WordPress and the Database crash

[lucios54]

Hello,
Sometimes when I save some changes in WP Affiliate Manager settings, WordPress and the Database crash.
The Wp Administrator page closes and I see this error: : “Forbidden
You do not have permission to access this document.
Web Server at website.it”

Below is the error copied from the error_log file:

———————-
[Wed Sep 16 12:30:30.109769 2020] [:error] [pid 12836:tid 139885247678208] [client 93.xx.140.xxx:42240] [client 93.xx.140.xxx] ModSecurity: Access denied with code 403 (phase 2). Pattern match “^wpam-(?:manage-payouts|admin-functions|settings|creatives|newaffiliate)$” at MATCHED_VAR. [file “/etc/httpd/conf/modsecurity.d/rules/comodo_free/27_Apps_WPPlugin.conf”] [line “6240”] [id “234081”] [rev “2”] [msg “COMODO WAF: CSRF vulnerability in affiliates-manager plugin before 2.6.6 for WordPress (CVE-2019-15868)||website.it|F|2”] [severity “CRITICAL”] [tag “CWAF”] [tag “WPPlugin”] [hostname “xxxxx.it”] [uri “/wp-admin/admin.php”] [unique_id “X2HpRoeB7zXE8RBirDWwDAAAANA”], referer: https://website.it/wp-admin/admin.php?page=wpam-settings&action=messaging
———————–

I tried to uninstall all plagins and activate them one at a time but I could not understand if there is any conflict.
Pease help me, thanks

[Shadow Labs]

@lucios54, Are you using the latest version of the plugin (2.7.8)? If not please update the plugin, reset the log and see if it happens again.

[lucios54]

Yes, i am using the latest version 2.7.8

[Shadow Labs]

@lucios54, This warning is coming from the apache mod_security on the server for version 2.6.6 (which is really old). Please contact your web host to see why this is happening.

[Author]

Posts