Mod_security error

Hi!

I run a membership site and I get this error when logging in/logging out.

Not Acceptable!

An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

It doesn’t always happen, and I’m able to log in and out by refreshing and trying again. My users have the same issues logging in/out.

I contacted my host (bluehost) and they provided me with this info:

“”""Upon reviewing Mod_Security rule ID I noticed that you were being blocked by too many failed logins within 3 minutes. “Wordpress Brute Force 15 attempts in 3 Mins. 5 Min block”. As you can see the block only lasts 5 minutes.

It appears that there is a plugin causing connections to wp-login.php which exceed 15 attempts within 3 minutes, causing the Not Acceptable error.

I was unable to determine which plugin was causing this issue. It’s advisable to login to your WordPress Dashboard and disable all plugins. You will then want to enable the plugins 1 by 1 to determine what plugins are causing the error.

Additionally, I noticed that Top 10 requesting IP Addresses used to access your website from amazonaws.com. It’s advisable to review those IP’s and block them in cloudflare. I could see that IP of the domain pointing to Cloudflare. It’s advisable to Login to Cloudflare and Go to the Firewall tab and then firewall rules and create a firewall rule to block bots.

You will find three option (Filed, Operator, value). In the field of value you can give us-west-2.compute.amazonaws.com to block the IP’s of amazon visiting your website. Here is an article to learn more about how to block bots using Cloudflare firewall How to Block Bots using Cloudflare Firewall?

For any additional help it’s advisable to contact Cloudflare support to block bots using Cloudflare firewall. Also if you ask for bot details they will provide that information. “”""

Then they gave me a list of the top 10 IP addresses accessing my site, here’s #1:

COUNT: 1207 / 05.95%
IP: 34.216.217.178
HOST: ec2-34-216-217-178.us-west-2.compute.amazonaws.com

The others are all from the same amazonaws.com (but different IP addresses).

So I created a firewall rule as they indicated above. I don’t know if I set it up correctly because I’m getting 0 counts on it when there should be thousands.

I have no idea what I’m doing. I’d like to try blocking these before turning off my plugins and going that route.

Help?

These “amazon bots” are usually malicious users of AWS hosting. I suggest you change the Firewall rule to block by AS Number: 16509 (Amazon AWS), not User Agent.

Just keep that in mind if there are external services you use that might use AWS.

1 Like

Okay, thank you I’ll try that!!

When I block it that way, I see my Stripe/webhooks is being blocked. So I don’t think I want that! Is there anyway else to block this besides the method you suggested?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.