Jump to content
Sign in to follow this  
lucas-shop

Un pic de ajutor pentru mod_security ?

Recommended Posts

[Thu Apr 01 00:33:51 2010] [error] [client 86.55.194.XX] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(??:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(
?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(??:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}?\\+.{0,3}x))|[\\;\\|\\`]\\W*
? ..." at REQUEST_COOKIES:c695956df591e2cbdb30d50cf182c577. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "146"] [id "959006"] [msg "System Command Injection"] [data "cd/"] [severity "CRITICAL
"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.paginamea.ro"] [uri "/admin_mma/"] [unique_id "S7O-v1kq2IAAAEKv00oAAAAJ"]



Asta este o parte din logul primit de la hosting. De la IP respectiv nu se face decat adaugarea produselor si culmea ca o data la doua-trei zile IP este blocat de hosting. Sincer nu sunt programator are cineva idee ce este cu "minunea" de mai sus ?

Share this post


Link to post
Share on other sites

din ce inteleg eu, un modul din apache modsec2, te avertizeaza ca a interceptat niste comenzi sistem, din pagina "paginamea.ro"
comenzi ce pot fi folosite fraudulos.

Share this post


Link to post
Share on other sites

da, asta am inteles si eu dar vezi tu ca ceva nu se leaga, IP ala este al calculatorului "proprietarului" site-ului si nu cred ca ar fi asa de masochist incat sa isi bata joc de munca lui. Am vaga impresie ca modulul ala interpreteaza uneori si fragmente din cuvintele introduse ca descriere sau ca titlu, deoarece unul din produse se numeste "Record ......"

Share this post


Link to post
Share on other sites

da ai dreptate! dar nu am idee cum s-ar plia o solutie la pb ta! poti sa deazctivezi modulul / sa-l configurezi pentru cazuri particulare sa nu se mai planga ..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More