Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

weird cookie line in logfile

Discussion in 'General Discussion' started by DrGreen, Jan 28, 2005.

  1. DrGreen

    DrGreen Active Member

    May 5, 2004
    Likes Received:
    Trophy Points:
    hi all,

    i have some weird log entry in my mod_security logs, when i open a random page (nothing todo with phpbb whatsoever) and do something against the rules like index.php?var=wget it blocks and logs the following:

    ------cut ---
    Request: ******** - - [26/Jan/2005:01:21:55 +0100] "GET /index.php?var=wget HTTP/1.1" 406 268
    Handler: application/x-httpd-php
    GET /index.php?var=wget HTTP/1.1
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/$
    Accept-Encoding: gzip, deflate
    Accept-Language: en-us
    Connection: Keep-Alive
    Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22098716940bd94180dfc61d34c7984447%2$
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
    mod_security-message: Access denied with code 406. Pattern match "wget " at THE_REQUEST.
    mod_security-action: 406

    HTTP/1.1 406 Not Acceptable
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=iso-8859-1


    now i am thinking, what the hell does that cookie there?
    someone used the highlight exploit in phpbb in one of my forums lately to ddos attacks other servers, thats why i installed mod_security so im wondering if this are traces of that exploit.

    any thoughts on this would be apreciated

Share This Page