Attack

  • [Wed Mar 24 19:11:33.216288 2021] [:error] [pid 32216:tid 140308343658240] [client 80.112.97.106:58673] [client 80.112.97.106] ModSecurity: Warning. Match of “eq 0” against “REQBODY_ERROR” required. [file “/usr/local/cwaf/rules/12_HTTP_Protocol.conf”] [line “27”] [id “210230”] [rev “2”] [msg “COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||wegmetjeangst.nl|F|2”] [data “Request body no files data length is larger than the configured limit (131072).”] [severity “CRITICAL”] [tag “CWAF”] [tag “Protocol”] [hostname “wegmetjeangst.nl”] [uri “/wp-admin/admin-ajax.php”] [unique_id “YFuA1TFl6MDHPDEzj@n7PwAAAyE”], referer: https://wegmetjeangst.nl/wp-admin/post.php?post=1788&action=architect&tve=true

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    I’m sorry… what’s your question? WP sites (and, for that matter, all sites) get hammered all the time.

    Thread Starter albertbusch

    (@albertbusch)

    They tell me that my site is attacked, however, is this true when you look at the error log?

    Tnx.

    Albert

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Yes, someone may be “attacking” your site. Are they getting through? It seems you’re running mod_secure as well as a local WAF as a firewall.

    However, when I look at the referrer listed above, https://wegmetjeangst.nl/wp-admin/post.php?post=1788&action=architect&tve=true, it’s your own site while you’re editing a post, so it may be a misconfiguration of mod_secure. You might have to ask your host about that.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Attack’ is closed to new replies.

Tags