ModSecurity/Fail2Ban locking users out due to plugin js

Resolved

(@thewebsmiths)

5 or 6 refreshes on any page on my site causes ModSecurity/Fail2Ban to 403 and block me from the server for 10 minutes.

The log file shows:

ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/modsecurity.d/rules/comodo_free/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||domain.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "domain.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "Zk96QMqMkJvqGzoPgUciKAAAAIY"], referer: https://domain.com/contact/

The logs reference a vulnerability in WordPress 4.7 which was patched in 4.7.1. I’m using 6.5.3 with all plugins up to date.

The cause appears to be the presence of the following in the source for every page when UpdraftCentral Dashboard is activated:

<script type="text/javascript" src="https://domain.com/wp-includes/js/dist/data.min.js?ver=e6595ba1a7cd34429f66" id="wp-data-js"></script>
<script type="text/javascript" id="wp-data-js-after">
/* <![CDATA[ */
( function() {
	var userId = 0;
	var storageKey = "WP_DATA_USER_" + userId;
	wp.data
		.use( wp.data.plugins.persistence, { storageKey: storageKey } );
} )();
/* ]]> */
</script>

When I deactivate UpdraftCentral Dashboard the issue stops and I can navigate the site without issues in the firewall.

This topic was modified 11 months, 2 weeks ago by Steve.

Viewing 1 replies (of 1 total)

Plugin Support vupdraft
(@vupdraft)

10 months, 2 weeks ago

Apologies for the delay? Are you using Plesk? if so can you you whitelist your IP: https://support.plesk.com/hc/en-us/articles/12377009252247-How-to-whitelist-an-IP-address-in-Plesk-Fail2Ban

Viewing 1 replies (of 1 total)

The topic ‘ModSecurity/Fail2Ban locking users out due to plugin js’ is closed to new replies.