Support Center Visit Demo License manager Buy @ envato

Theme Causing Mod Security Violation

BloomingDigitalBloomingDigital
in Other
Hi,


When my client used the admin to update her site it causes a Mod_Security violation on the server and she gets blcoked in the firewall. This is the log entry: 

---

[Tue May 19 15:04:32.361817 2015] [:error] [pid 1525:tid
140148637390592] [client 81.131.100.184] ModSecurity: Access denied with
code 406 (phase 2). Pattern match "\\\\b(\\\\d+) ?=
?\\\\1\\\\b|[\\\\'\\"](\\\\w+)[\\\\'\\"] ?= ?[\\\\'\\"]\\\\2\\\\b" at
REQUEST_HEADERS:Cookie. [file
"/usr/local/apache/conf/modsec2.user.conf"] [line "98"] [id
"1234123413"] [msg "SQL Injection Attack"] [data "170=170"] [severity
"CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname
"discoveringdiamonds.co.uk"] [uri
"/wp-content/themes/betheme/style-colors.php"] [unique_id
"VVtC8F@azzwAAAX1yrkAAAAL"]

---

Please could you help me to sort this out?

Comments

  • AlbertAlbert
    Hi,

    we don't understand how can we help. Form what you wrote, we have no idea what is the problem exactly. Maybe the server where your client uses theme is very limited and that's why theme does not work as should.
    Learn more: Video Tutorials | How To | FAQ Vote on what comes next
  • BloomingDigitalBloomingDigital
    Something is being classed as a potential SQL Injection Attack. Probably a form field. 
    I have multiple wordpress sites on my server using all sorts of themes. This is the first time I've ever had this problem.

    I'm also communicating with my host - any help would be really appreciated. 
  • AlbertAlbert
    This is also first time when we met with something like that. For forms we use the most popular plugin Contact Form 7 so we don't understand what exactly happened.
    Learn more: Video Tutorials | How To | FAQ Vote on what comes next
  • BloomingDigitalBloomingDigital
    I don't understand what is happening either. My host tells me that a script is causing a security issue which in turns gets the users IP put in the firewall.

    I've got them to white list my clients IP so that she doesn't get stuck when editing. It dosn't sound like you can help so that will have to do for the time being. 
  • AlbertAlbert
    Yes, we can't help because this problem is completely not related with theme. This is the most popular contact plugin and looks like your server is not compatible with and the only person who may help you in this case is your server administrator.
    Learn more: Video Tutorials | How To | FAQ Vote on what comes next
Sign In or Register to comment.