• Hola buenas tardes compañeros disculpen tengo el problema con el modulo de mod_security aunque use el tutorial de mi VPS para configurarlo no me funciona este es el tutorial https://www.digitalocean.com/… y no me ha funcionado… el log que me arroja es este:

    --4e1e5d67-A--
    [09/Mar/2015:18:00:36 --0400] VP4YBH8AAQEAAEIZHLAAAAAD 108.162.215.51 26926 188.166.22.225 80
    --4e1e5d67-B--
    GET /wp-admin/load-styles.php?c=0&dir=ltr&load=dashicons,admin-bar,wp-admin,buttons,wp-auth-check&ver=4.1.1 HTTP/1.1
    Host: www.sitio.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    CF-IPCountry: MX
    X-Forwarded-For: 187.156.132.131
    CF-RAY: 1c4a0dbae4fb0d67-LAX
    X-Forwarded-Proto: http
    CF-Visitor: {"scheme":"http"}
    Cache-Control: max-age=0
    Authorization: Basic YWRtaW46MnNGZkNablJ3WQ==
    Accept: text/css,*/*;q=0.1
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36
    Referer: http://www.sitio.com/wp-admin/index.php
    Accept-Language: es-419,es;q=0.8
    Cookie: wordpress_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C3c0620c201d4b6cee6837098575d7a920a29d0d0af30e66cdd4b0bfa5aa2b01a; __cfduid=db0a91b5e49396bc380afbc800c3688041425937533; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C7674eaa2048bad6f73aba5c354bc8ca97e8bf2787c3a55bba627db4ed51a0cca; wp-settings-1=mfold%3Do%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1425937594
    CF-Connecting-IP: 187.156.132.131
    True-Client-IP: 0
    
    --4e1e5d67-F--
    HTTP/1.1 403 Forbidden
    Content-Length: 226
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
    
    --4e1e5d67-E--
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>403 Forbidden</title>
    </head><body>
    <h1>Forbidden</h1>
    <p>You don't have permission to access /wp-admin/load-styles.php
    on this server.</p>
    </body></html>
    
    --4e1e5d67-H--
    Message: Access denied with code 403 (phase 2). Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\

    \\<\\>].*?){4,}» at ARGS:load. [file «/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf»] [line «159»] [id «981173»] [rev «2»] [msg «Restricted SQL Character Anomaly Detection Alert – Total # of special characters exceeded»] [data «Matched Data: – found within ARGS:load: dashicons,admin-bar,wp-admin,buttons,wp-auth-check»] [ver «OWASP_CRS/2.2.8»] [maturity «9»] [accuracy «8»] [tag «OWASP_CRS/WEB_ATTACK/SQL_INJECTION»]
    Action: Intercepted (phase 2)
    Apache-Handler: application/x-httpd-php
    Stopwatch: 1425938436554838 4378 (- – -)
    Stopwatch2: 1425938436554838 4378; combined=2917, p1=329, p2=2578, p3=0, p4=0, p5=9, sr=55, sw=1, l=0, gc=0
    Response-Body-Transformed: Dechunked
    Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
    Server: Apache
    Engine-Mode: «ENABLED»

    –4e1e5d67-Z–

    –4e1e5d67-A–
    [09/Mar/2015:18:00:36 –0400] VP4YBH8AAQEAAEIa1jUAAAAE 108.162.215.51 63336 188.166.22.225 80
    –4e1e5d67-B–
    GET /wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,wp-ajax-response,jquery-color,wp-lists,quicktags,jquery-query,admin-comments,jquery-ui-core,jquery-&load%5B%5D=ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,dashboard,underscore,customize-base,customize-loader,thickbox,plugin-instal&load%5B%5D=l,shortcode,media-upload,svg-painter,heartbeat,wp-auth-check,word-count,wplink&ver=4.1.1 HTTP/1.1
    Host: http://www.sitio.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    CF-IPCountry: MX
    X-Forwarded-For: 187.156.132.131
    CF-RAY: 1c4a0dbb79a7142b-LAX
    X-Forwarded-Proto: http
    CF-Visitor: {«scheme»:»http»}
    Cache-Control: max-age=0
    Authorization: Basic YWRtaW46MnNGZkNablJ3WQ==
    Accept: */*
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36
    Referer: http://www.sitio.com/wp-admin/index.php
    Accept-Language: es-419,es;q=0.8
    Cookie: wordpress_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C3c0620c201d4b6cee6837098575d7a920a29d0d0af30e66cdd4b0bfa5aa2b01a; __cfduid=db0a91b5e49396bc380afbc800c3688041425937533; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C7674eaa2048bad6f73aba5c354bc8ca97e8bf2787c3a55bba627db4ed51a0cca; wp-settings-1=mfold%3Do%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1425937594
    CF-Connecting-IP: 187.156.132.131
    True-Client-IP: 0

    –4e1e5d67-F–
    HTTP/1.1 403 Forbidden
    Content-Length: 227
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1

