Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted September 21, 20222 yr Dear, After the upgrade to 4.7.2 the site is offline one every 5 minutes for a few seconds. I upgraded to 4.7.2.1 and to PHP version Version 8.0.19. But it still happends. This is in the logging all the time: [client 172.70.242.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS:placeholder_media_id. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "13"] [msg "COMODO WAF: Blind SQL Injection Attack||www.duken.nl|F|2"] [data "Matched Data: waitfor delay found within ARGS:placeholder_media_id: -1; waitfor delay '0:0:15' -- "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.duken.nl"] [uri "/forums/vergelijken/vergelijk-alles-in-\\xc3\\xa9\\xc3\\xa9n-r3/"] [unique_id "YyrNi8nCGLfoeFf7P3_OOQAAAEc"], referer: https://www.duken.nl/ What is happing now? Regards, [client 162.158.91.29] ModSecurity: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:_noJs outside range: 1-255. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||www.duken.nl|F|3"] [data "ARGS:_noJs=1\\x00\\xc0\\xa7\\xc0\\xa2%27%22"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] [hostname "www.duken.nl"] [uri "/forums/links/submit/"] [unique_id "YyrPT58DZxdBy-03_VzXogAAAAI"], referer: https://www.duken.nl/ Edited September 21, 20222 yr by Duken
September 21, 20222 yr Author For now i disabled CWAF in the web application firewall (ModSecurity). Any idea? It happends since the upgrade.
September 21, 20222 yr This is something you would need to take up with your hosting provider. Its not something in which the invision software itself is causing there
September 21, 20222 yr Author Ok thanks. I'm hosting the server myself. The thing is this did not happen before the 4.7.2 upgrade. I can fix it now by disabling CWAF. But it could be a heads-up for IPB.
