Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TranslatePress with Complianz - Site Kit disconnecting #2542

Open
jamesozzie opened this issue Dec 17, 2020 · 8 comments
Open

TranslatePress with Complianz - Site Kit disconnecting #2542

jamesozzie opened this issue Dec 17, 2020 · 8 comments
Labels
Type: Bug Something isn't working Type: Support Support request

Comments

@jamesozzie
Copy link
Collaborator

jamesozzie commented Dec 17, 2020
edited
Loading

Bug Description

With the TranslatePress and Complianz plugins active when switching languages . This disconnection also occurs after the cookie notice initially appears, without having to switch languages. This was initially reported in the WordPress support forums, with the user being able to pinpoint the conflict.

Full Video demonstrating user experience

Gif showing language switch breaking SK connection after refreshing SK dashboard
translatepress

Steps to reproduce

  1. Install TranslatePress on a site with Site Kit active, and setup a basic install with all default configurations (with at least 1 additional language setup)
  2. Install the Complianz plugin. Setup all defaults where possible, with example setup seen in this video.
  3. Visit your Site Kit dashboard or refresh an open dashboard window, SK will become disconnected
  4. Redo SK setup and visit your websites front end. Refresh the page or switch language
  5. Reload your Site Kit dashboard - the same disconnection occurs

Screenshots

With the below configurations applied Site Kit remains connected, with switching between languages not impacting connection. This however results in no cookie notice.

image

Additional Context

  • SK version 1.22.0
  • Complianz 4.8.2
  • TranslatePress 1.9.0
  • There have been other reports of TranslatePress breaking Site Kit connection, with switching language with the admin bar resulting in lost connection from previous tests. This is without any additional plugins (including Complianz).
  • With the "This website uses cookies or similar techniques." option set to "No" Site Kit remains connected (Stage 2 during wizard - integrations)
  • Multiple ModSecurity related errors evident in PHP error logs
Example SH info 
`
### wp-core ###

version: 5.5.3
site_language: en_US
user_language: en_US
timezone: +00:00
permalink: /%postname%/
https_status: true
multisite: false
user_registration: 0
blog_public: 1
default_comment_status: open
environment_type: production
user_count: 6
dotorg_communication: true

### wp-paths-sizes ###

wordpress_path: /var/www/vhosts/plastiskip.com/httpdocs
wordpress_size: loading...
uploads_path: /var/www/vhosts/plastiskip.com/httpdocs/wp-content/uploads
uploads_size: loading...
themes_path: /var/www/vhosts/plastiskip.com/httpdocs/wp-content/themes
themes_size: loading...
plugins_path: /var/www/vhosts/plastiskip.com/httpdocs/wp-content/plugins
plugins_size: loading...
database_size: loading...
total_size: loading...

### wp-dropins (1) ###

advanced-cache.php: true

### wp-active-theme ###

name: AMPFace (ampface-1)
version: 1.6.0
author: James Ozzie Osborne
author_website: https://ampface.io
parent_theme: none
theme_features: core-block-patterns, custom-header, amp, editor-style, automatic-feed-links, title-tag, post-thumbnails, menus, html5, custom-background, customize-selective-refresh-widgets, custom-logo, widgets
theme_path: /var/www/vhosts/plastiskip.com/httpdocs/wp-content/themes/ampface-1
auto_update: Disabled

### wp-themes-inactive (10) ###

Divi: version: 4.6.6, author: Elegant Themes,Auto-updates disabled
Ascend: version: 1.4.6, author: Kadence Themes,Auto-updates disabled
Astra: version: 2.5.5, author: Brainstorm Force (latest version: 2.6.2),Auto-updates disabled
Blocksy: version: 1.7.47, author: CreativeThemes (latest version: 1.7.55),Auto-updates disabled
Noor: version: 5.6.02, author: PixelDima,Auto-updates disabled
Pixwell: version: 5.7, author: Theme-Ruby,Auto-updates disabled
Reco Child: author: EstudioPatagon, version: (undefined),Auto-updates disabled
Reco: version: 4.5.5, author: EstudioPatagon,Auto-updates disabled
Twenty Nineteen: version: 1.7, author: the WordPress team (latest version: 1.8),Auto-updates disabled
Twenty Twenty: version: 1.5, author: the WordPress team (latest version: 1.6),Auto-updates disabled

