Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

weird cookie line in logfile

Discussion in 'General Discussion' started by DrGreen, Jan 28, 2005.

  1. DrGreen

    DrGreen Active Member

    Joined:
    May 5, 2004
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    156
    hi all,

    i have some weird log entry in my mod_security logs, when i open a random page (nothing todo with phpbb whatsoever) and do something against the rules like index.php?var=wget it blocks and logs the following:

    ------cut ---
    ========================================
    Request: ******** - - [26/Jan/2005:01:21:55 +0100] "GET /index.php?var=wget HTTP/1.1" 406 268
    Handler: application/x-httpd-php
    ----------------------------------------
    GET /index.php?var=wget HTTP/1.1
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-$
    Accept-Encoding: gzip, deflate
    Accept-Language: en-us
    Connection: Keep-Alive
    Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%22098716940bd94180dfc61d34c7984447%2$
    Host: optixdesigns.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
    mod_security-message: Access denied with code 406. Pattern match "wget " at THE_REQUEST.
    mod_security-action: 406

    HTTP/1.1 406 Not Acceptable
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=iso-8859-1

    ---cut----

    now i am thinking, what the hell does that cookie there?
    someone used the highlight exploit in phpbb in one of my forums lately to ddos attacks other servers, thats why i installed mod_security so im wondering if this are traces of that exploit.

    any thoughts on this would be apreciated
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice