordPress on AL8 or AL9.
70
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« Last post by zeejdeej on November 15, 2024, 10:06:32 AM »i switched back to OWASP latest rules but they are not blocking malicious attempts . i can see in logs its detecting but attempt is not blocked 
on the other hand comodo waf rules keeps blocking everything
before last update everything was fine and comodo waf rules were the best
on the other hand comodo waf rules keeps blocking everything
before last update everything was fine and comodo waf rules were the best