### wp-mu-plugins (1) ###

Health Check Troubleshooting Mode: author: (undefined), version: 1.7.2

### wp-plugins-active (4) ###

AMP: version: 2.0.7, author: AMP Project Contributors (latest version: 2.0.8), Auto-updates disabled
Complianz | GDPR/CCPA Cookie Consent: version: 4.8.2, author: Really Simple Plugins, Auto-updates disabled
Site Kit by Google: version: 1.22.0, author: Google, Auto-updates disabled
TranslatePress - Multilingual: version: 1.9.0, author: Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban, Auto-updates disabled

### wp-plugins-inactive (84) ###

a3 Lazy Load: version: 2.4.1, author: a3rev Software (latest version: 2.4.2), Auto-updates disabled
Accelerated Mobile Pages: version: 1.0.68.1, author: Ahmed Kaludi, Mohammed Kaludi (latest version: 1.0.72), Auto-updates disabled
AdSense Integration WP QUADS: version: 2.0.16, author: WP Quads (latest version: 2.0.17.1), Auto-updates disabled
Advanced Custom Fields PRO: version: 5.9.3, author: Elliot Condon, Auto-updates disabled
Advanced WordPress Reset: version: 1.1.1, author: Younes JFR., Auto-updates disabled
Akismet Anti-Spam: version: 4.1.6, author: Automattic (latest version: 4.1.7), Auto-updates disabled
All-in-One WP Migration: version: 7.29, author: ServMask (latest version: 7.32), Auto-updates disabled
All In One WP Security: version: 4.4.4, author: Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy (latest version: 4.4.5), Auto-updates disabled
AMP Badge: version: 1.0.0, author: James Osborne, Auto-updates disabled
AMP Popup: author: Your Name Here, version: (undefined), Auto-updates disabled
Antispam Bee: version: 2.9.3, author: pluginkollektiv, Auto-updates disabled
Asset CleanUp: Page Speed Booster: version: 1.3.7.1, author: Gabriel Livan (latest version: 1.3.7.2), Auto-updates disabled
Auto Affiliate Links: version: 5.9.4.1, author: Lucian Apostol (latest version: 5.9.5), Auto-updates disabled
Autoptimize: version: 2.7.8, author: Frank Goossens (futtta) (latest version: 2.8.1), Auto-updates disabled
bbPress: version: 2.6.6, author: The bbPress Contributors, Auto-updates disabled
Blocksy Companion: version: 1.7.31, author: CreativeThemes (latest version: 1.7.40), Auto-updates disabled
Cache Enabler: version: 1.5.5, author: KeyCDN (latest version: 1.6.0), Auto-updates disabled
Change wp-admin login: version: 1.0.0, author: Nuno Morais Sarmento (latest version: 1.0.4), Auto-updates disabled
CIDRAM: version: 2.4.4, author: Caleb Mazalevskis, Auto-updates disabled
Classic Editor: version: 1.6, author: WordPress Contributors, Auto-updates disabled
Cloudinary: version: 2.3.0, author: Cloudinary Ltd., XWP (latest version: 2.4.0), Auto-updates disabled
CoBlocks: version: 2.5.0, author: GoDaddy (latest version: 2.5.3), Auto-updates disabled
Contact Form 7: version: 5.3, author: Takayuki Miyoshi (latest version: 5.3.1), Auto-updates disabled
Dima Take Action: version: 1.0.5, author: PixelDima, Auto-updates disabled
Disable plugins / themes updates: version: 1.1.1, author: Vincent Guesné, Auto-updates disabled
Disable REST API: version: 1.5.1, author: Dave McHale, Auto-updates disabled
Disable REST API for Real: version: 2.1.1, author: Samuel Aguilera, Auto-updates disabled
Easy Digital Downloads: version: 2.9.26, author: Sandhills Development, LLC, Auto-updates disabled
Envato Market: version: 2.0.1, author: Envato, Auto-updates disabled
Export All URLs: version: 4.1, author: Atlas Gondal, Auto-updates disabled
Fast Velocity Minify: version: 2.8.9, author: Raul Peixoto, Auto-updates disabled
GDPR Cookie Consent: version: 1.9.3, author: WebToffee (latest version: 1.9.5), Auto-updates disabled
GTranslate: version: 2.8.61, author: Translate AI Multilingual Solutions, Auto-updates disabled
hCaptcha for Forms and More: version: 1.6.3, author: hCaptcha, Auto-updates disabled
Health Check & Troubleshooting: version: 1.4.5, author: The WordPress.org community, Auto-updates disabled
Hummingbird: version: 2.6.2, author: WPMU DEV (latest version: 2.7.0), Auto-updates disabled
Instant Indexing: version: 1.0.0, author: Rank Math, Auto-updates disabled
