I have the latest version of Modsecurity (as of March 25, 2019) installed on my server. I am using the OWASP rule sets together with fail2ban in Linux.
I know it is designed to block attempts at piracy. Should I assume that people who are not trying to hack into my server, but who simply have infected computers, are detected in the same way as hackers and pirated robots, etc.?
What happens is that certain people try to connect to my computer and tell me they can not. So I search the registers and, effectively, Modsecurity detected an SQL injection attack from its IP or some other severe level attack.
So, I suggested to several of them that they execute an updated analysis of the boot time of their computer and, in effect, they found many malware and viruses and could connect after removing them without further problems.
So, now I'm trying to confirm that when the members of my forum try to connect to my server and modsecurity informs a lot of nefarious activities of your verified IP address, which is because your computer has a virus or malware that is loading on your connection to my server.
I need to be sure that I am telling you the right thing if I suggest that you need to check your own computer for malware or viruses.
I can not see any other explanation. Someone can confirm that this is what is happening, since some of those members are quite safe (even without verifying) that their computers are not infected with any malware or virus.
And if that is the case, then I need to find out why modsecurity says otherwise because it is blocking the members of my forum.