Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

Tomorrow, you can be anywhere.


rocksolid / Rocksolid Nodes Help / rslight and mod_security

SubjectAuthor
o rslight and mod_securityMarco Moock

1
Subject: rslight and mod_security
From: Marco Moock
Newsgroups: rocksolid.nodes.help
Organization: A noiseless patient Spider
Date: Thu, 2 May 2024 09:53 UTC
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mm+usenet@dorfdsl.de (Marco Moock)
Newsgroups: rocksolid.nodes.help
Subject: rslight and mod_security
Date: Thu, 2 May 2024 11:53:52 +0200
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <v0vnrh$3ovd3$2@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 02 May 2024 11:53:53 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="a630e761c87e48c633cf29c2e24cd994";
logging-data="3964323"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+od15QCt/HQJrEN5EcCRHs"
Cancel-Lock: sha1:zNjxW/JsE7ez7g2aAf/rbe/ftWs=
View all headers

Hello!
I currently try to set up mod_security to reduce the amount of abusive
users/bots.

This already hit (I don't block yet) a legitimate user.

[Thu May 02 11:51:24.956768 2024] [security2:error] [pid 1172731]
[client 2001:xyz] [client 2001:xyz ModSecurity: Warning. Operator GE
matched 4 at TX:outbound_anomaly_score. [file
"/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line
"103"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4):
individual paranoia level scores: 4, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"]
[tag "event-correlation"] [hostname "pi-dach.dorfdsl.de"] [uri
"/rocksolid/post.php"] [unique_id "ZjNiHKtWmpjX8j7bEeTQuQAAAAw"],
referer:
https://pi-dach.dorfdsl.de/rocksolid/article-flat.php?id=6734&group=de.etc.sprache.deutsch

Does anybody here operate it with mod_security?

--
kind regards
Marco

1

rocksolid light 0.9.8
clearnet tor