Open jamesozzie opened 3 years ago
wpdarren
commented
3 years ago I have recreated the issue reported with the steps used above. I also tried recreating the issue without Translatepress installed to see if it was just related to the complianz plugin, but the site did not get disconnected until the two were activated.
ZDerekh
commented
3 years ago Any news on this issue? Besides the described behavior, the Complianz popup is being not translated.
jamesozzie
commented
3 years ago @ZDerekh We've created a GitHub issue on the TranslatePress side. Although not specific to the conflict with Complianz it may be worth checking should there be any updates.
You may also wish to try this mini plugin which from my testing keep the Site Kit connection intact with Complianz. It uses the same googlesitekit_canonical_home_url filter.
benbowler
commented
4 months ago As part of the hackathon today, I've been testing multiple sites with TranslatePress and the Complianz plugin and as of 2024 it appears this issue no longer occurs. We could go ahead and close this issue, perhaps after confirmation that this is indeed no longer an issue (@wpdarren).
Related to this ticket we could simplify the get_canonical_home_url function and remove the googlesitekit_canonical_home_url hook, unless it is used to fix other issues unrelated to this one.
wpdarren
commented
4 months ago @benbowler thank you! I will leave it up to @techanvil or @tofumatt to answer your question regarding the googlesitekit_canonical_home_url hook.
@mohitwp when you have some spare time, please could you have a look at if the issue reported in this ticket to check that it's no longer a problem and leave a comment with your findings. Thank you!
techanvil
commented
4 months ago Hi @benbowler, as discussed in the issue where it was introduced, https://github.com/google/site-kit-wp/issues/2131, the googlesitekit_canonical_home_url filter was introduced as a general utility for fixing issues introduced by plugins that change the home URL, rather than this particular instance. So, we should keep it around :)
Bug Description
With the TranslatePress and Complianz plugins active when switching languages . This disconnection also occurs after the cookie notice initially appears, without having to switch languages. This was initially reported in the WordPress support forums, with the user being able to pinpoint the conflict.
Full Video demonstrating user experience
Gif showing language switch breaking SK connection after refreshing SK dashboard
Steps to reproduce
Screenshots
With the below configurations applied Site Kit remains connected, with switching between languages not impacting connection. This however results in no cookie notice.
Additional Context
Example SH info
``` ` ### wp-core ### version: 5.5.3 site_language: en_US user_language: en_US timezone: +00:00 permalink: /%postname%/ https_status: true multisite: false user_registration: 0 blog_public: 1 default_comment_status: open environment_type: production user_count: 6 dotorg_communication: true ### wp-paths-sizes ### wordpress_path: /var/www/vhosts/plastiskip.com/httpdocs wordpress_size: loading... uploads_path: /var/www/vhosts/plastiskip.com/httpdocs/wp-content/uploads uploads_size: loading... themes_path: /var/www/vhosts/plastiskip.com/httpdocs/wp-content/themes themes_size: loading... plugins_path: /var/www/vhosts/plastiskip.com/httpdocs/wp-content/plugins plugins_size: loading... database_size: loading... total_size: loading... ### wp-dropins (1) ### advanced-cache.php: true ### wp-active-theme ### name: AMPFace (ampface-1) version: 1.6.0 author: James Ozzie Osborne author_website: https://ampface.io parent_theme: none theme_features: core-block-patterns, custom-header, amp, editor-style, automatic-feed-links, title-tag, post-thumbnails, menus, html5, custom-background, customize-selective-refresh-widgets, custom-logo, widgets theme_path: /var/www/vhosts/plastiskip.com/httpdocs/wp-content/themes/ampface-1 auto_update: Disabled ### wp-themes-inactive (10) ### Divi: version: 4.6.6, author: Elegant Themes,Auto-updates disabled Ascend: version: 1.4.6, author: Kadence Themes,Auto-updates disabled Astra: version: 2.5.5, author: Brainstorm Force (latest version: 2.6.2),Auto-updates disabled Blocksy: version: 1.7.47, author: CreativeThemes (latest version: 1.7.55),Auto-updates disabled Noor: version: 5.6.02, author: PixelDima,Auto-updates disabled Pixwell: version: 5.7, author: Theme-Ruby,Auto-updates disabled Reco Child: author: EstudioPatagon, version: (undefined),Auto-updates disabled Reco: version: 4.5.5, author: EstudioPatagon,Auto-updates disabled Twenty Nineteen: version: 