False Positive

brijendrasial · May 4, 2015, 3:38pm

Well we dont have it enabled… Its still false positive

brijendrasial · May 6, 2015, 8:05am

POST /wp-admin/admin.php?page=sitepress-multilingual-cms/menu/languages.php

[Wed May 06 03:37:24.224955 2015] [:error] [pid 23797] [client 78.87.208.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/09_Bruteforce_Bruteforce.conf”] [line “14”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 78.87.208.165 (1 hits since last alert)”] [hostname “xxxx.com”] [uri “/wp-admin/admin.php”] [unique_id “VUnEtMBjyMsAAFz1sgoAAAAL”]
[Wed May 06 03:44:32.149514 2015] [:error] [pid 29362] [client 78.87.208.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/09_Bruteforce_Bruteforce.conf”] [line “14”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 78.87.208.165 (1 hits since last alert)”] [hostname “xxxx.com”] [uri “/wp-admin/admin.php”] [unique_id “VUnGYMBjyMsAAHKyrfQAAAAM”]
[Wed May 06 03:47:51.752464 2015] [:error] [pid 23935] [client 78.87.208.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/09_Bruteforce_Bruteforce.conf”] [line “14”] [id “230000”] [msg “COMODO
Bruteforce is still with bugs…
WAF: Brute Force Attack Identified from 78.87.208.165 (9 hits since last alert)”] [hostname “xxxxx.com”] [uri “/wp-admin/admin.php”] [unique_id “VUnHJ8BjyMsAAF1-9OQAAAAA”]
[Wed May 06 03:49:17.664337 2015] [:error] [pid 23797] [client 78.87.208.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/09_Bruteforce_Bruteforce.conf”] [line “14”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 78.87.208.165 (1 hits since last alert)”] [hostname “xxxx.com”] [uri “/wp-admin/admin.php”] [unique_id “VUnHfcBjyMsAAFz1sr4AAAAL”]
[Wed May 06 03:50:43.447430 2015] [:error] [pid 31933] [client 78.87.208.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 0 at IP. [file “/var/cpanel/cwaf/rules/09_Bruteforce_Bruteforce.conf”] [line “14”] [id “230000”] [msg “COMODO WAF: Brute Force Attack Identified from 78.87.208.165 (1 hits since last alert)”] [hostname “xxxx.com”] [uri “/wp-admin/admin.php”] [unique_id “VUnH08BjyMsAAHy97eIAAAAN”]