Interactive World Map: version: 3.1.8, author: Fla-shop.com (latest version: 3.1.9), Auto-updates disabled
iThemes Security: version: 7.9.0, author: iThemes, Auto-updates disabled
Jetpack by WordPress.com: version: 9.0.2, author: Automattic (latest version: 9.2.1), Auto-updates disabled
Kadence Blocks – Gutenberg Blocks for Page Builder Features: version: 1.9.7, author: Kadence WP (latest version: 1.9.9), Auto-updates disabled
Link Whisper Free: version: 0.3.3, author: Link Whisper (latest version: 0.3.5), Auto-updates disabled
LiteSpeed Cache: version: 3.6, author: LiteSpeed Technologies, Auto-updates disabled
Loco Translate: version: 2.4.6, author: Tim Whitlock, Auto-updates disabled
LuckyWP Table of Contents: version: 2.1.4, author: LuckyWP, Auto-updates disabled
Noor Assistant: version: 3.1.13, author: PixelDima, Auto-updates disabled
Pixwell Core: version: 5.7, author: Theme-Ruby, Auto-updates disabled
Plugins Garbage Collector (Database Cleanup): version: 0.12, author: Vladimir Garagulya, Auto-updates disabled
Pretty Links: version: 3.2.1, author: Pretty Links, Auto-updates disabled
PWA: version: 0.5.0, author: PWA Plugin Contributors, Auto-updates disabled
Rank Math SEO: version: 1.0.52.1, author: Rank Math (latest version: 1.0.54.3), Auto-updates disabled
Reco Theme Functions: version: 4.5.5, author: Estudio Patagon, Auto-updates disabled
Redux: version: 4.1.23, author: Redux.io + Dovy Paukstys (latest version: 4.1.24), Auto-updates disabled
Salt Shaker: version: 1.2.7, author: Nagdy, Auto-updates disabled
Scripts-To-Footer: version: 0.6.4.1, author: Joshua David Nelson, Auto-updates disabled
Site Reviews: version: 5.2.0, author: Paul Ryley (latest version: 5.3.5), Auto-updates disabled
Slider Revolution: version: 6.2.23, author: ThemePunch, Auto-updates disabled
Stop Spammers: version: 2020.5.1, author: Trumani (latest version: 2020.6.2), Auto-updates disabled
Thrive Architect: version: 2.6.2.1, author: <a href="http://www.thrivethemes.com">Thrive Themes</a>, Auto-updates disabled
Thrive Product Manager: version: 1.2.4, author: Thrive Themes, Auto-updates disabled
Under Construction: version: 3.83, author: WebFactory Ltd, Auto-updates disabled
Virtue/Ascend/Pinnacle Toolkit: version: 4.9.6, author: Kadence WP, Auto-updates disabled
Webpushr Push Notifications: version: 4.12.0, author: Webpushr (latest version: 4.16.0), Auto-updates disabled
Web Stories: version: 1.1.0, author: Google (latest version: 1.2), Auto-updates disabled
WooCommerce: version: 4.7.1, author: Automattic (latest version: 4.8.0), Auto-updates disabled
WooSidebars: version: 1.4.5, author: WooCommerce, Auto-updates disabled
Wordfence Security: version: 7.4.14, author: Wordfence, Auto-updates disabled
WordPress Zero Spam: version: 4.10.2, author: Ben Marshall, Auto-updates disabled
WP-Appbox: version: 4.3.4, author: Marcel Schmilgeit, Auto-updates disabled
WP-DBManager: version: 2.80.3, author: Lester 'GaMerZ' Chan, Auto-updates disabled
WP-Sweep: version: 1.1.3, author: Lester 'GaMerZ' Chan, Auto-updates disabled
WP All Import: version: 3.5.6, author: Soflyy, Auto-updates disabled
WPBakery Page Builder: version: 6.4.2, author: Michael M - WPBakery.com, Auto-updates disabled
WP Cerber Security, Anti-spam & Malware Scan: version: 8.6.7, author: Cerber Tech Inc. (latest version: 8.7), Auto-updates disabled
WP Content Copy Protection & No Right Click: version: 3.1.3, author: wp-buy, Auto-updates disabled
WP Crop Stop: version: 0.1.2, author: Alex Egorov, Auto-updates disabled
WP External Links: version: 2.47, author: WebFactory Ltd, Auto-updates disabled
WPForms Lite: version: 1.6.3.1, author: WPForms, Auto-updates disabled
WPML Multilingual CMS: version: 4.4.4, author: OnTheGoSystems, Auto-updates disabled
WP Rocket: version: 3.7.5, author: WP Media, Auto-updates disabled
YITH WooCommerce Wishlist: version: 3.0.16, author: YITH (latest version: 3.0.17), Auto-updates disabled
Yoast SEO: version: 15.1.1, author: Team Yoast (latest version: 15.5), Auto-updates disabled
Yoast SEO Multilingual: version: 1.2.4, author: OnTheGoSystems, Auto-updates disabled
Yoast SEO Premium: version: 15.1.2, author: Team Yoast, Auto-updates disabled