1.7, author: the WordPress team (latest version: 1.8),Auto-updates disabled Twenty Twenty: version: 1.5, author: the WordPress team (latest version: 1.6),Auto-updates disabled ### wp-mu-plugins (1) ### Health Check Troubleshooting Mode: author: (undefined), version: 1.7.2 ### wp-plugins-active (4) ### AMP: version: 2.0.7, author: AMP Project Contributors (latest version: 2.0.8), Auto-updates disabled Complianz | GDPR/CCPA Cookie Consent: version: 4.8.2, author: Really Simple Plugins, Auto-updates disabled Site Kit by Google: version: 1.22.0, author: Google, Auto-updates disabled TranslatePress - Multilingual: version: 1.9.0, author: Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban, Auto-updates disabled ### wp-plugins-inactive (84) ### a3 Lazy Load: version: 2.4.1, author: a3rev Software (latest version: 2.4.2), Auto-updates disabled Accelerated Mobile Pages: version: 1.0.68.1, author: Ahmed Kaludi, Mohammed Kaludi (latest version: 1.0.72), Auto-updates disabled AdSense Integration WP QUADS: version: 2.0.16, author: WP Quads (latest version: 2.0.17.1), Auto-updates disabled Advanced Custom Fields PRO: version: 5.9.3, author: Elliot Condon, Auto-updates disabled Advanced WordPress Reset: version: 1.1.1, author: Younes JFR., Auto-updates disabled Akismet Anti-Spam: version: 4.1.6, author: Automattic (latest version: 4.1.7), Auto-updates disabled All-in-One WP Migration: version: 7.29, author: ServMask (latest version: 7.32), Auto-updates disabled All In One WP Security: version: 4.4.4, author: Tips and Tricks HQ, Peter Petreski, Ruhul, Ivy (latest version: 4.4.5), Auto-updates disabled AMP Badge: version: 1.0.0, author: James Osborne, Auto-updates disabled AMP Popup: author: Your Name Here, version: (undefined), Auto-updates disabled Antispam Bee: version: 2.9.3, author: pluginkollektiv, Auto-updates disabled Asset CleanUp: Page Speed Booster: version: 1.3.7.1, author: Gabriel Livan (latest version: 1.3.7.2), Auto-updates disabled Auto Affiliate Links: version: 5.9.4.1, author: Lucian Apostol (latest version: 5.9.5), Auto-updates disabled Autoptimize: version: 2.7.8, author: Frank Goossens (futtta) (latest version: 2.8.1), Auto-updates disabled bbPress: version: 2.6.6, author: The bbPress Contributors, Auto-updates disabled Blocksy Companion: version: 1.7.31, author: CreativeThemes (latest version: 1.7.40), Auto-updates disabled Cache Enabler: version: 1.5.5, author: KeyCDN (latest version: 1.6.0), Auto-updates disabled Change wp-admin login: version: 1.0.0, author: Nuno Morais Sarmento (latest version: 1.0.4), Auto-updates disabled CIDRAM: version: 2.4.4, author: Caleb Mazalevskis, Auto-updates disabled Classic Editor: version: 1.6, author: WordPress Contributors, Auto-updates disabled Cloudinary: version: 2.3.0, author: Cloudinary Ltd., XWP (latest version: 2.4.0), Auto-updates disabled CoBlocks: version: 2.5.0, author: GoDaddy (latest version: 2.5.3), Auto-updates disabled Contact Form 7: version: 5.3, author: Takayuki Miyoshi (latest version: 5.3.1), Auto-updates disabled Dima Take Action: version: 1.0.5, author: PixelDima, Auto-updates disabled Disable plugins / themes updates: version: 1.1.1, author: Vincent Guesné, Auto-updates disabled Disable REST API: version: 1.5.1, author: Dave McHale, Auto-updates disabled Disable REST API for Real: version: 2.1.1, author: Samuel Aguilera, Auto-updates disabled Easy Digital Downloads: version: 2.9.26, author: Sandhills Development, LLC, Auto-updates disabled Envato Market: version: 2.0.1, author: Envato, Auto-updates disabled Export All URLs: version: 4.1, author: Atlas Gondal, Auto-updates disabled Fast Velocity Minify: version: 2.8.9, author: Raul Peixoto, Auto-updates disabled GDPR Cookie Consent: version: 1.9.3, author: WebToffee (latest version: 1.9.5), Auto-updates disabled GTranslate: version: 2.8.61, author: Translate AI Multilingual Solutions, Auto-updates disabled hCaptcha for Forms and More: version: 1.6.3, author: hCaptcha, Auto-updates disabled Health Check & Troubleshooting: version: 1.4.5, author: The WordPress.org community, Auto-updates disabled Hummingbird: version: 2.6.2, author: WPMU DEV (latest version: 2.7.0), Auto-updates disabled Instant Indexing: version: 1.0.0, author: Rank Math, Auto-updates disabled Interactive World Map: version: 3.1.8, author: Fla-shop.com (latest version: 3.1.9), Auto-updates disabled iThemes Security: version: 7.9.0, author: iThemes, Auto-updates disabled Jetpack by WordPress.com: version: 9.0.2, author: Automattic (latest version: 9.2.1), Auto-updates disabled Kadence Blocks – Gutenberg Blocks for Page Builder Features: version: 1.9.7, author: Kadence WP (latest