I am receiving the following error for 1 of my wordpress site running on a Plesk server. [client 000.00.00.000] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union \\\\sall\\\\sselect\\\\s(?:(?:null|\\\\d+),?)+|order\\\\sby \\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s' \\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(?:(?:pg_)?sleep\\\\(\\\\d+ \\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_first. [file "/etc/httpd/conf/modsecurity.d/rules /comodo_free/22_SQL_SQLi.conf"] [line "66"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||website name|F|2"] [data "Matched Data: |||id=(none) found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm= (none)|||id=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "website name"] [uri "/wp-login.php"] [unique_id "ZamB- 8j9IfDbYiJgRoahGwAAAAM"], referer: When I visited some pages on the frontend it gives this error: Server Error 403 Forbidden You do not have permission to access this document. That's what you can do Reload Page Back to Previous Page Home Page I wonder if this a real attack? or false positive I was able to export the site to local. It seems working ok there.