0

I'm having very big trouble with atomicorp.com unsupported delayed rules, anytime I'll try to change something in admin (Social Networks) Cpanel block my IP address and I've to contact my host to solve it. If anyone has same issue, Please provide me more details how to solve it.

Here is my Log entries:

[Tue Apr 26 02:44:05.275722 2016] [:error] [pid 1788] [client IP ADDRESS] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ://%{SERVER_NAME}/" against "ARGS:xcrud[postdata][cHRfc29jaWFscy5zb2NpYWxfbGluaw--]" required. [file "/usr/local/apache/conf/modsec/10_asl_rules.conf"] [line "497"] [id "340162"] [rev "286"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (AE)"] [data "https://www.facebook.com/"] [severity "CRITICAL"] [hostname "www.yourdomain.com"] [uri "/index.php/xcrud_ajax"] [unique_id "Vx5lddIwmfAAAAb8PYoAAAAR"]

I believed this is related to Mod_Security Rules, but I don't know how to solve it.

Thanks in advance

user6276867
  • 99
  • 1
  • 3
  • 10
  • If you do not have root access only the system administrator can edit and put the rule that affects you or your domain deactivating your account. You have root access? – abkrim May 19 '16 at 08:48
  • I have access to root but I don't know how to do it – user6276867 May 20 '16 at 03:31

1 Answers1

0

For dummy administrator best way it's install ConfigServer ModSecurity Control on his WHM/Cpanel

After you can use this tool easy. On your WHM -> Plugins -> ConfigServer ModSecurity Control

After verifying that the rule affects you is a rule that is giving a false positive, you can disable it, the user domain as it sees fit.

In this case the rule is: 340162

This tool will create for you the appropriate additional files virtualhost that are read by apache (/usr/local/apache/conf/userdata/) or if disabled globally entries to /usr/local/apache/conf/userdata/modsec2 .whitelist.conf

abkrim
  • 3,512
  • 7
  • 43
  • 69