After login the bank-end through a seller, when I try to update bank information followed by save button; the page becomes inaccessible. It gives the following error. If I rename the "sellcious" folder it is again accessible.
HTTP Error 403 - Forbidden
Error. Page cannot be displayed. Please contact your service provider for more details. (30)
The website is hosted in HostGator and I created a ticket for this issue. They responded like below...
Upon checking we found that mod security rule was blocking your website.
ModSecurity is one of the apache server modules that provides a complete website protection by defending hackers and other malicious attacks. It is a set of rules with regular expressions that helps to instantly ex-filtrate the commonly known exploits.ModSecurity obstructs the processing of invalid data (code injection attacks) to reinforce and nourish server's security
We found following error logs for your domain :
[Sun Sep 02 15:03:45.631298 2018] [:error] [pid 26491:tid 140563493766912] [client 188.8.131.52:0] [client 184.108.40.206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "universaluse.com"] [uri "/errors/mdh-403.html"] [unique_id "W4v70SYUr9-KskqDQ9S2@wAAAAg"], referer: https://universaluse.com/sellacious10/index.php?option=com_sellacious&view=profile
Please note that we can not white list this rule because white listing the above mentioned rule will leave the server vulnerable so Please contact your web developer to check the code.