Quick video of the things I am seeing: 2022-12-22_18-43-21 - TechSmith Screencast - TechSmith Screencast
Experiencing errors daily – they are being reported via the error log on the server. I’m including a sample (below).
[Thu Dec 22 23:46:37 2022] [-:error] [pid 22191:tid 140180744660736] [client 192.185.82.189:0] [client 192.185.82.189] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:mainwpsignature. [file "/etc/httpd/modsecurity.d/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 4OnGLAETEB6LFgaeQ= found within ARGS:mainwpsignature: cwF8oNPYJqH87b2NjYElq2HtlHdxCJud/QZpgBjZtvdR9Jmexo9A8yQdRBVQxjqZiPP6tjmFptc3y3DCVRBReLZqORrqLT8Mtn3 CfHYGR5Wfj0K8smnfIkqiCWFHE9HXqmn IrIeb 7LNYaov/6doJa81Bg6o8i7xRiFBU6n/TO2y6iIe fgV3bDfIw7pOYs5vuUid57IfkJ3656o3PbXcVpXOiMDf8w3sg4vlV/VHJ 2G1yMX CRzHTi4ukrf 1LhVG2eGK1S5JEQqjGthfAsfPpaHWfymQJ/j0PJv2zn7YNvpS0aPLvUrAht7Lb4Ujp7oI4OnGLAETEB6LFgaeQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "psi-ceu.com"] [uri "/"] [unique_id "Y6TsXVKzODkZmUXjgluItwAAA-k"], referer https://meetsgeek.com
NOTE: psi-ceu is the child site, meetsgeek is my main site.
It appears I can’t upload a file for the report, so created a ZIP file and uploaded here:
https://psi-ceu.com/tmp/mainwp.zip – it contains the system report and the error log shown in the video.
Thanks in advance for any insight into what these errors mean.
Cenay’