Re: Is something wrong with the online store?
Posted: Sun Jul 14, 2019 10:02 am
Hello Triona
Please could you email me the contents of your post? david@brendan-power.com
We have been fixing these issues with the assistance of our hosting providers. This was the diagnosis:
"The problems posts have been causing the ModSecurity module on the server to be triggered. In turn, this can also trigger the firewall to completely block an IP if this happens several times. It's likely that something as simple as the carriage returns within the post may have been enough to cause this as hackers will add such characters when attempting to break into sites. Disabling ModSecurity is not an option, especially these days where the amount of web traffic from hacking is quite a high percentage and without the ModSecurity protection, the web service would be down most of the time. For example, if a hacker is attempting to log into your site, they may attempt millions of times to "guess" the password. For every attempt made, the database service would be used along with sending back a web page. If the attacker does this over a short period of time, nobody else will be able to access the server. Most (if not all) hosting providers view ModSecurity as essential.
I've made an adjustment to the ModSecurity rules so that this particular rule (id:941130) will be excluded whenever posting.php runs. Hopefully, this will have completely fixed the problem. If there are further problems, please let me know along with an IP address and approximate time if possible so that I can quickly find this in the logs. Sometimes, clearing one problem can lead to another."
Particularly note the last line - we have modified three rules now, but you have now found another issue. We can only fix them reactively so appreciate your patience on this.
Best wishes,
David
Please could you email me the contents of your post? david@brendan-power.com
We have been fixing these issues with the assistance of our hosting providers. This was the diagnosis:
"The problems posts have been causing the ModSecurity module on the server to be triggered. In turn, this can also trigger the firewall to completely block an IP if this happens several times. It's likely that something as simple as the carriage returns within the post may have been enough to cause this as hackers will add such characters when attempting to break into sites. Disabling ModSecurity is not an option, especially these days where the amount of web traffic from hacking is quite a high percentage and without the ModSecurity protection, the web service would be down most of the time. For example, if a hacker is attempting to log into your site, they may attempt millions of times to "guess" the password. For every attempt made, the database service would be used along with sending back a web page. If the attacker does this over a short period of time, nobody else will be able to access the server. Most (if not all) hosting providers view ModSecurity as essential.
I've made an adjustment to the ModSecurity rules so that this particular rule (id:941130) will be excluded whenever posting.php runs. Hopefully, this will have completely fixed the problem. If there are further problems, please let me know along with an IP address and approximate time if possible so that I can quickly find this in the logs. Sometimes, clearing one problem can lead to another."
Particularly note the last line - we have modified three rules now, but you have now found another issue. We can only fix them reactively so appreciate your patience on this.
Best wishes,
David