-
Posts
-
My website firewall blocked my IP. Most of the time I unblock that in service provider website. But still same error happening. Please help me.
COMODO WAF: Vulnerability in PHP before 5.3.12 and 5.4.x before 5.4.2 (CVE-2012-1823) – https://www.cvedetails.com/cve/CVE-2012-1823/
2021-09-07 15:16:15 thefuturestrust[.]com 99.80.118.48 CRITICAL 404
Request:
GET /wp-content/themes/icos/assets/fonts/themify.woff?-fvbane
Action Description:
Access denied with code 403 (phase 1).
Justification:
Matched phrase “-C” at MATCHED_VARMy public IP
123.231.85.108Hello Julaj-
Thanks for reaching out, I’m sorry to hear about the trouble with the Comodo WAF.
A WAF is a “web-application firewall,” and it’s meant to protect your website from potentially malicious actors.
This specific error has two possible ways you might be able to fix it.
First, I’d strongly recommend updating your WordPress hosting to a version of PHP 7.3 or higher.
If this error is correct, it looks like you may be using a PHP version lower than 5.4.2. PHP 5.4.X stopped receiving updates in late 2015, over 6 years ago.
Your hosting provider should be able to assist you with the upgrade, or you can consider switching to one of our WordPress Hosting partners, who all offer up-to-date versions of PHP.
The other possible way to fix this is through your theme, “icos.” I wasn’t able to locate the developers of this theme on WordPress.org or through a google search, but the root cause of this error is that something in your theme is calling the
themify.wofffont using a non-standard query string without an “=” equals sign. Instead, it’s usingthemify.woff?-fvbane, which looks like it might just be a simple typo using the “-” minus sign instead of the “=” equal sign.
- The topic ‘COMODO WAF Vulnerability In PHP (CVE-2012-1823)’ is closed to new replies.
