Your welcome.
I've noticed another bug (maybe more than one).
All user-related logs are stored in admin folder log (/var/log/modsec_audit/admin)
The httpd.conf is correctly set (so each user should write in their own folder), but it doesnt
The line made me think that is a bug is this one:
log=admin&pwd=cindy&wp-submit=Log%20In&redirect_to=http%3A%2F%2Fwww.giuseppegambi.it%2Fsito%2Fwp-admin%2F&testcookie=1
This domain is owned by another user (not admin).
Also, in the same file i can see another error message:
Message: collection_store: Failed to access DBM file "/tmp/ip": Permission denied
/tmp have 777 permissions but is mounetd nosuid,noexec in fstab for security purpose:
drwxrwxrwt 4 root root 2,3M 4 mar 15:48 tmp
Anything i can do?
If you need access just let me know, is the same server you've already checked but i've changed passwords back
PS: the system is using Apache 2.4 and mod_ruid2 (i suppose is related to mod_ruid2)
Best regards