    –4e1e5d67-E–
    <!DOCTYPE HTML PUBLIC «-//IETF//DTD HTML 2.0//EN»>
    <html><head>
    <title>403 Forbidden</title>
    </head><body>
    <h1>Forbidden</h1>
    <p>You don’t have permission to access /wp-admin/load-scripts.php
    on this server.</p>
    </body></html>

    –4e1e5d67-H–
    Message: Access denied with code 403 (phase 2). Pattern match «([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\»\\’\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){4,}» at ARGS:load[]. [file «/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf»] [line «159»] [id «981173»] [rev «2»] [msg «Restricted SQL Character Anomaly Detection Alert – Total # of special characters exceeded»] [data «Matched Data: – found within ARGS:load[]: hoverIntent,common,admin-bar,wp-ajax-response,jquery-color,wp-lists,quicktags,jquery-query,admin-comments,jquery-ui-core,jquery-«] [ver «OWASP_CRS/2.2.8»] [maturity «9»] [accuracy «8»] [tag «OWASP_CRS/WEB_ATTACK/SQL_INJECTION»]
    Action: Intercepted (phase 2)
    Apache-Handler: application/x-httpd-php
    Stopwatch: 1425938436632363 5149 (- – -)
    Stopwatch2: 1425938436632363 5149; combined=3858, p1=294, p2=3544, p3=0, p4=0, p5=19, sr=36, sw=1, l=0, gc=0
    Response-Body-Transformed: Dechunked
    Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
    Server: Apache
    Engine-Mode: «ENABLED»

    –4e1e5d67-Z–

    –1709dd03-A–
    [09/Mar/2015:18:03:26 –0400] VP4Yrn8AAQEAAEI75uMAAAAK 108.162.215.51 64181 188.166.22.225 80
    –1709dd03-B–
    GET /wp-admin/load-styles.php?c=0&dir=ltr&load=dashicons,admin-bar,wp-admin,buttons,wp-auth-check&ver=4.1.1 HTTP/1.1
    Host: http://www.sitio.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    CF-IPCountry: MX
    X-Forwarded-For: 187.156.132.131
    CF-RAY: 1c4a11e011c90075-LAX
    X-Forwarded-Proto: http
    CF-Visitor: {«scheme»:»http»}
    Cache-Control: max-age=0
    Authorization: Basic YWRtaW46MnNGZkNablJ3WQ==
    Accept: text/css,*/*;q=0.1
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36
    Referer: http://www.sitio.com/wp-admin/index.php
    Accept-Language: es-419,es;q=0.8
    Cookie: wordpress_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C3c0620c201d4b6cee6837098575d7a920a29d0d0af30e66cdd4b0bfa5aa2b01a; __cfduid=db0a91b5e49396bc380afbc800c3688041425937533; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C7674eaa2048bad6f73aba5c354bc8ca97e8bf2787c3a55bba627db4ed51a0cca; wp-settings-1=mfold%3Do%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1425937594
    CF-Connecting-IP: 187.156.132.131
    True-Client-IP: 0

    –1709dd03-F–
    HTTP/1.1 403 Forbidden
    Content-Length: 226
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1

    –1709dd03-E–
    <!DOCTYPE HTML PUBLIC «-//IETF//DTD HTML 2.0//EN»>
    <html><head>
    <title>403 Forbidden</title>
    </head><body>
    <h1>Forbidden</h1>
    <p>You don’t have permission to access /wp-admin/load-styles.php
    on this server.</p>
    </body></html>

    –1709dd03-H–
    Message: Access denied with code 403 (phase 2). Pattern match «([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\»\\’\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){4,}» at ARGS:load. [file «/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf»] [line «159»] [id «981173»] [rev «2»] [msg «Restricted SQL Character Anomaly Detection Alert – Total # of special characters exceeded»] [data «Matched Data: – found within ARGS:load: dashicons,admin-bar,wp-admin,buttons,wp-auth-check»] [ver «OWASP_CRS/2.2.8»] [maturity «9»] [accuracy «8»] [tag «OWASP_CRS/WEB_ATTACK/SQL_INJECTION»]
    Action: Intercepted (phase 2)
    Apache-Handler: application/x-httpd-php
    Stopwatch: 1425938606334255 4929 (- – -)
    Stopwatch2: 1425938606334255 4929; combined=3322, p1=360, p2=2954, p3=0, p4=0, p5=7, sr=40, sw=1, l=0, gc=0
    Response-Body-Transformed: Dechunked
    Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
    Server: Apache
    Engine-Mode: «ENABLED»