version: 1.9.9), Auto-updates disabled Link Whisper Free: version: 0.3.3, author: Link Whisper (latest version: 0.3.5), Auto-updates disabled LiteSpeed Cache: version: 3.6, author: LiteSpeed Technologies, Auto-updates disabled Loco Translate: version: 2.4.6, author: Tim Whitlock, Auto-updates disabled LuckyWP Table of Contents: version: 2.1.4, author: LuckyWP, Auto-updates disabled Noor Assistant: version: 3.1.13, author: PixelDima, Auto-updates disabled Pixwell Core: version: 5.7, author: Theme-Ruby, Auto-updates disabled Plugins Garbage Collector (Database Cleanup): version: 0.12, author: Vladimir Garagulya, Auto-updates disabled Pretty Links: version: 3.2.1, author: Pretty Links, Auto-updates disabled PWA: version: 0.5.0, author: PWA Plugin Contributors, Auto-updates disabled Rank Math SEO: version: 1.0.52.1, author: Rank Math (latest version: 1.0.54.3), Auto-updates disabled Reco Theme Functions: version: 4.5.5, author: Estudio Patagon, Auto-updates disabled Redux: version: 4.1.23, author: Redux.io + Dovy Paukstys (latest version: 4.1.24), Auto-updates disabled Salt Shaker: version: 1.2.7, author: Nagdy, Auto-updates disabled Scripts-To-Footer: version: 0.6.4.1, author: Joshua David Nelson, Auto-updates disabled Site Reviews: version: 5.2.0, author: Paul Ryley (latest version: 5.3.5), Auto-updates disabled Slider Revolution: version: 6.2.23, author: ThemePunch, Auto-updates disabled Stop Spammers: version: 2020.5.1, author: Trumani (latest version: 2020.6.2), Auto-updates disabled Thrive Architect: version: 2.6.2.1, author: Thrive Themes, Auto-updates disabled Thrive Product Manager: version: 1.2.4, author: Thrive Themes, Auto-updates disabled Under Construction: version: 3.83, author: WebFactory Ltd, Auto-updates disabled Virtue/Ascend/Pinnacle Toolkit: version: 4.9.6, author: Kadence WP, Auto-updates disabled Webpushr Push Notifications: version: 4.12.0, author: Webpushr (latest version: 4.16.0), Auto-updates disabled Web Stories: version: 1.1.0, author: Google (latest version: 1.2), Auto-updates disabled WooCommerce: version: 4.7.1, author: Automattic (latest version: 4.8.0), Auto-updates disabled WooSidebars: version: 1.4.5, author: WooCommerce, Auto-updates disabled Wordfence Security: version: 7.4.14, author: Wordfence, Auto-updates disabled WordPress Zero Spam: version: 4.10.2, author: Ben Marshall, Auto-updates disabled WP-Appbox: version: 4.3.4, author: Marcel Schmilgeit, Auto-updates disabled WP-DBManager: version: 2.80.3, author: Lester 'GaMerZ' Chan, Auto-updates disabled WP-Sweep: version: 1.1.3, author: Lester 'GaMerZ' Chan, Auto-updates disabled WP All Import: version: 3.5.6, author: Soflyy, Auto-updates disabled WPBakery Page Builder: version: 6.4.2, author: Michael M - WPBakery.com, Auto-updates disabled WP Cerber Security, Anti-spam & Malware Scan: version: 8.6.7, author: Cerber Tech Inc. (latest version: 8.7), Auto-updates disabled WP Content Copy Protection & No Right Click: version: 3.1.3, author: wp-buy, Auto-updates disabled WP Crop Stop: version: 0.1.2, author: Alex Egorov, Auto-updates disabled WP External Links: version: 2.47, author: WebFactory Ltd, Auto-updates disabled WPForms Lite: version: 1.6.3.1, author: WPForms, Auto-updates disabled WPML Multilingual CMS: version: 4.4.4, author: OnTheGoSystems, Auto-updates disabled WP Rocket: version: 3.7.5, author: WP Media, Auto-updates disabled YITH WooCommerce Wishlist: version: 3.0.16, author: YITH (latest version: 3.0.17), Auto-updates disabled Yoast SEO: version: 15.1.1, author: Team Yoast (latest version: 15.5), Auto-updates disabled Yoast SEO Multilingual: version: 1.2.4, author: OnTheGoSystems, Auto-updates disabled Yoast SEO Premium: version: 15.1.2, author: Team Yoast, Auto-updates disabled ### wp-media ### image_editor: WP_Image_Editor_Imagick imagick_module_version: 1690 imagemagick_version: ImageMagick 6.9.10-68 Q16 x86_64 2020-04-01 https://imagemagick.org file_uploads: File uploads is turned off post_max_size: 16M upload_max_filesize: 16M max_effective_size: 16 MB max_file_uploads: 20 imagick_limits: imagick::RESOURCETYPE_AREA: 7 GB imagick::RESOURCETYPE_DISK: 9.2233720368548E+18 imagick::RESOURCETYPE_FILE: 1536 imagick::RESOURCETYPE_MAP: 7 GB imagick::RESOURCETYPE_MEMORY: 4 GB imagick::RESOURCETYPE_THREAD: 3 gd_version: bundled (2.1.0 compatible) ghostscript_version: 9.07 ### wp-server ### server_architecture: Linux 3.10.0-957.5.1.el7.x86_64 x86_64 httpd_software: Apache php_version: 7.2.34 64bit php_sapi: cgi-fcgi max_input_variables: 1000 time_limit: 30 memory_limit: 128M admin_memory_limit: 256M max_input_time: 60 upload_max_filesize: 16M php_post_max_size: 16M curl_version: 