Jump to content

Un pic de ajutor pentru mod_security ?


Recommended Posts

[Thu Apr 01 00:33:51 2010] [error] [client 86.55.194.XX] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(??:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(
?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(??:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}?\\+.{0,3}x))|[\\;\\|\\`]\\W*
? ..." at REQUEST_COOKIES:c695956df591e2cbdb30d50cf182c577. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "146"] [id "959006"] [msg "System Command Injection"] [data "cd/"] [severity "CRITICAL
"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.paginamea.ro"] [uri "/admin_mma/"] [unique_id "S7O-v1kq2IAAAEKv00oAAAAJ"]



Asta este o parte din logul primit de la hosting. De la IP respectiv nu se face decat adaugarea produselor si culmea ca o data la doua-trei zile IP este blocat de hosting. Sincer nu sunt programator are cineva idee ce este cu "minunea" de mai sus ?

Link to comment
Share on other sites

da, asta am inteles si eu dar vezi tu ca ceva nu se leaga, IP ala este al calculatorului "proprietarului" site-ului si nu cred ca ar fi asa de masochist incat sa isi bata joc de munca lui. Am vaga impresie ca modulul ala interpreteaza uneori si fragmente din cuvintele introduse ca descriere sau ca titlu, deoarece unul din produse se numeste "Record ......"

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...