PDA

View Full Version : 403 Forbidden - New post

tininho
09-18-2011, 02:30 PM
While trying to make new post with Wordpress I get the 403 Forbidden error, log shows this:

2011-09-19 00:27:09.324 NOTICE [82.181.193.116:57055-0#XXXX] mod_security rule triggered!
[Mon Sep 19 00:27:09 2011] [error] [client 82.181.193.116] ModSecurity: Access denied with code 403, [Rule: 'ARGS' '(fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->)']
[Msg: XSS attack]
2011-09-19 00:27:09.324 NOTICE [82.181.193.116:57055-0#XXXX] Content len: 1181, Request line: 'POST /wp-admin/post.php HTTP/1.1'

How can I tell the server that this is not an XSS attack?
ikiji
11-26-2011, 04:14 PM
I'm getting the same with an install of WHMCS

Using version 4.1.8
webizen
11-28-2011, 11:29 AM
...
[Mon Sep 19 00:27:09 2011] [error] [client 82.181.193.116] ModSecurity: Access denied with code 403, [Rule: 'ARGS' '(fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->)']
[Msg: XSS attack]
2011-09-19 00:27:09.324 NOTICE [82.181.193.116:57055-0#XXXX] Content len: 1181, Request line: 'POST /wp-admin/post.php HTTP/1.1'
...


This indicates that page (/wp-admin/post.php) that does the post contains value of "fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->" (any). You may verify by looking that source of the page (not php code itself). If that's the case, you can disable the rule.
htduhoc2012
01-24-2012, 04:44 AM
This indicates that page (/wp-admin/post.php) that does the post contains value of "fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->" (any). You may verify by looking that source of the page (not php code itself). If that's the case, you can disable the rule.

I am not still repair it. Anyone esle can have another opinion about this?
:(
NiteWave
01-24-2012, 05:39 PM
what's your lsws version ?
adhp123
04-24-2012, 05:09 AM
what's your lsws version ?

it's almost the same but
chaterbox
05-03-2013, 03:41 AM
Did you recover from this? If yes can you share the steps you did to overcome?