7.29.0 NSS/3.44 suhosin: false imagick_availability: true pretty_permalinks: true htaccess_extra_rules: true ### wp-database ### extension: mysqli server_version: 5.5.68-MariaDB client_version: mysqlnd 5.0.12-dev - 20150407 - $Id: 3591daad22de08524295e1bd073aceeff11e6579 $ ### wp-constants ### WP_HOME: undefined WP_SITEURL: undefined WP_CONTENT_DIR: /var/www/vhosts/plastiskip.com/httpdocs/wp-content WP_PLUGIN_DIR: /var/www/vhosts/plastiskip.com/httpdocs/wp-content/plugins WP_MAX_MEMORY_LIMIT: 256M WP_DEBUG: true WP_DEBUG_DISPLAY: true WP_DEBUG_LOG: true SCRIPT_DEBUG: false WP_CACHE: true CONCATENATE_SCRIPTS: undefined COMPRESS_SCRIPTS: undefined COMPRESS_CSS: undefined WP_LOCAL_DEV: undefined DB_CHARSET: utf8mb4 DB_COLLATE: undefined ### wp-filesystem ### wordpress: writable wp-content: writable uploads: writable plugins: writable themes: writable mu-plugins: writable ### google-site-kit ### version: 1.22.0 php_version: 7.2.34 wp_version: 5.5.3 reference_url: https://plastiskip.com amp_mode: secondary site_status: connected-site user_status: authenticated connected_user_count: 1 active_modules: site-verification, search-console, adsense, analytics, pagespeed-insights required_scopes: openid: ✅ https://www.googleapis.com/auth/userinfo.profile: ✅ https://www.googleapis.com/auth/userinfo.email: ✅ https://www.googleapis.com/auth/siteverification: ✅ https://www.googleapis.com/auth/webmasters: ✅ https://www.googleapis.com/auth/adsense.readonly: ✅ https://www.googleapis.com/auth/analytics.readonly: ✅ capabilities: googlesitekit_authenticate: ✅ googlesitekit_setup: ✅ googlesitekit_view_posts_insights: ✅ googlesitekit_view_dashboard: ✅ googlesitekit_view_module_details: ✅ googlesitekit_manage_options: ✅ googlesitekit_publish_posts: ✅ search_console_property: https://plastiskip.com/ adsense_account_id: pub-346••••••••••••• adsense_client_id: ca-pub-346••••••••••••• adsense_account_status: approved adsense_use_snippet: yes analytics_account_id: 1838••••• analytics_property_id: UA-1838••••••• analytics_profile_id: 2335••••• analytics_use_snippet: no ### amp_wp ### amp_mode_enabled: transitional amp_reader_theme: legacy amp_templates_enabled: post, page, attachment, is_singular, is_front_page, is_home, is_archive, is_author, is_date, is_search, is_404, is_category, is_tag amp_serve_all_templates: true amp_css_transient_caching_disabled: false amp_css_transient_caching_threshold: 5000 transients per day amp_css_transient_caching_sampling_range: 14 days amp_css_transient_caching_transient_count: 47 amp_css_transient_caching_time_series: 20201215: 0 20201216: 21 amp_libxml_version: 2.9.1 ` ```Error Log Details
[Error log file](https://gist.github.com/jamesozzie/65ad8a30c75bcad0e9ff21a191d74098) Screenshot  Summary ``` [Thu Dec 17 12:53:49.065829 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-json/google-site-kit/v1/data/"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.069393 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22: found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-json/google-site-kit/v1/data/"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.070322 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match [hostname "plastiskip.com"] [uri "/wp-json/google-site-kit/v1/data/"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.072371 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-json/google-site-kit/v1/data/"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.074301 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.074515 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-json/google-site-kit/v1/data/"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.081653 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22: found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.082739 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.085174 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.087432 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.087985 2020] [:error] [pid 22411] [client 78.18.29.251:50276] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-content/plugins/google-site-kit/dist/assets/images/rocket.png"] [unique_id "X9tGzeZCUa094EAmFl0vbQAAAAo"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.627320 2020] [:error] [pid 17621] [client 78.18.29.251:50274] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/index.php"] [unique_id "X9tGzQPPwNKGE9K2LK5XXAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.642996 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.646597 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22: found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.647640 