After login the bank-end through a seller, when I try to update bank information followed by save button; the page becomes inaccessible. It gives the following error. If I rename the "sellcious" folder it is again accessible.
HTTP Error 403 - Forbidden
Error. Page cannot be displayed. Please contact your service provider for more details. (30)
The website is hosted in HostGator and I created a ticket for this issue. They responded like below...
Upon checking we found that mod security rule was blocking your website.
ModSecurity is one of the apache server modules that provides a complete website protection by defending hackers and other malicious attacks. It is a set of rules with regular expressions that helps to instantly ex-filtrate the commonly known exploits.ModSecurity obstructs the processing of invalid data (code injection attacks) to reinforce and nourish server's security
We found following error logs for your domain :
[Sun Sep 02 15:03:45.631298 2018] [:error] [pid 26491:tid 140563493766912] [client 111.93.159.50:0] [client 111.93.159.50] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "universaluse.com"] [uri "/errors/mdh-403.html"] [unique_id "W4v70SYUr9-KskqDQ9S2@wAAAAg"], referer: https://universaluse.com/sellacious10/index.php?option=com_sellacious&view=profile
Please note that we can not white list this rule because white listing the above mentioned rule will leave the server vulnerable so Please contact your web developer to check the code.
HTTP Error 403 - Forbidden
Error. Page cannot be displayed. Please contact your service provider for more details. (30)
The website is hosted in HostGator and I created a ticket for this issue. They responded like below...
Upon checking we found that mod security rule was blocking your website.
ModSecurity is one of the apache server modules that provides a complete website protection by defending hackers and other malicious attacks. It is a set of rules with regular expressions that helps to instantly ex-filtrate the commonly known exploits.ModSecurity obstructs the processing of invalid data (code injection attacks) to reinforce and nourish server's security
We found following error logs for your domain :
[Sun Sep 02 15:03:45.631298 2018] [:error] [pid 26491:tid 140563493766912] [client 111.93.159.50:0] [client 111.93.159.50] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "universaluse.com"] [uri "/errors/mdh-403.html"] [unique_id "W4v70SYUr9-KskqDQ9S2@wAAAAg"], referer: https://universaluse.com/sellacious10/index.php?option=com_sellacious&view=profile
Please note that we can not white list this rule because white listing the above mentioned rule will leave the server vulnerable so Please contact your web developer to check the code.
Thank you for reporting. kindly DM us server access/cpanel access so that we can look into this further. It looks as if your server provider is blocking some of our scripts by mistake.
-Abhishek
-Abhishek
- Page :
- 1
There are no replies made for this post yet.
Be one of the first to reply to this post!
Be one of the first to reply to this post!
Sellacious Time 00:00:00
Important Links
Company
Important Links
Information
Shortcut Links
Shortcut Links
Important Links
- +1 (408) 821-8283
- Email hello@sellacious.com