The Curse of ModSecurity and How I found out that Hell is in Singapore (part 1)

Boring. Perfectly patched system, WordPress content management system and plugins updated. My pentest not really going anywhere. A sysadmin from hell going wayang and falsely accusing me of a site slowdown during my obligatory wpscan (wpscan is an automated tool to find security issues in a WordPress site). Wah this guy, damn guai lan!

Yes, hell is in Asia, just not in the country where I expected it to be. I just checked it on Google Maps.

Hell is in Singapore! But still a 26 minutes drive from my home so not really worth the trouble of going there and doing a Supernatural on the nest of demon IT administrators. No amount of carefully applied Tiger Balm would save them!

Grabbing a taxi (Singapore residents get a SGD 8 discount on the first ride when installing the GrabTaxi app through that link) is usually no issue, but trouble is too kind a word describing the hassle of finding a driver when it rains in Singapore. Must be that all Singapore taxi drivers gather in Haw Par Villa too when it pours.

Back too business. Better hack that site and get even. I dreamt up a scenario worthy of CSI Cyber. With an immense effort I would find out the IP address of the system. Alas, only Russian hackers know how to attack this IP address. Lucky I just know where to find Russian Hackers: Tinder, also known as the Dark Web. A chat with a random Russian hacker would reveal a list of zero-days (undisclosed computer-software vulnerabilities). I break into the system, find the girl and save the world!

"Why Tinder?" I hear you ask. Come on! Don't ask silly questions! This is CSI Cyber so nothing is real! But since I am a polite person (unless you are a sysadmin) I will give some hints:

  • Russian hackers never have girlfriends or wives, while Russian to be brides are not exactly difficult to find on the Internet.
  • Russian hackers must be visiting the wrong sites to find real women. Their previous hunting ground was Ashley Madison.

The reality was a more mundane and a bit more like real hackers do their job: pure chance. I hit the keyboard in frustration, a random request was made to the web-site under review and this revealed an old, forgotten vulnerable file in a copied WordPress theme. A few minutes later, I removed access to the site for the sysadmin.

I decided to act professional and wrote a nice report to the sysadmin (including all the managers that were in CC in his original email) about what was wrong with the site and who was responsible.

Ah! The sweet taste of success. Little did I know that my small victory would end up in a lot more cursing and tooth grinding for me.

Let me tell you what happened next. In short: ModSecurity.

Oops, sorry. I need to run. I have a diner meeting in the Golden Mile Complex (also known as Little Thailand) involving some beers and Mookata. If you want to sponsor this, please use ChangeTip and buy me a beer.

But I promise, tomorrow you will hear about the Curse of ModSecurity. I know, the road to hell is paved with good intentions - a Singapore taxi driver told me so.

Addendum

Some people hinted that I faked the Google Search. The search and result is not a fake. Probable reason that Google (Singapore) finds Hell in Haw Par Villa is that one of the most famous attractions there is the Ten Courts of Hell.

You may find hell in other places, let me know what you encountered there. Let's make it a trending search.

The Tiger Balm reference was made because Haw Par Villa was previously known as Tiger Balm Gardens and was built by the developers of Tiger Balm which is not a good cure against hangovers.

I also used the image of a tiger because Singapore is also known as the Lion City. The person who founded and named the island Singapura claimed to have spotted a lion during his first visit. Most likely this was a mistake and he probably saw a Malayan tiger.

Herman Stevens

Just some guy on the internet. Loves technology, diving, travelling, photography and Belgian Trappist beers.