Hi to all, need your help on this. Yesterday we got an intrussion in one of our servers, thanks to CSF the files were caught in the fly and no damage was done, we of course, banned the IPs involved and deleted the account from our server, but the question reminds, how the hacker passed the MOD_SECURITY2 rules that we have. Or, maybe you can help me to set a new rule for this intrusion. Here are the details from Apache Log: It seems that I need to improve or add a rule for "cmd.txt?cmd". Do you have a rule for this that you could share with me? Thanks in advance for you kind help.