### wp-media ###

image_editor: WP_Image_Editor_Imagick
imagick_module_version: 1690
imagemagick_version: ImageMagick 6.9.10-68 Q16 x86_64 2020-04-01 https://imagemagick.org
file_uploads: File uploads is turned off
post_max_size: 16M
upload_max_filesize: 16M
max_effective_size: 16 MB
max_file_uploads: 20
imagick_limits: 
	imagick::RESOURCETYPE_AREA: 7 GB
	imagick::RESOURCETYPE_DISK: 9.2233720368548E+18
	imagick::RESOURCETYPE_FILE: 1536
	imagick::RESOURCETYPE_MAP: 7 GB
	imagick::RESOURCETYPE_MEMORY: 4 GB
	imagick::RESOURCETYPE_THREAD: 3
gd_version: bundled (2.1.0 compatible)
ghostscript_version: 9.07

### wp-server ###

server_architecture: Linux 3.10.0-957.5.1.el7.x86_64 x86_64
httpd_software: Apache
php_version: 7.2.34 64bit
php_sapi: cgi-fcgi
max_input_variables: 1000
time_limit: 30
memory_limit: 128M
admin_memory_limit: 256M
max_input_time: 60
upload_max_filesize: 16M
php_post_max_size: 16M
curl_version: 7.29.0 NSS/3.44
suhosin: false
imagick_availability: true
pretty_permalinks: true
htaccess_extra_rules: true

### wp-database ###

extension: mysqli
server_version: 5.5.68-MariaDB
client_version: mysqlnd 5.0.12-dev - 20150407 - $Id: 3591daad22de08524295e1bd073aceeff11e6579 $

