Title: mod_security issue Last modified: May 2, 2019 --- # mod_security issue * Resolved [daileycon](https://wordpress.org/support/users/daileycon/) * (@daileycon) * [7 years ago](https://wordpress.org/support/topic/mod_security-issue-2/) * I kept getting kicked off my site so I checked the logs. I found a bunch of these errors. It seams like something in index.php is throwing a SQL error to mod_security and banning my ip. * [Thu May 02 06:15:27 2019] [error] [client 47.135.999.999] ModSecurity: Access denied with code 418 (phase 1). Pattern match “(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\ d]{3,}[a-f\\\\d]*)+” at ARGS:checksum. [file “/dh/apache2/template/etc/mod_sec2/ 99_dreamhost_rules.conf”] [line “329”] [id “1990091”] [msg “SQL Hex Encoding Identified”] [hostname “www.mysite.com”] [uri “/wp-content/plugins/wise-chat- pro/src/endpoints/ultra/index.php”] [unique_id “XMrtb0PNDNkAAFMz3sUAAAAA”] Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [Marcin](https://wordpress.org/support/users/marcinlawrowski/) * (@marcinlawrowski) * [6 years, 12 months ago](https://wordpress.org/support/topic/mod_security-issue-2/#post-11531708) * Hello [@daileycon](https://wordpress.org/support/users/daileycon/) * Wise Chat is sending unique checksum in all requests it runs. This is related to the security of the communication. Most probably mod_security plugin has detected it. Are still experiencing those errors? * Best regards * Thread Starter [daileycon](https://wordpress.org/support/users/daileycon/) * (@daileycon) * [6 years, 12 months ago](https://wordpress.org/support/topic/mod_security-issue-2/#post-11533981) * I had to turn mod_security off. I couldn’t visit my site because I kept getting blocked. * [burkingman](https://wordpress.org/support/users/burkingman/) * (@burkingman) * [6 years, 11 months ago](https://wordpress.org/support/topic/mod_security-issue-2/#post-11646891) * In case it might help: I’ve been getting similar errors (“SQL Hex Encoding Identified”) from ModSecurity. Did some testing and my impression is that if you let the chat window run long enough, it will eventually generate checksums that trigger ModSecurity. My site is also hosted with Dreamhost, who I think use the OWASP rules ([https://www.netnea.com/cms/2016/01/17/most-frequent-false-positives-triggered-by-owasp-modsecurity-core-rules-2-2-x/](https://www.netnea.com/cms/2016/01/17/most-frequent-false-positives-triggered-by-owasp-modsecurity-core-rules-2-2-x/)). Unfortunately, since I’m on shared hosting, I can’t fine-tune Modsecurity; I can turn it off entirely, but that would leave my site too vulnerable (judging from my logs, it’s been blocking some actual hacking attempts). * One solution would be to have Wise Chat generate checksums in such a way as to avoid such ModSecurity false positives, but I have no idea how easy or hard that might be… * Here are two errors from my logs: [Mon Jun 03 16:15:29 2019] [error] [client 98.143.999.999] ModSecurity: Access denied with code 418 (phase 1). Pattern match“(? i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+” at ARGS:checksum. [file “/ dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf”] [line “329”] [id “ 1990091”] [msg “SQL Hex Encoding Identified”] [hostname “www.mysite.com”] [uri“/ wp-admin/admin-ajax.php”] [unique_id “XPWqEUBvfwgAAHR8FB0AAAAG”] [Mon Jun 17 14:24:29.305472 2019] [:error] [pid 2933] [client 204.19.999.999:52725] [client 204.19.999.999] ModSecurity: Access denied with code 418 (phase 1). Pattern match“(? i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+” at ARGS:checksum. [file “/ dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf”] [line “329”] [id “ 1990091”] [msg “SQL Hex Encoding Identified”] [hostname “www.mysite.com”] [uri“/ wp-content/plugins/wise-chat/src/endpoints/ultra/”] [unique_id “XQgFDYYYjkn4YF@3muE- iQAAAAU”], referer: [http://www.mysite.com/chatpage/](http://www.mysite.com/chatpage/) Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘mod_security issue’ is closed to new replies. * ![](https://ps.w.org/wise-chat/assets/icon-128x128.png?rev=1306481) * [Wise Chat](https://wordpress.org/plugins/wise-chat/) * [Frequently Asked Questions](https://wordpress.org/plugins/wise-chat/#faq) * [Support Threads](https://wordpress.org/support/plugin/wise-chat/) * [Active Topics](https://wordpress.org/support/plugin/wise-chat/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wise-chat/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wise-chat/reviews/) * 3 replies * 3 participants * Last reply from: [burkingman](https://wordpress.org/support/users/burkingman/) * Last activity: [6 years, 11 months ago](https://wordpress.org/support/topic/mod_security-issue-2/#post-11646891) * Status: resolved