Author Topic: unable to edit my products  (Read 3120 times)

Offline david.livshin

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-1
    • View Profile
unable to edit my products
« on: February 04, 2019, 06:16:37 AM »
Hi,

After changing admin password I wasnt able to login. Fixing this problem and some how getting in I am receiving:

403
Forbidden

Access to this resource on the server is denied!


and then, again, unable to login with the same message as above ( but now at the admin login ).
When trying to get to my site ( not a WebShop ) I am getting the message:

The firewall on this server is blocking your connection.

which I somehow can disable ( using ReCAPTCHA ).

How can I get to be able to edit my WebShop?

Thank you,

David



Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile
Re: unable to edit my products
« Reply #1 on: February 05, 2019, 06:40:53 AM »
The firewall on this server is blocking your connection.
Hello. Check with your hosting support or look for firewall settings in your hosting cPanel

Offline david.livshin

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-1
    • View Profile
Re: unable to edit my products
« Reply #2 on: February 05, 2019, 06:48:32 AM »
Actually already did and that what they wrote me:

==============================
We've found out that the ModSecurity rule "211540" triggered on "WebShop/index.php?rt=catalog/download&s=admin123&token=nVh5dB1bBaQJyspZwWYq6KwdtxBfmI89" request - "SQL Injection Attack"

[Mon Feb  4 09:18:04 2019] [error] [client 5.102.238.211] ModSecurity: Access denied with code 403, [Rule: 'ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:customized|!ARGS_NAMES:dynamic_object[object_type]|!ARGS:desc|!ARGS:/description/|!ARGS:/message/|!ARGS_NAMES:object_id|!ARGS_POST:object_id|!ARGS:/password/|!ARGS_NAMES:/password/|!ARGS_NAMES:/product_main_image_data\[\d+]\[object_id]/|!ARGS:Post|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:sql_query|!ARGS_NAMES:column_name' '(?i:\b(?:t(?:able_name\b|extpos[^a-zA-Z0-9_]{1,}\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|object|(?:process|tabl)e)s))|user_(?:group|password|(?:ind_column|tab(?:_column|le)|user|(?:constrain|objec)t)s)|xtype[^a-zA-Z0-9_]{1,}\bchar)\b)|(?:\b(?:(?:instr|locate)[^a-zA-Z0-9_]{1
 ,}\(|(?:attnotnull|c(?:harindex|onstraint_type)|m(?:sys(?:column|object|relationship|(?:ac|queri)e)s|ysql\.(db|user))|s(?:elect\b.{0,40}\b(?:ascii|substring|users{0,1})|ys\.(?:all_tables|tab|user_(?:c(?:atalog|onstraints)|(?:object|t(?:ab(?:_column|le)|rigger)|view)s)))|waitfor\b[^a-zA-Z0-9_]{0,}?\bdelay)\b)|@@spid\b))'] [id "211540"] [rev "12"] [msg "COMODO WAF: Blind SQL Injection Attack"] [logdata "Matched Data: rowNum found within {"table_id":"download_grid","sortname":"name","sortorder":"desc","selrow":null,"page":1,"rowNum":20,"postData":{"_search":false,"nd":1549293437529,"rows":20,"page":1,"sidx":"name","sord":"desc"},"search":false}: {"table_id":"download_grid","sortname":"name","sortorder":"desc","selrow":null,"page":1,"rowNum":20,"postData":{"_search":false,"nd":1549293437529,"rows":20,"page":1,"sidx":"name","sord":"desc"},"search":false}"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"]
==============================

What is that? A bug?
Why did it happen? What shall be done to prevent it from happening again?

Thank you,

David

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile
Re: unable to edit my products
« Reply #3 on: February 05, 2019, 07:14:14 AM »
Hi. It is not a bug. It is incorrect configuration for ModSecurity  module installed on your server. You need to configure it correctly (ask hosting support to whitelist some urls or module rules) or disable it.

 

Powered by SMFPacks Social Login Mod