brijendrasial · July 11, 2015, 4:13pm

xenforo falsepositive

[Sat Jul 11 10:58:41.784025 2015] [:error] [pid 1295] [client 109.67.53.113] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?:\\bhttp/(?:0\\.9|1\\.[01])|<(?:html|meta)\\b)” at ARGS:templateArray[166]. [file “/var/cpanel/cwaf/rules/10_HTTP_HTTP.conf”] [line “43”] [id “211090”] [msg “COMODO WAF: HTTP Response Splitting Attack”] [data “Matched Data: <meta found within ARGS:templateArray[166]: xen:h1{$xenoptions.boardtitle}</xen:h1>\x0d\x0a\x0d\x0a<xen:container var=\x22$head.canonical\x22><link rel=\x22canonical\x22 href=\x22{xen:link ‘canonical:forums’}\x22 /></xen:container>\x0d\x0a<xen:if is=\x22{$xenoptions.boarddescription}\x22><xen:container var=\x22$head.description\x22>\x0d\x0a\x09</xen:container></xen:if>\x0d\x0a<xen:container var=\x22$head.openg…”] [severity “CRITICAL”] [hostname “forum.nationalgunz.com”] [uri “/admin.php”] [unique_id “VaEvIcBjyMsAAAUPE28AAAAI”]
[Sat Jul 11 10:59:20.170296 2015] [:error] [pid 31523] [client 109.67.53.113] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?:\\bhttp/(?:0\\.9|1\\.[01])|<(?:html|meta)\\b)” at ARGS:templateArray[166]. [file “/var/cpanel/cwaf/rules/10_HTTP_HTTP.conf”] [line “43”] [id “211090”] [msg “COMODO WAF: HTTP Response Splitting Attack”] [data “Matched Data: <meta found within ARGS:templateArray[166]: xen:h1{$xenoptions.boardtitle}</xen:h1>\x0d\x0a\x0d\x0a<xen:container var=\x22$head.canonical\x22><link rel=\x22canonical\x22 href=\x22{xen:link ‘canonical:forums’}\x22 /></xen:container>\x0d\x0a<xen:if is=\x22{$xenoptions.boarddescription}\x22><xen:container var=\x22$head.description\x22>\x0d\x0a\x09</xen:container></xen:if>\x0d\x0a<xen:container var=\x22$head.openg…”] [severity “CRITICAL”] [hostname “forum.nationalgunz.com”] [uri “/admin.php”] [unique_id “VaEvSMBjyMsAAHsjqAQAAAAE”]
[Sat Jul 11 11:12:13.390420 2015] [:error] [pid 13182] [client 109.67.53.113] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?:\\bhttp/(?:0\\.9|1\\.[01])|<(?:html|meta)\\b)” at ARGS:templateArray[166]. [file “/var/cpanel/cwaf/rules/10_HTTP_HTTP.conf”] [line “43”] [id “211090”] [msg “COMODO WAF: HTTP Response Splitting Attack”] [data “Matched Data: <meta found within ARGS:templateArray[166]: xen:h1{$xenoptions.boardtitle}</xen:h1>\x0d\x0a\x0d\x0a<xen:container var=\x22$head.canonical\x22><link rel=\x22canonical\x22 href=\x22{xen:link ‘canonical:forums’}\x22 /></xen:container>\x0d\x0a<xen:if is=\x22{$xenoptions.boarddescription}\x22><xen:container var=\x22$head.description\x22>\x0d\x0a\x09</xen:container></xen:if>\x0d\x0a<xen:container var=\x22$head.openg…”] [severity “CRITICAL”] [hostname “forum.nationalgunz.com”] [uri “/admin.php”] [unique_id “VaEyTcBjyMsAADN@WP4AAAAI”]
[Sat Jul 11 11:13:16.306928 2015] [:error] [pid 13365] [client 109.67.53.113] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?:\\bhttp/(?:0\\.9|1\\.[01])|<(?:html|meta)\\b)” at ARGS:templateArray[166]. [file “/var/cpanel/cwaf/rules/10_HTTP_HTTP.conf”] [line “43”] [id “211090”] [msg “COMODO WAF: HTTP Response Splitting Attack”] [data “Matched Data: <meta found within ARGS:templateArray[166]: xen:h1{$xenoptions.boardtitle}</xen:h1>\x0d\x0a\x0d\x0a<xen:container var=\x22$head.canonical\x22><link rel=\x22canonical\x22 href=\x22{xen:link ‘canonical:forums’}\x22 /></xen:container>\x0d\x0a<xen:if is=\x22{$xenoptions.boarddescription}\x22><xen:container var=\x22$head.description\x22>\x0d\x0a\x09</xen:container></xen:if>\x0d\x0a<xen:container var=\x22$head.openg…”] [severity “CRITICAL”] [hostname “forum.nationalgunz.com”] [uri “/admin.php”] [unique_id “VaEyjMBjyMsAADQ1Y@YAAAAB”]
[Sat Jul 11 11:21:49.657181 2015] [:error] [pid 17020] [client 109.67.53.113] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?:\\bhttp/(?:0\\.9|1\\.[01])|<(?:html|meta)\\b)” at ARGS:templateArray[166]. [file “/var/cpanel/cwaf/rules/10_HTTP_HTTP.conf”] [line “43”] [id “211090”] [msg “COMODO WAF: HTTP Response Splitting Attack”] [data “Matched Data: <meta found within ARGS:templateArray[166]: xen:h1{$xenoptions.boardtitle}</xen:h1>\x0d\x0a\x0d\x0a<xen:container var=\x22$head.canonical\x22><link rel=\x22canonical\x22 href=\x22{xen:link ‘canonical:forums’}\x22 /></xen:container>\x0d\x0a<xen:if is=\x22{$xenoptions.boarddescription}\x22><xen:container var=\x22$head.description\x22>\x0d\x0a\x09</xen:container></xen:if>\x0d\x0a<xen:container var=\x22$head.openg…”] [severity “CRITICAL”] [hostname “forum.nationalgunz.com”] [uri “/admin.php”] [unique_id “VaE0jcBjyMsAAEJ8BasAAAAK”]