Bruteforce false positive

[Thu Jul 03 08:40:00 2014] [error] [client 122.168.24.180] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.168.24.180 (21 hits since last alert)”] [hostname “testing.empexus.com”] [uri “/kookakid/wp-admin/async-upload.php”] [unique_id “U7VPILia3joAAByyC-UAAAAC”]
[Thu Jul 03 08:41:00 2014] [error] [client 122.168.24.180] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.168.24.180 (75 hits since last alert)”] [hostname “empexus.com”] [uri “/wp-content/themes/Avada/js/froogaloop.js”] [unique_id “U7VPXLia3joAABrxxbUAAAAI”]
[Thu Jul 03 08:41:00 2014] [error] [client 122.168.24.180] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.168.24.180 (75 hits since last alert)”] [hostname “empexus.com”] [uri “/wp-content/themes/Avada/js/jquery.placeholder.js”] [unique_id “U7VPXLia3joAAB5nVW4AAAAE”]

[Thu Jul 03 07:13:03 2014] [error] [client 122.168.24.180] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.168.24.180 (1 hits since last alert)”] [hostname “testing.empexus.com”] [uri “/kookakid/wp-admin/post.php”] [unique_id “U7U6v7ia3joAAF41yGUAAAAJ”]
[Thu Jul 03 07:14:07 2014] [error] [client 122.168.24.180] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.168.24.180 (123 hits since last alert)”] [hostname “testing.empexus.com”] [uri “/kookakid/wp-admin/post.php”] [unique_id “U7U6-7ia3joAAFVBEkoAAAAF”]
[Thu Jul 03 07:15:12 2014] [error] [client 122.168.24.180] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.168.24.180 (25 hits since last alert)”] [hostname “empexus.com”] [uri “/”] [unique_id “U7U7QLia3joAAGEkLsYAAAAB”]
[Thu Jul 03 07:15:15 2014] [error] [client 122.168.24.180] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.168.24.180 (25 hits since last alert)”] [hostname “empexus.com”] [uri “/wp-content/themes/Avada/style.css”] [unique_id “U7U7Q7ia3joAAGFGPlEAAAAH”]
[Thu Jul 03 07:15:15 2014] [error] [client 122.168.24.180] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.168.24.180 (25 hits since last alert)”] [hostname “empexus.com”] [uri “/wp-content/themes/Avada/css/media.css”] [unique_id

My client is loggin in just once even they are getting banned. Please provide update

seems like bruteforce protection rules have been messed in this new update. Please correct them

We will check.

I am also encountering this issue when someone is trying to publish a post in WordPress.

Any news on this ?

Bruteforce protection has already fixed, it will be available in next update.

Well its not fixed yet.

/wp-admin/ HTTP/1.1

Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 103.231.45.196 (231 hits since last alert)”]

/wp-admin/admin-ajax.php HTTP/1.1

Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file "/var/cpanel/cwaf/rules/cwaf_06.conf"] [line "19"] [id "230000"] [msg "COMODO WAF: Brute Force Attack Identified from 103.231.45.196 (1 hits since last alert)"]

Please let me know if you can really fix the rules. Because you guys took such a long time for next update and issue is still same

Log entries:

[Fri Jul 25 05:42:35 2014] [error] [client 122.173.114.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.173.114.66 (1 hits since last alert)”] [hostname “ntierinfotech.com”] [uri “/ali/wp-content/themes/bishop/core/assets/js/admin/panel.navmenu.min.js”] [unique_id “U9Imi7ia3joAAHL1Y4YAAAAB”]
[Fri Jul 25 05:42:35 2014] [error] [client 122.173.114.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.173.114.66 (1 hits since last alert)”] [hostname “ntierinfotech.com”] [uri “/ali/wp-content/plugins/yit-contact-form/assets/js/select-icon.min.js”] [unique_id “U9Imi7ia3joAAHHQPMIAAAAS”]
[Fri Jul 25 05:43:35 2014] [error] [client 122.173.114.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.173.114.66 (501 hits since last alert)”] [hostname “www.ntierinfotech.com”] [uri “/wp-content/plugins/revslider/rs-plugin/css/static-captions.css”] [unique_id “U9Imx7ia3joAAHWfFWoAAAAS”]
[Fri Jul 25 05:43:35 2014] [error] [client 122.173.114.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.173.114.66 (501 hits since last alert)”] [hostname “www.ntierinfotech.com”] [uri “/wp-content/plugins/testimonial-rotator/testimonial-rotator-style.css”] [unique_id “U9Imx7ia3joAAHV1FKUAAAAQ”]
[Fri Jul 25 05:43:35 2014] [error] [client 122.173.114.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/cwaf_06.conf”] [line “19”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 122.173.114.66 (501 hits since last alert)”] [hostname “www.ntierinfotech.com”] [uri “/wp-content/themes/jarvis_wp/css/skeleton.css”] [unique_id “U9Imx7ia3joAAG89z7gAAAAJ”]

Update planned on 29th of July. As option you can disable rule till update.

Also please make sure in next update your rules support mod_pagespeed. Ty

Seems like its fixed but will continue to monitor it and let you know.