### wp-constants ###

WP_HOME: undefined
WP_SITEURL: undefined
WP_CONTENT_DIR: /var/www/vhosts/plastiskip.com/httpdocs/wp-content
WP_PLUGIN_DIR: /var/www/vhosts/plastiskip.com/httpdocs/wp-content/plugins
WP_MAX_MEMORY_LIMIT: 256M
WP_DEBUG: true
WP_DEBUG_DISPLAY: true
WP_DEBUG_LOG: true
SCRIPT_DEBUG: false
WP_CACHE: true
CONCATENATE_SCRIPTS: undefined
COMPRESS_SCRIPTS: undefined
COMPRESS_CSS: undefined
WP_LOCAL_DEV: undefined
DB_CHARSET: utf8mb4
DB_COLLATE: undefined

### wp-filesystem ###

wordpress: writable
wp-content: writable
uploads: writable
plugins: writable
themes: writable
mu-plugins: writable

### google-site-kit ###

version: 1.22.0
php_version: 7.2.34
wp_version: 5.5.3
reference_url: https://plastiskip.com
amp_mode: secondary
site_status: connected-site
user_status: authenticated
connected_user_count: 1
active_modules: site-verification, search-console, adsense, analytics, pagespeed-insights
required_scopes: 
	openid: ✅
	https://www.googleapis.com/auth/userinfo.profile: ✅
	https://www.googleapis.com/auth/userinfo.email: ✅
	https://www.googleapis.com/auth/siteverification: ✅
	https://www.googleapis.com/auth/webmasters: ✅
	https://www.googleapis.com/auth/adsense.readonly: ✅
	https://www.googleapis.com/auth/analytics.readonly: ✅
capabilities: 
	googlesitekit_authenticate: ✅
	googlesitekit_setup: ✅
	googlesitekit_view_posts_insights: ✅
	googlesitekit_view_dashboard: ✅
	googlesitekit_view_module_details: ✅
	googlesitekit_manage_options: ✅
	googlesitekit_publish_posts: ✅
search_console_property: https://plastiskip.com/
adsense_account_id: pub-346•••••••••••••
adsense_client_id: ca-pub-346•••••••••••••
adsense_account_status: approved
adsense_use_snippet: yes
analytics_account_id: 1838•••••
analytics_property_id: UA-1838•••••••
analytics_profile_id: 2335•••••
analytics_use_snippet: no

### amp_wp ###

amp_mode_enabled: transitional
amp_reader_theme: legacy
amp_templates_enabled: post, page, attachment, is_singular, is_front_page, is_home, is_archive, is_author, is_date, is_search, is_404, is_category, is_tag
amp_serve_all_templates: true
amp_css_transient_caching_disabled: false
amp_css_transient_caching_threshold: 5000 transients per day
amp_css_transient_caching_sampling_range: 14 days
amp_css_transient_caching_transient_count: 47
amp_css_transient_caching_time_series: 
	20201215: 0
	20201216: 21
amp_libxml_version: 2.9.1

`
Error Log Details

Error log file

Screenshot
image

Summary

[Thu Dec 17 12:53:49.065829 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-json/google-site-kit/v1/data/"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.069393 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22:  found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-json/google-site-kit/v1/data/"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.070322 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match  [hostname "plastiskip.com"] [uri "/wp-json/google-site-kit/v1/data/"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.072371 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-json/google-site-kit/v1/data/"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.074301 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.074515 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-json/google-site-kit/v1/data/"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.081653 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22:  found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.082739 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match  [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.085174 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.087432 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.087985 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.627320 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/index.php"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.642996 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.646597 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22:  found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.647640 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match  [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.649984 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.652338 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:53:49.652828 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:54:26.623439 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:54:26.627699 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22:  found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:54:26.628890 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match  [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:54:26.631539 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:54:26.634300 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:54:27.879898 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:54:49.613590 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:54:49.617946 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22:  found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:54:49.619173 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match  [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:54:49.621785 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:54:49.624764 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:54:49.780484 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:56:26.608239 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:56:26.612442 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22:  found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:56:26.613697 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match  [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:56:26.616319 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:56:26.618887 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:56:27.746177 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz
[Thu Dec 17 12:56:50.606473 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:56:50.610609 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22:  found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:56:50.611773 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match  [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:56:50.614335 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:56:50.616931 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success
[Thu Dec 17 12:56:50.767425 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity:  [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard&notification=authentication_success

Do not alter or remove anything below. The following sections will be managed by moderators only.