    –1709dd03-Z–

    –1709dd03-A–
    [09/Mar/2015:18:03:26 –0400] VP4Yrn8AAQEAAEI6YY8AAAAJ 108.162.215.51 18090 188.166.22.225 80
    –1709dd03-B–
    GET /wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,wp-ajax-response,jquery-color,wp-lists,quicktags,jquery-query,admin-comments,jquery-ui-core,jquery-&load%5B%5D=ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,dashboard,underscore,customize-base,customize-loader,thickbox,plugin-instal&load%5B%5D=l,shortcode,media-upload,svg-painter,heartbeat,wp-auth-check,word-count,wplink&ver=4.1.1 HTTP/1.1
    Host: http://www.sitio.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    CF-IPCountry: MX
    X-Forwarded-For: 187.156.132.131
    CF-RAY: 1c4a11e09c0c07df-LAX
    X-Forwarded-Proto: http
    CF-Visitor: {«scheme»:»http»}
    Cache-Control: max-age=0
    Authorization: Basic YWRtaW46MnNGZkNablJ3WQ==
    Accept: */*
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36
    Referer: http://www.sitio.com/wp-admin/index.php
    Accept-Language: es-419,es;q=0.8
    Cookie: wordpress_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C3c0620c201d4b6cee6837098575d7a920a29d0d0af30e66cdd4b0bfa5aa2b01a; __cfduid=db0a91b5e49396bc380afbc800c3688041425937533; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C7674eaa2048bad6f73aba5c354bc8ca97e8bf2787c3a55bba627db4ed51a0cca; wp-settings-1=mfold%3Do%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1425937594
    CF-Connecting-IP: 187.156.132.131
    True-Client-IP: 0

    –1709dd03-F–
    HTTP/1.1 403 Forbidden
    Content-Length: 227
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1

    –1709dd03-E–
    <!DOCTYPE HTML PUBLIC «-//IETF//DTD HTML 2.0//EN»>
    <html><head>
    <title>403 Forbidden</title>
    </head><body>
    <h1>Forbidden</h1>
    <p>You don’t have permission to access /wp-admin/load-scripts.php
    on this server.</p>
    </body></html>

    –1709dd03-H–
    Message: Access denied with code 403 (phase 2). Pattern match «([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\»\\’\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){4,}» at ARGS:load[]. [file «/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf»] [line «159»] [id «981173»] [rev «2»] [msg «Restricted SQL Character Anomaly Detection Alert – Total # of special characters exceeded»] [data «Matched Data: – found within ARGS:load[]: hoverIntent,common,admin-bar,wp-ajax-response,jquery-color,wp-lists,quicktags,jquery-query,admin-comments,jquery-ui-core,jquery-«] [ver «OWASP_CRS/2.2.8»] [maturity «9»] [accuracy «8»] [tag «OWASP_CRS/WEB_ATTACK/SQL_INJECTION»]
    Action: Intercepted (phase 2)
    Apache-Handler: application/x-httpd-php
    Stopwatch: 1425938606419745 5363 (- – -)
    Stopwatch2: 1425938606419745 5363; combined=3831, p1=394, p2=3425, p3=0, p4=0, p5=11, sr=71, sw=1, l=0, gc=0
    Response-Body-Transformed: Dechunked
    Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
    Server: Apache
    Engine-Mode: «ENABLED»

    –1709dd03-Z– `
    Como podría solucionarlo? lo he intentado desde hace 1 semana y no puedo buscando en foros y sitios web, ya no supe que más hacer mas que pedirles ayuda a la comunidad, espero y me puedan ayudar, Saludos.

Viendo 4 respuestas - de la 1 a la 4 (de un total de 4)
  • Esto no tiene absolutamente nada que ver con WordPress. vas a obtener mejores respuestas y resultados si abres tu tema en un foro de servidores.

    Saludos.

    Teneis que utilizar servidores de calidad…

    ¿Lo solucionaste deadxd?

    Saludos.

    Eso es problema de WordPress y sucedió porque en la url se pasa como parámetro una colección de textos separados por coma en ves de utilizar diferentes parámetros como arrays por parámetro GET lo cual si es estandard, usar comas no es estandard y crs lo considera como un posible ataque de inyección sql. Eso demuestra que tu hosting es bastante bueno ya que es seguro y pudo detectar una deficiencia de WordPress. Lo mas lógico hubiera sido que wordpress hubiera enviado strings concatenados de esta manera: var[1]=val1&var[2]=val2, pero enviar una colección así: var=val1,val2,val3 es hacer las cosas a lo bruto, no hay secuencia de escape, no hay reglas de codificación, no hay nada. Se nota que hay algunas personas que hicieron comentarios a lo bestia sin saber de lo que hablan. De todas maneras o puedes solucionar creando un directorio «custom_rules» dentro del directorio de reglas y crear un archivo de excepción tal como este: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/192 y este https://www.kubuntuforums.net/showthread.php?64939-Apache2-ModSecurity-Whitelist-Generartor-Script y es que el problema no es el crs sino que suceden situaciones especiales donde WordPress no utiliza la via estandard para hacer las cosas sino que a veces hacen las cosas como se les venga en gana y este es uno de varios casos, otr ejemplo muy claro es la serialización via php del contenido de la cookie de smf forum saliendo de todo estandard en ves de utilizar una cookie para cada variable/valor y por ende tambien arroja problemas con el mod_security y para cada excepción que haces abres una puerta al atacante porque es un lugar menos donde el crs ya no tendrá control. Saludos.

Viendo 4 respuestas - de la 1 a la 4 (de un total de 4)
  • El debate ‘Problemas con Mod_Security’ está cerrado a nuevas respuestas.