mod_security

  • Resolved BestyBoopsie

    (@bestyboopsie)


    11 years, 7 months ago

    hi there!

    we have been getting quite a few of these errors for awhile now, which are resulting in blocks of legitimate customers.

    any ideas on what may be wrong and what we need to do to correct it? our sites are hosted on a vps and the admin with the hosting company believes that disabling mod_security rule 959006 might fix it. however, we thought it best to check with you instead and get your opinion.

    thanks in advance.

    [Thu Apr 11 10:50:24 2013] [error] [client 66.151.103.8] ModSecurity: Access denied with code 501 (phase 2). Pattern match “(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}? …” at REQUEST_COOKIES:eshopcart. [file “/usr/local/apache/conf/modsec2.user.conf”] [line “146”] [id “959006”] [msg “System Command Injection”] [data “|rm”] [severity “CRITICAL”] [tag “WEB_ATTACK/COMMAND_INJECTION”] [hostname “ourdomainnamehere.com”] [uri “/shopping-cart/cancelled-order”] [unique_id “UWbNsGyglDMAAGPydLQAAAAG”]

    https://www.ads-software.com/extend/plugins/eshop/

Viewing 6 replies - 1 through 6 (of 6 total)

  • I agree with your admin. Modifying your mod_security settings would probably be the best way to deal with this. Looks like the eShop cookie request is being rejected. At what point in the purchasing process is this happening?

    Thread Starter BestyBoopsie

    (@bestyboopsie)

    from what we’ve been able to ascertain from folks who’ve been blocked, it’s at some point during checkout. we are using paypal.

    thanks, i will have him modify those settings — and i hope this info may be useful to you at some point.

    p.s. — i made a donation. you are always helpful, and it’s appreciated!

    Plugin Author elfin

    (@elfin)

    Also check the wiki, it is possible to disable the cookie, which can help.

    it’s at some point during checkout

    That’s what I was afraid of ?? Looks like the current mod_security configuration might even be blocking session – not just cookies. Try the changes suggested by your server admin first and see if that helps. If it doesn’t, try the solution outlined in https://quirm.net/wiki/eshop/additional-plugins-and-code-snippets/remove-cookie-functionality/ as elfin suggested.

    And thank you very much for the donation. Your support is very much appreciated. ??

    Hi BestyBoopsie

    The Eshop Magic plugin allows you to turn off the cookie by ticking a box.

    Best wishes

    Paul

    As there has not been an update to this topic for a while, I can only assume that the issue has now been resolved and I am now marking it as such. If this is incorrect, please feel free to change the topic’s status and/or post a follow-up.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘mod_security’ is closed to new replies.