Support Center Visit Demo License manager Buy @ envato

Theme Causing Mod Security Violation

BloomingDigitalBloomingDigital
in Other
Hi,


When my client used the admin to update her site it causes a Mod_Security violation on the server and she gets blcoked in the firewall. This is the log entry: 

---

[Tue May 19 15:04:32.361817 2015] [:error] [pid 1525:tid
140148637390592] [client 81.131.100.184] ModSecurity: Access denied with
code 406 (phase 2). Pattern match "\\\\b(\\\\d+) ?=
?\\\\1\\\\b|[\\\\'\\"](\\\\w+)[\\\\'\\"] ?= ?[\\\\'\\"]\\\\2\\\\b" at
REQUEST_HEADERS:Cookie. [file
"/usr/local/apache/conf/modsec2.user.conf"] [line "98"] [id
"1234123413"] [msg "SQL Injection Attack"] [data "170=170"] [severity
"CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [hostname
"discoveringdiamonds.co.uk"] [uri
"/wp-content/themes/betheme/style-colors.php"] [unique_id
"VVtC8F@azzwAAAX1yrkAAAAL"]

---

Please could you help me to sort this out?

Comments

  • AlbertAlbert
    Hi,

    we don't understand how can we help. Form what you wrote, we have no idea what is the problem exactly. Maybe the server where your client uses theme is very limited and that's why theme does not work as should.
    Learn more: Video Tutorials | How To | FAQ Vote on what comes next
  • BloomingDigitalBloomingDigital
    Something is being classed as a potential SQL Injection Attack. Probably a form field. 
    I have multiple wordpress sites on my server using all sorts of themes. This is the first time I've ever had this problem.

    I'm also communicating with my host - any help would be really appreciated. 
  • AlbertAlbert
    This is also first time when we met with something like that. For forms we use the most popular plugin Contact Form 7 so we don't understand what exactly happened.
    Learn more: Video Tutorials | How To | FAQ Vote on what comes next
  • BloomingDigitalBloomingDigital
    I don't understand what is happening either. My host tells me that a script is causing a security issue which in turns gets the users IP put in the firewall.

    I've got them to white list my clients IP so that she doesn't get stuck when editing. It dosn't sound like you can help so that will have to do for the time being. 
  • AlbertAlbert
    Yes, we can't help because this problem is completely not related with theme. This is the most popular contact plugin and looks like your server is not compatible with and the only person who may help you in this case is your server administrator.
    Learn more: Video Tutorials | How To | FAQ Vote on what comes next
Sign In or Register to comment.
This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Neccessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Analytics & Performance

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This means that cookies which are categorized as necessary, are processed based on GDPR Art. 6 (1) (f). All other cookies, meaning those from the categories preferences and marketing, are processed based on GDPR Art. 6 (1) (a) GDPR.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent.