مشکل در قالب در وردپرس bizilight
با درود خدمت دوستان
من یه قالب وردپرس از سایت همیار وردپرس نصب کردم که ظاهرا مشکل امنیتی دارد (xss)
پیغام خطای ارسال شده از طرف هاستینگ
[Fri Apr 06 19:37:37.928865 2018] [:error] [pid 4498] [client 5.22.208.202:49593] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:<\\?(?!xml\\s)|<\\?php|\\[(?:/|\\\\)?php\\])" at ARGS:newcontent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:newcontent: <?php\x0a/\x0a * the default template for displaying header\x0a *\x0a * @package evision themes\x0a * @subpackage bizlight\x0a * @since bizlight 1.0.0\x0a */\x0a\x0a/ \x0a * bizlight_action_before_head hook\x0a * @since bizlight 1.0.0\x0a *\x0a * @hooked bizlight_set_global - 0\x0a * @hooked bizlight_doctype - 10\x0a */\x0ado_action( 'bizlight_action_before_head' );?>\x0a<head>\x0a<link href=\x22https://fonts.googleapis.com/icon?family=material icons\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTA [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "WsewYU5zX-F22KzvJVkP-gAAAAY"], referer: https://nod1.ir/wp-admin/theme-editor.php?file=header.php&theme=bizlight
[Fri Apr 06 19:38:42.949872 2018] [:error] [pid 2777] [client 5.22.208.202:49604] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:<\\?(?!xml\\s)|<\\?php|\\[(?:/|\\\\)?php\\])" at ARGS:newcontent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:newcontent: <?php\x0a/\x0a * the default template for displaying header\x0a *\x0a * @package evision themes\x0a * @subpackage bizlight\x0a * @since bizlight 1.0.0\x0a */\x0a\x0a/ \x0a * bizlight_action_before_head hook\x0a * @since bizlight 1.0.0\x0a *\x0a * @hooked bizlight_set_global - 0\x0a * @hooked bizlight_doctype - 10\x0a */\x0ado_action( 'bizlight_action_before_head' );?>\x0a<head>\x0a<link href=\x22https://fonts.googleapis.com/icon?family=material icons\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTA [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "WsewoszWHMGgXhI8rUgVPAAAABY"], referer: https://nod1.ir/wp-admin/theme-editor.php?file=header.php&theme=bizlight
[Fri Apr 06 19:54:37.220245 2018] [:error] [pid 6580] [client 5.22.208.202:49754] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:customized: {\x22bizlight-options[bizlight-home-service-page-icon_2]\x22:\x22fa fa-money\x22 style=\x22font-size:24px\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "nod1.ir"] [uri "/"] [unique_id "Wse0XXwP73yF2bbjv-YjhAAAAA4"], referer: https://nod1.ir/wp-admin/customize.php?return=%2Fwp-admin%2F
[Fri Apr 06 19:54:37.717916 2018] [:error] [pid 7453] [client 5.22.208.202:49755] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:customize_changeset_data: {\x22bizlight-options[bizlight-home-service-page-icon_2]\x22:{\x22value\x22:\x22fa fa-money\x22 style=\x22font-size:24px\x22}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wse0XWLk8BxRJLkEDkbyOgAAAAI"], referer: https://nod1.ir/wp-admin/customize.php?return=%2Fwp-admin%2F
[Fri Apr 06 19:54:55.069983 2018] [:error] [pid 7021] [client 5.22.208.202:49759] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:customize_changeset_data: {\x22bizlight-options[bizlight-home-service-page-icon_2]\x22:{\x22value\x22:\x22fa fa-money\x22 style=\x22font-size:24px\x22}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wse0b848P1XHHxbmtcmdGgAAAAE"], referer: https://nod1.ir/wp-admin/customize.php?return=%2Fwp-admin%2F
لطفا راهنمایی کنید چطور برطرف کنم
پاسخ : مشکل در قالب در وردپرس bizilight
این مشکل به شما میگه سرویس Mod Security دسترسی به کلاینت شما را بسته .
خطای مرجع : https://nod1.ir/wp-admin/theme-edito...theme=bizlight
نوعی از لاک : [msg "PHP Injection Attack: PHP Open Tag Found"]
کد های مخربی در هدر قالبتون هست که Mod Security آنها را بلاک کرده . برای رفع مشکل می تونین فایل هدر سایتتون رو بازبینی کنید در صورتی هم که اشنایی با کد نویسی و فلان ندارید در تلگرام با من در تماس باشید
پاسخ : مشکل در قالب در وردپرس bizilight
