Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security 406

Discussion in 'Security' started by screege, Dec 18, 2007.

  1. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    190
    Likes Received:
    0
    Trophy Points:
    166
    Hi I have read and searched and read and searched but nothing I am getting tons of erros with mod_security here are two of the most common one is from chirpys way to the web email script and the second is from php ads (now open ads):

    grep lanets.net /usr/local/apache/logs/error_log

    [Tue Dec 18 22:58:56 2007] [error] [client 189.135.227.243] ModSecurity: Access
    denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W
    +?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:eek:ute|t)|elnet\\\\.exe
    |clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(
    ?:md(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\\\\\/]|\\\\
    W*?\\\\.\\\\.)|hmod.{0,40}? ..." at REQUEST_HEADERS:Cookie. [id "950006"] [msg "
    System Command Injection. Matched signature <; passwd>"] [severity "CRITICAL"] [
    hostname "www.lanets.net"] [uri "/cgi-bin/email/umm.cgi"] [unique_id "gLMBtUU7HM
    0AAFNYMGEAAAAD"]

    and also with this:

    [Tue Dec 18 23:00:01 2007] [error] [client 69.59.28.205] ModSecurity: Access den
    ied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADER
    S:User-Agent" required. [id "990011"] [msg "Request Indicates an automated progr
    am explored the site"] [severity "NOTICE"] [hostname "ads.lanets.net"] [uri "/ph
    p/maintenance/maintenance.php"] [unique_id "hIlb90U7HM0AAFOWLwUAAAAB"]

    I only loaded the default config, mod security 1 never gave me a problem.

    Thanks in advanced to who can help me.
     
    #1 screege, Dec 18, 2007
    Last edited: Dec 18, 2007
  2. santosh.shelake

    santosh.shelake Registered

    Joined:
    Jan 31, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    151
    Mod secutiry

    Hello,

    Please disable mod_security for the domain having a problem. Please create .htaccess file and add the following lines :

    SecFilterEngine Off
     
  3. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    190
    Likes Received:
    0
    Trophy Points:
    166
    Tried it and it gives me a 500 error the server everytime I put it on the htacess file.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice