Duken Posted September 21, 2022 Posted September 21, 2022 (edited) Dear, After the upgrade to 4.7.2 the site is offline one every 5 minutes for a few seconds. I upgraded to 4.7.2.1 and to PHP version Version 8.0.19. But it still happends. This is in the logging all the time: [client 172.70.242.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS:placeholder_media_id. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "13"] [msg "COMODO WAF: Blind SQL Injection Attack||www.duken.nl|F|2"] [data "Matched Data: waitfor delay found within ARGS:placeholder_media_id: -1; waitfor delay '0:0:15' -- "] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.duken.nl"] [uri "/forums/vergelijken/vergelijk-alles-in-\\xc3\\xa9\\xc3\\xa9n-r3/"] [unique_id "YyrNi8nCGLfoeFf7P3_OOQAAAEc"], referer: https://www.duken.nl/ What is happing now? Regards, [client 162.158.91.29] ModSecurity: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:_noJs outside range: 1-255. [file "/etc/apache2/modsecurity.d/rules/comodo_free/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request||www.duken.nl|F|3"] [data "ARGS:_noJs=1\\x00\\xc0\\xa7\\xc0\\xa2%27%22"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] [hostname "www.duken.nl"] [uri "/forums/links/submit/"] [unique_id "YyrPT58DZxdBy-03_VzXogAAAAI"], referer: https://www.duken.nl/ Edited September 21, 2022 by Duken
Duken Posted September 21, 2022 Author Posted September 21, 2022 For now i disabled CWAF in the web application firewall (ModSecurity). Any idea? It happends since the upgrade.
Marc Posted September 21, 2022 Posted September 21, 2022 This is something you would need to take up with your hosting provider. Its not something in which the invision software itself is causing there
Duken Posted September 21, 2022 Author Posted September 21, 2022 Ok thanks. I'm hosting the server myself. The thing is this did not happen before the 4.7.2 upgrade. I can fix it now by disabling CWAF. But it could be a heads-up for IPB.
Recommended Posts