Jump to content

Upgrade to 4.7.2.1 - Errors on apache (Blind SQL Injection Attack)


Recommended Posts

Posted (edited)

Dear,

After the upgrade to 4.7.2 the site is offline one every 5 minutes for a few seconds. I upgraded to 4.7.2.1 and to PHP version Version 8.0.19. 

But it still happends. This is in the logging all the time:

Could contain: Text, Word, Page

 

[client 172.70.242.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS:placeholder_media_id. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "13"] [msg "COMODO WAF: Blind SQL Injection Attack||www.duken.nl|F|2"] [data "Matched Data: waitfor delay found within ARGS:placeholder_media_id: -1; waitfor delay '0:0:15' -- "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.duken.nl"] [uri "/forums/vergelijken/vergelijk-alles-in-\\xc3\\xa9\\xc3\\xa9n-r3/"] [unique_id "YyrNi8nCGLfoeFf7P3_OOQAAAEc"], referer: https://www.duken.nl/

What is happing now?

Regards,

 

[client 162.158.91.29] ModSecurity: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:_noJs outside range: 1-255. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||www.duken.nl|F|3"] [data "ARGS:_noJs=1\\x00\\xc0\\xa7\\xc0\\xa2%27%22"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] [hostname "www.duken.nl"] [uri "/forums/links/submit/"] [unique_id "YyrPT58DZxdBy-03_VzXogAAAAI"], referer: https://www.duken.nl/
Edited by Duken
Posted

Ok thanks.

I'm hosting the server myself. The thing is this did not happen before the 4.7.2 upgrade. 
I can fix it now by disabling CWAF. But it could be a heads-up for IPB.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...