Security Update: OWASP Deployment & Rollback

PSA: Reclaim Hosting deployed numerous ModSecurity updates using the built-in OWASP vendor provided by WHM. Due to these updates, many users faced issues like 403 errors, authentication failures, and disconnects. These rules have since been rolled back infrastructure-wide.

Due to the many issues with scanning and bot traffic we have seen across our fleet, we have been implementing numerous tools to stop this traffic before it impacts our clients. One of these tools was the OWASP (Open Source Foundation for Application Security) Vendor for ModSecurity that is provided with WHM by default. We rolled out this update to our development servers to test its impact, then quietly rolled out the rules to all cPanel servers as a planned low-impact update to guarantee satisfactory performance for all users.

Unfortunately, this rollout did not go as planned. The rules did stop the bot traffic; however, they also highly impacted users and blocked legitimate traffic like authentication, WordPress plugins, file uploads, and more. This was due to an oversight during our testing process, and we are revising this process so we do not miss this again in the future.

Once the impact was realized, these rules were rolled back across our entire infrastructure immediately and the vendor itself removed to prevent auto-enable after rule updates.

We apologize for any inconvenience caused by these updates, and are revising our policies for security updates and development testing to prevent this scenario from happening again.