Acceptance criteria

Implementation Brief

Test Coverage

Visual Regression Changes

QA Brief

Changelog entry
@jamesozzie jamesozzie self-assigned this Dec 17, 2020
@jamesozzie jamesozzie added Type: Bug Something isn't working Group: Escalation Issues which requires escalation labels Dec 17, 2020
@jamesozzie jamesozzie removed their assignment Dec 17, 2020
@cole10up cole10up assigned cole10up and wpdarren and unassigned cole10up Dec 18, 2020
@wpdarren
Copy link
Collaborator

I have recreated the issue reported with the steps used above. I also tried recreating the issue without Translatepress installed to see if it was just related to the complianz plugin, but the site did not get disconnected until the two were activated.

@wpdarren wpdarren removed their assignment Dec 18, 2020
@ZDerekh
Copy link

ZDerekh commented Feb 1, 2021

Any news on this issue? Besides the described behavior, the Complianz popup is being not translated.

@jamesozzie
Copy link
Collaborator Author

jamesozzie commented Feb 8, 2021
edited
Loading

@ZDerekh We've created a GitHub issue on the TranslatePress side. Although not specific to the conflict with Complianz it may be worth checking should there be any updates.

You may also wish to try this mini plugin which from my testing keep the Site Kit connection intact with Complianz. It uses the same googlesitekit_canonical_home_url filter.

@jamesozzie jamesozzie added the Type: Support Support request label Mar 30, 2021
@mxbclang mxbclang removed the Group: Escalation Issues which requires escalation label Apr 6, 2021
@benbowler
Copy link
Collaborator

benbowler commented Feb 12, 2024
edited
Loading

As part of the hackathon today, I've been testing multiple sites with TranslatePress and the Complianz plugin and as of 2024 it appears this issue no longer occurs. We could go ahead and close this issue, perhaps after confirmation that this is indeed no longer an issue (@wpdarren).

Related to this ticket we could simplify the get_canonical_home_url function and remove the googlesitekit_canonical_home_url hook, unless it is used to fix other issues unrelated to this one.

@wpdarren
Copy link
Collaborator

wpdarren commented Feb 13, 2024
edited
Loading

@benbowler thank you! I will leave it up to @techanvil or @tofumatt to answer your question regarding the googlesitekit_canonical_home_url hook.

@mohitwp when you have some spare time, please could you have a look at if the issue reported in this ticket to check that it's no longer a problem and leave a comment with your findings. Thank you!

@benbowler benbowler mentioned this issue Feb 13, 2024
Open
@techanvil
Copy link
Collaborator

Hi @benbowler, as discussed in the issue where it was introduced, #2131, the googlesitekit_canonical_home_url filter was introduced as a general utility for fixing issues introduced by plugins that change the home URL, rather than this particular instance. So, we should keep it around :)

@wpdarren
Copy link
Collaborator

@mohitwp just a reminder that this ticket is still assigned to you. Please could you take a look at this issue when you have some spare time after the 1.145.0 release.

@mohitwp when you have some spare time, please could you have a look at if the issue reported in this ticket to check that it's no longer a problem and leave a comment with your findings. Thank you!

@mohitwp
Copy link
Collaborator

mohitwp commented Feb 6, 2025
edited
Loading

QA Update ✅

I tested on three different sites following the steps to reproduce, and the issue is no longer reproducible.

    • A site where both TranslatePress and Complianz are active.
    • A site where only TranslatePress is active.
  • Verified Site Kit does not get disconnected while switching languages.
  • Site Kit version - 1.145.0
  • TranslatePress - 2.9.4
  • Complianz -7.2.0
    cc @wpdarren
Recording.1786.mp4
Recording.1787.mp4

@mohitwp mohitwp removed their assignment Feb 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Something isn't working Type: Support Support request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@benbowler @mxbclang @techanvil @jamesozzie @cole10up @ZDerekh @wpdarren @mohitwp