ModSecurity: Request body no files data length is larger than the configured limit (1048576)

ModSecurity: Request body no files data length is larger than the configured limit

ModSecurity, an open-source web application firewall (WAF), provides valuable tools to defend web applications from a myriad of online threats. However, as is common with any complex tool, problems can sometimes arise. One such issue relates to the request body size, which can trigger an error if the data length exceeds the configured limit. The … Read more

Critical Privilege Escalation Vulnerability in Essential Addons for Elementor Plugin Affecting Over One Million Sites

Introduction A severe vulnerability has been detected in Essential Addons for Elementor (from 5.4.0 through 5.7.1), a WordPress plugin with over one million active installations. This flaw was patched on May 11, 2023, but due to its severity, we believe it’s essential to raise awareness and ensure all affected users have applied the patch. Details … Read more

Vulnerability fixed in WordPress Elementor Pro plugin – How cPGuard handles it

The vulnerability – High severity vulnerability fixed in WordPress Elementor Pro plugin As many of you are aware already, there is a critical vulnerability reported in the WordPress Elementor Pro plugin, which is installed on millions of websites. Though they have already released a patched version already, there are still many websites left unpatched, and … Read more

cPanel ModSecurity v2.9.3 results in apache service failures

The following update to the ea-apache24-mod_security2 RPM was included as part of the initial May 29 EasyApache 4 Release: EA-8081 – Update Mod_security2 to 2.9.3 Upon the publication of this update, we observed reports of Apache service failures stemming from ModSecurity segmentation faults. kernel: [123456.123456] httpd[12345]: segfault at 9 ip 0000000000000000 sp 0000000000000 error 4 … Read more

What is ModSecurity and why do we need it ?

What is ModSecurity and why do we need it

Web applications are often flawed and under constant attacks, so we have to implement some special security for our servers. ModSecurity is a valuable tool for enhancing security by detecting and preventing various types of attacks and vulnerabilities What is ModSecurity? ModSecurity is an open-source web-based firewall application (or WAF) that is designed to provide … Read more

How to Install Nginx with ModSecurity v3.0

Nginx with ModSecurity

In this article, we are discussing about ModSecurity v3.0 and will show you how to install ModSecurity v3.0 for the Nginx web server. If you are new to ModSecurity, start by reading our article: What is ModSecurity, and why do we need it? First we can look what’s new in ModSecurity 3.0 Redesigned to work … Read more

Modx Revolution <=2.6.4 (Remote Code Execution)

Security

Description Last week published two critical vulnerabilities affecting MODX Revolution <=2.6.4 which include remote script execution and file/directory removal. Hackers thereby able to compromise the website or spoil or delete files or directories. In the MODX Revolution Version <= 2.6.4, filtering users have an incorrect access control capability in the parameters, which becomes the phpthumb class that causes the … Read more

cPanel Security Hardening

cpanel hardening security

Server Security is something an exception. One day or another, your server will be attacked and the integrity of your data will be at risk, that does not mean you will lose the current and existing customers in the process. cPanel provides easy access to your search and accessibility, user-friendly interface for managing your website. … Read more

Drupal – Remote Code Execution (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3

This vulnerability discovered Drupal security team one weeks ago, a highly critical (20/25 NIST rank), (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3. This vulnerability continues Drupalgeddon 2 and allow an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute … Read more