In case it might help: I’ve been getting similar errors (“SQL Hex Encoding Identified”) from ModSecurity. Did some testing and my impression is that if you let the chat window run long enough, it will eventually generate checksums that trigger ModSecurity. My site is also hosted with Dreamhost, who I think use the OWASP rules (https://www.netnea.com/cms/2016/01/17/most-frequent-false-positives-triggered-by-owasp-modsecurity-core-rules-2-2-x/). Unfortunately, since I’m on shared hosting, I can’t fine-tune Modsecurity; I can turn it off entirely, but that would leave my site too vulnerable (judging from my logs, it’s been blocking some actual hacking attempts).
One solution would be to have Wise Chat generate checksums in such a way as to avoid such ModSecurity false positives, but I have no idea how easy or hard that might be…
Here are two errors from my logs:
[Mon Jun 03 16:15:29 2019] [error] [client 98.143.999.999] ModSecurity: Access denied with code 418 (phase 1). Pattern match “(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+” at ARGS:checksum. [file “/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf”] [line “329”] [id “1990091”] [msg “SQL Hex Encoding Identified”] [hostname “www.mysite.com”] [uri “/wp-admin/admin-ajax.php”] [unique_id “XPWqEUBvfwgAAHR8FB0AAAAG”]
[Mon Jun 17 14:24:29.305472 2019] [:error] [pid 2933] [client 204.19.999.999:52725] [client 204.19.999.999] ModSecurity: Access denied with code 418 (phase 1). Pattern match “(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+” at ARGS:checksum. [file “/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf”] [line “329”] [id “1990091”] [msg “SQL Hex Encoding Identified”] [hostname “www.mysite.com”] [uri “/wp-content/plugins/wise-chat/src/endpoints/ultra/”] [unique_id “XQgFDYYYjkn4YF@3muE-iQAAAAU”], referer: https://www.mysite.com/chatpage/
