Duken Posted September 21, 2022 Share Posted September 21, 2022 (edited) Dear, After the upgrade to 4.7.2 the site is offline one every 5 minutes for a few seconds. I upgraded to 4.7.2.1 and to PHP version Version 8.0.19. But it still happends. This is in the logging all the time: [client 172.70.242.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS:placeholder_media_id. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "13"] [msg "COMODO WAF: Blind SQL Injection Attack||www.duken.nl|F|2"] [data "Matched Data: waitfor delay found within ARGS:placeholder_media_id: -1; waitfor delay '0:0:15' -- "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.duken.nl"] [uri "/forums/vergelijken/vergelijk-alles-in-\\xc3\\xa9\\xc3\\xa9n-r3/"] [unique_id "YyrNi8nCGLfoeFf7P3_OOQAAAEc"], referer: https://www.duken.nl/ What is happing now? Regards, [client 162.158.91.29] ModSecurity: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:_noJs outside range: 1-255. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||www.duken.nl|F|3"] [data "ARGS:_noJs=1\\x00\\xc0\\xa7\\xc0\\xa2%27%22"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] [hostname "www.duken.nl"] [uri "/forums/links/submit/"] [unique_id "YyrPT58DZxdBy-03_VzXogAAAAI"], referer: https://www.duken.nl/ Edited September 21, 2022 by Duken Link to comment Share on other sites More sharing options...
Duken Posted September 21, 2022 Author Share Posted September 21, 2022 For now i disabled CWAF in the web application firewall (ModSecurity). Any idea? It happends since the upgrade. Link to comment Share on other sites More sharing options...
Marc Stridgen Posted September 21, 2022 Share Posted September 21, 2022 This is something you would need to take up with your hosting provider. Its not something in which the invision software itself is causing there Link to comment Share on other sites More sharing options...
Duken Posted September 21, 2022 Author Share Posted September 21, 2022 Ok thanks. I'm hosting the server myself. The thing is this did not happen before the 4.7.2 upgrade. I can fix it now by disabling CWAF. But it could be a heads-up for IPB. Link to comment Share on other sites More sharing options...
Recommended Posts