RedPacket Security

InfoSec News & Tutorials

Tutorials 

Whitelisting an IP address in ModSecurity , WordPress troubleshooting, integration and automation.

admin , , , , , , ,
Click the icon to Follow me:- twitterTelegramRedditDiscord

I have been recently been using Integromat.com for some automation and integration work. IF you are wondering what it is, let me explain. Integromat helps automate processes that you currently handle manually. It is not only capable of connecting apps but can also transfer and transform data. It works 24 hours a day, seven days a week and does not require your intervention. Once configured you can simply let Integromat do what you want and let it work for you. Save your time!

image 133

While I was there I wanted to see if I was able to automate some social media cross-posting. This sounded simple, but and probably is for many people, but I ran into a few issues with ModSecurity triggering and blocking my integrations.

I started by creating a Scenario in Integromat to Connect to my WordPress blog, take the title and URL and cross-post it to Reddit and Discord. Simple! Not quite.

So for WordPress, you will need:

  • A second user account, not your main Admin account (optional but recommended)
  • Username (make this something random, not a word/name that can be guessed e.g 98h423r9uhwfieund)
  • Password (make this something complex and 30 characters long, as you won’t be using 2FA for this account)
  • And I used “Author” permissions.

Now, this is where I was getting issues. Authenticating to my WordPress site. I kept seeing error 403 coming up. Now I looked at all the plugins and security things that I thought could be blocking it but nothing was causing an issue that I could see. After many hours of digging and looking around at all areas of my server, it turned out my ModSecurity WAF was triggering a rule. At this point, I had to add a whitelist for the Integromat servers to bypass the troublesome rule that was blocking it.

A little research and we get this article from ModSecurity . Having a read of this shows the syntax needed to be:

SecRule VARIABLES "OPERATOR" "TRANSFORMATIONS,ACTIONS"

For us to be able to create the whitelist we need to:

  • Connect to the underlying server that is hosting the WordPress via SSH (or ask your hosting provider to do the next steps)
  • Create a file that will be used for IP whitelisting

This might be slightly different, depending on your setup as you might be using different rules

For Debian based systems (Ubuntu/Debian):
nano /etc/apache2/modsecurity.d/<RULE-SET-NAME>/000ipwhitelist.conf

For RHEL based systems (CentOS/CloudLinux):
nano /etc/httpd/conf/modsecurity.d/rules/<RULE-SET-NAME>/000ipwhitelist.conf

And in that 000ipwhitelist.conf file add the following rules:

#Whitelisting Rules for Integromat.com - Date: xx/xx/xxxx
SecRule REMOTE_ADDR "@IPMatch 82.208.14.110/31" "phase:1,log,allow,ctl:ruleEngine=Off,id:00001"
SecRule REMOTE_ADDR "@IPMatch 82.208.14.112/29" "phase:1,log,allow,ctl:ruleEngine=Off,id:00002"

These IP ranges are taken from the Integromat website. Now reload the ruleset and this will whitelist any ModSecurity block. Finally, after getting that out of the way, we can go back to the Integromat website and test our WordPress authentication. It works!!

We can now setup the below scenario.

image 135
Integromat Scenario. When new post from WordPress happens, then post to Reddit and Discord.

And for Reddit, you will need:

  • A subreddit you can spam, I mean post to 🙂
  • The ability to login to your Reddit account and give Integromat permissions.

And for Discord, you will need:

  • A channel you can spam, I mean post to 🙂
  • The ability to login to your Discord account and give Integromat permissions.

Once you have done all of that

Add a WordPress service to your scenario, and choose “Watch Posts”, choose Type: Posts and Limit: xx
Click on OK.

image 137

Now “Right-Click” and click on “Run this module only” and after a while you will get a number pop up at the top. This shows it has pulled a recent post in.

image 138
WordPress Run module

Now you will want to add Reddit and click on the service and choose what information that was just pulled in (above) that you want to use to post to Reddit. I went with Link Post, Title and URL and my own subreddit to post to.

image 136
Reddit Service Setting

Now do the same for Discord

image 139
Discord service settings

Now you want to click OK. The next step is to ensure

  1. The services are connected
  2. You tested it by clicking “Run Once”
  3. You Saved it once you are happy it’s working
  4. You enable “Scheduling”, this will now automatically hook into any new post made on WordPress
image 140
Automated Cross Posting Scenario

This is just a very basic guide, there are some incredibly complex things that it can do. I for one will be playing with some more complex automation.

Now go and play with the hundreds of services available over at Integromat.com

You May Also Like

password 704252 640

WordPress 4.2.4 Fixes Three XSS Vulnerabilities and One Potential SQL Injection

admin
image 132

Discord Channel now available.

admin
logo canary

How to Integrate a Thinkst Canary Token with Telegram

admin