Mod_security error

embryoman · July 13, 2021, 2:04am

Hi!

I run a membership site and I get this error when logging in/logging out.

Not Acceptable!

An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

It doesn’t always happen, and I’m able to log in and out by refreshing and trying again. My users have the same issues logging in/out.

I contacted my host (bluehost) and they provided me with this info:

“”""Upon reviewing Mod_Security rule ID I noticed that you were being blocked by too many failed logins within 3 minutes. “Wordpress Brute Force 15 attempts in 3 Mins. 5 Min block”. As you can see the block only lasts 5 minutes.

It appears that there is a plugin causing connections to wp-login.php which exceed 15 attempts within 3 minutes, causing the Not Acceptable error.

I was unable to determine which plugin was causing this issue. It’s advisable to login to your WordPress Dashboard and disable all plugins. You will then want to enable the plugins 1 by 1 to determine what plugins are causing the error.

Additionally, I noticed that Top 10 requesting IP Addresses used to access your website from amazonaws.com. It’s advisable to review those IP’s and block them in Cloudflare. I could see that IP of the domain pointing to Cloudflare. It’s advisable to Login to Cloudflare and Go to the Firewall tab and then firewall rules and create a firewall rule to block bots.

You will find three option (Filed, Operator, value). In the field of value you can give us-west-2.compute.amazonaws.com to block the IP’s of amazon visiting your website. Here is an article to learn more about how to block bots using Cloudflare firewall How to Block Bots using Cloudflare Firewall?

For any additional help it’s advisable to contact Cloudflare support to block bots using Cloudflare firewall. Also if you ask for bot details they will provide that information. “”“”

Then they gave me a list of the top 10 IP addresses accessing my site, here’s #1:

COUNT: 1207 / 05.95%
IP: 34.216.217.178
HOST: ec2-34-216-217-178.us-west-2.compute.amazonaws.com

The others are all from the same amazonaws.com (but different IP addresses).

So I created a firewall rule as they indicated above. I don’t know if I set it up correctly because I’m getting 0 counts on it when there should be thousands.

I have no idea what I’m doing. I’d like to try blocking these before turning off my plugins and going that route.

Help?

sdayman · July 13, 2021, 2:10am

These “amazon bots” are usually malicious users of AWS hosting. I suggest you change the Firewall rule to block by AS Number: 16509 (Amazon AWS), not User Agent.

Just keep that in mind if there are external services you use that might use AWS.

embryoman · July 16, 2021, 5:11pm

Okay, thank you I’ll try that!!

embryoman · July 16, 2021, 5:24pm

When I block it that way, I see my Stripe/webhooks is being blocked. So I don’t think I want that! Is there anyway else to block this besides the method you suggested?

system · July 31, 2021, 5:25pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Not Acceptable! error preventing admin login Security	1	439	December 28, 2023
Assistance Required: Cloudflare Blocking Access Despite IP Whitelisting Security	5	679	December 13, 2023
The firewall on this server is blocking your connection Security	7	9234	July 31, 2021
Bots attempting to log into WordPress from Cloudflare IPs Security dash-troubleshooting	5	4161	September 6, 2019
My htaccess IP whitelist doesn't work with Cloudflare DNS & Network WordPress , dash-getting-started , dash-troubleshooting	11	7208	September 8, 2018

Mod_security error

Related topics