The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security 406

Discussion in 'Security' started by screege, Dec 18, 2007.

  1. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Hi I have read and searched and read and searched but nothing I am getting tons of erros with mod_security here are two of the most common one is from chirpys way to the web email script and the second is from php ads (now open ads):

    grep lanets.net /usr/local/apache/logs/error_log

    [Tue Dec 18 22:58:56 2007] [error] [client 189.135.227.243] ModSecurity: Access
    denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W
    +?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:eek:ute|t)|elnet\\\\.exe
    |clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(
    ?:md(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\\\\\/]|\\\\
    W*?\\\\.\\\\.)|hmod.{0,40}? ..." at REQUEST_HEADERS:Cookie. [id "950006"] [msg "
    System Command Injection. Matched signature <; passwd>"] [severity "CRITICAL"] [
    hostname "www.lanets.net"] [uri "/cgi-bin/email/umm.cgi"] [unique_id "gLMBtUU7HM
    0AAFNYMGEAAAAD"]

    and also with this:

    [Tue Dec 18 23:00:01 2007] [error] [client 69.59.28.205] ModSecurity: Access den
    ied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADER
    S:User-Agent" required. [id "990011"] [msg "Request Indicates an automated progr
    am explored the site"] [severity "NOTICE"] [hostname "ads.lanets.net"] [uri "/ph
    p/maintenance/maintenance.php"] [unique_id "hIlb90U7HM0AAFOWLwUAAAAB"]

    I only loaded the default config, mod security 1 never gave me a problem.

    Thanks in advanced to who can help me.
     
    #1 screege, Dec 18, 2007
    Last edited: Dec 18, 2007
  2. santosh.shelake

    santosh.shelake Registered

    Joined:
    Jan 31, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Mod secutiry

    Hello,

    Please disable mod_security for the domain having a problem. Please create .htaccess file and add the following lines :

    SecFilterEngine Off
     
  3. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Tried it and it gives me a 500 error the server everytime I put it on the htacess file.
     
Loading...

Share This Page