[mod-security-users] (no subject)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] (no subject)
|
From: <TO...@we...> - 2010-10-02 08:22:40
|
<body bgcolor="#ffffff" background="https://img.web.de/v/p.gif" class="bgRepeatYes" style="background-repeat: repeat; background-color: rgb(255, 255, 255); color: rgb(0, 0, 0); font-family: verdana,geneva; font-size: 9pt; padding-left: 0px;"><div style="min-height: 200px; background-image: url(https://img.web.de/v/p.gif); background-repeat: repeat; background-color: #ffffff; font-family: verdana,geneva; font-size: 9pt; padding-left: 0px;"><span style="font-size: 9pt;"><span style="font-family: verdana,geneva;"><span style="background-color: transparent;"><span style="color: #000000;"><span style="color: #000000;">Hallo <br /><br />I have installed mod security on my Apache Webserver. After that I have tried if mod security works fine. So I tried this <br /></span></span></span></span></span>to simulate an Injection. <br /><br />When I try this my Webserver isr unreachable. My http and ssh Session to the Webserver are closed and I have to reboot the Webserver. So what happend ? I have no Idea ? This is what the Log say:<br /><br />--b2e4d027-F--<br />HTTP/1.1 501 Method Not Implemented<br />Allow: TRACE<br />Vary: Accept-Encoding<br />Content-Encoding: gzip<br />Content-Length: 239<br />Connection: close<br />Content-Type: text/html; charset=iso-8859-1<br /><br />--b2e4d027-H--<br />Message: Access denied with code 501 (phase 2). Pattern match "(?:(?:[\;\|\`]\W*?\bcc|\bwget)\b|\/cc(?:[\'"\|\;\`\-\s]|$))" at ARGS:a. [file "/etc/apache2/rulesets/modsecurity_crs_40_generic_attacks.conf"] [line "144"] [id "950907"] [msg "System Command Injection"] [data "wget"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"]<br />Action: Intercepted (phase 2)<br />Stopwatch: 1285937680234156 80961 (41534 80080 -)<br />Producer: ModSecurity for Apache/2.5.9 (http://www.modsecurity.org/); core ruleset/1.6.1.<br /><br />-b2e4d027-Z--<br /><br /><br /><br /><br />144 "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'System Command Injection',id:'950907',tag:'WEB _ATTACK/COMMAND_INJECTION',logdata:'%{TX.0}',severity:'2'"<br /><br /><br /> <br />Can You help me ? <br /><br />Sorry for my very bad English. I hope I can explain my Problem ! Thank you for help<br /><br />sxx128</div> <br><br><table cellpadding="0" cellspacing="0" border="0"><tr><td bgcolor="#000000"><img src="https://img.web.de/p.gif" width="1" height="1" border="0" alt="" /></td></tr><tr><td style="font-family:verdana; font-size:12px; line-height:17px;">WEB.DE DSL Doppel-Flat ab 19,99 €/mtl.! Jetzt auch mit <br>gratis Notebook-Flat! <a href="http://produkte.web.de/go/DSL_Doppel_Flatrate/2"><b>http://produkte.web.de/go/DSL_Doppel_Flatrate/2</b></a></td></tr></table> </body> |
;){kind=link}
