RedPacket Security

InfoSec News & Tutorials

Tutorials 

Whitelisting an IP address in ModSecurity , WordPress troubleshooting, integration and automation.

admin , , , , , , ,
Click the icon to Follow me:- twitterTelegramRedditDiscord

I have been recently been using Integromat.com for some automation and integration work. IF you are wondering what it is, let me explain. Integromat helps automate processes that you currently handle manually. It is not only capable of connecting apps but can also transfer and transform data. It works 24 hours a day, seven days a week and does not require your intervention. Once configured you can simply let Integromat do what you want and let it work for you. Save your time!

image 133

While I was there I wanted to see if I was able to automate some social media cross-posting. This sounded simple, but and probably is for many people, but I ran into a few issues with ModSecurity triggering and blocking my integrations.

The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 6 cores and 12 processing threads bundled with the quiet AMD wraith stealth cooler max temps 95°C 4 2 G...
AMD Ryzen 5 3600 6-Core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler $199.99
The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 6 cores and 12 processing threads bundled with the quiet AMD wraith stealth cooler max temps 95°C 4 2 G... read more
(as of January 26, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc...
AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler $389.96 $384.99
AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc... read more
(as of January 26, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
AMD's fastest 8 core processor for mainstream desktop, with 16 procesing threads Can deliver elite 100+ FPS performance in the world's most popular games Cooler not included, high-performance cooler recommended 4.7 GHz Max Boost, unlocked for overclo...
AMD Ryzen 7 5800X 8-core, 16-Thread Unlocked Desktop Processor Without Cooler Black, XX-Large $537.99 $519.98
AMD's fastest 8 core processor for mainstream desktop, with 16 procesing threads Can deliver elite 100+ FPS performance in the world's most popular games Cooler not included, high-performance cooler recommended 4.7 GHz Max Boost, unlocked for overclo... read more
(as of January 26, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)

I started by creating a Scenario in Integromat to Connect to my WordPress blog, take the title and URL and cross-post it to Reddit and Discord. Simple! Not quite.

So for WordPress, you will need:

  • A second user account, not your main Admin account (optional but recommended)
  • Username (make this something random, not a word/name that can be guessed e.g 98h423r9uhwfieund)
  • Password (make this something complex and 30 characters long, as you won’t be using 2FA for this account)
  • And I used “Author” permissions.

Now, this is where I was getting issues. Authenticating to my WordPress site. I kept seeing error 403 coming up. Now I looked at all the plugins and security things that I thought could be blocking it but nothing was causing an issue that I could see. After many hours of digging and looking around at all areas of my server, it turned out my ModSecurity WAF was triggering a rule. At this point, I had to add a whitelist for the Integromat servers to bypass the troublesome rule that was blocking it.

A little research and we get this article from ModSecurity . Having a read of this shows the syntax needed to be:

SecRule VARIABLES "OPERATOR" "TRANSFORMATIONS,ACTIONS"

For us to be able to create the whitelist we need to:

  • Connect to the underlying server that is hosting the WordPress via SSH (or ask your hosting provider to do the next steps)
  • Create a file that will be used for IP whitelisting

This might be slightly different, depending on your setup as you might be using different rules

For Debian based systems (Ubuntu/Debian):
nano /etc/apache2/modsecurity.d/<RULE-SET-NAME>/000ipwhitelist.conf

For RHEL based systems (CentOS/CloudLinux):
nano /etc/httpd/conf/modsecurity.d/rules/<RULE-SET-NAME>/000ipwhitelist.conf

And in that 000ipwhitelist.conf file add the following rules:

#Whitelisting Rules for Integromat.com - Date: xx/xx/xxxx
SecRule REMOTE_ADDR "@IPMatch 82.208.14.110/31" "phase:1,log,allow,ctl:ruleEngine=Off,id:00001"
SecRule REMOTE_ADDR "@IPMatch 82.208.14.112/29" "phase:1,log,allow,ctl:ruleEngine=Off,id:00002"

These IP ranges are taken from the Integromat website. Now reload the ruleset and this will whitelist any ModSecurity block. Finally, after getting that out of the way, we can go back to the Integromat website and test our WordPress authentication. It works!!

We can now setup the below scenario.

image 135
Integromat Scenario. When new post from WordPress happens, then post to Reddit and Discord.

And for Reddit, you will need:

  • A subreddit you can spam, I mean post to 🙂
  • The ability to login to your Reddit account and give Integromat permissions.

And for Discord, you will need:

  • A channel you can spam, I mean post to 🙂
  • The ability to login to your Discord account and give Integromat permissions.

Once you have done all of that

Add a WordPress service to your scenario, and choose “Watch Posts”, choose Type: Posts and Limit: xx
Click on OK.

image 137

Now “Right-Click” and click on “Run this module only” and after a while you will get a number pop up at the top. This shows it has pulled a recent post in.

image 138
WordPress Run module

Now you will want to add Reddit and click on the service and choose what information that was just pulled in (above) that you want to use to post to Reddit. I went with Link Post, Title and URL and my own subreddit to post to.

You may be interested in...

  • Cyber Bully
  • A Battle of Equals
  • The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats
  • Cyber War
  • Cyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare

    • image 136
    Reddit Service Setting

    Now do the same for Discord

    image 139
    Discord service settings

    Now you want to click OK. The next step is to ensure

    1. The services are connected
    2. You tested it by clicking “Run Once”
    3. You Saved it once you are happy it’s working
    4. You enable “Scheduling”, this will now automatically hook into any new post made on WordPress
    image 140
    Automated Cross Posting Scenario

    This is just a very basic guide, there are some incredibly complex things that it can do. I for one will be playing with some more complex automation.

    Now go and play with the hundreds of services available over at Integromat.com

    You May Also Like

    image 132

    Discord Channel now available.

    admin
    logo canary

    How to Integrate a Thinkst Canary Token with Telegram

    admin
    password 704252 640

    WordPress 4.2.4 Fixes Three XSS Vulnerabilities and One Potential SQL Injection

    admin