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.649984 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.652338 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:53:49.652828 2020] [:error] [pid 20267] [client 78.18.29.251:50280] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-content/uploads/2017/04/cropped-noor_fav_icon-150x150.png"] [unique_id "X9tGzc1C-dqKzlvY1uRg@AAAAAg"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:54:26.623439 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:54:26.627699 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22: found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:54:26.628890 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:54:26.631539 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:54:26.634300 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:54:27.879898 2020] [:error] [pid 22549] [client 78.18.29.251:50396] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tG8nw56XsY8x7s1KaM6QAAAAE"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:54:49.613590 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:54:49.617946 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22: found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:54:49.619173 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:54:49.621785 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:54:49.624764 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:54:49.780484 2020] [:error] [pid 18418] [client 78.18.29.251:50426] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHCZ5ilI71aRitO2vOxAAAAAA"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:56:26.608239 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:56:26.612442 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22: found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:56:26.613697 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:56:26.616319 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:56:26.618887 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:56:27.746177 2020] [:error] [pid 17621] [client 78.18.29.251:50542] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHagPPwNKGE9K2LK5XZAAAAAk"], referer: https://plastiskip.com/wp-admin/admin.php?page=complianz [Thu Dec 17 12:56:50.606473 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "230"] [id "941340"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action= found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:56:50.610609 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "121"] [id "942200"] [rev "2"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22$device_id\\x22: found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warn [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:56:50.611773 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "125"] [id "942260"] [rev "2"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22: \\x2217522e00cfe70-0 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:56:50.614335 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "135"] [id "942370"] [rev "2"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22: \\x2217 found within REQUEST_COOKIES:mp_a36067b00a263cce0299cfd960e26ecf_mixpanel: {\\x22distinct_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$device_id\\x22: \\x2217522e00cfe70-0f71e6eb92ebaa-c781f38-e1000-17522e00cff318\\x22,\\x22$initial_referrer\\x22: \\x22http://plastiskip.com/wp-admin/update.php?action=upload-plugin\\x22,\\x22$initial_referring_domain\\x22: \\x22plastiskip.com\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] Warning. Pattern match "(?i:(?:[\\"'`]\\\\s*?\\\\*. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:56:50.616931 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Warning. Operator GE matched 5 at TX:anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success [Thu Dec 17 12:56:50.767425 2020] [:error] [pid 22387] [client 78.18.29.251:50562] [client 78.18.29.251] ModSecurity: [file "/etc/httpd/conf/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=15,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects classic SQL injection probings 2/2"] [tag "event-correlation"] Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [hostname "plastiskip.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "X9tHgh3Ds6lMCbLWzxq3CwAAAAc"], referer: https://plastiskip.com/wp-admin/admin.php?page=googlesitekit-dashboard¬ification=authentication_success ```Do not alter or remove anything below. The following sections will be managed by moderators only.
Acceptance criteria
Implementation Brief
Test Coverage
Visual Regression Changes
QA Brief
Changelog entry