MyBB Community Forums

MyBB Community Forums > Community > General Discussion > might sound noobish but should i be worried
Full Version: might sound noobish but should i be worried
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Jitendra M

2010-05-19, 10:01 PM
[Sat May 15 13:25:36 2010] [error] [client 91.192.168.241] ModSecurity: Access denied with code 501 (phase 2). Pattern match "../proc/self/environ" at ARGS:root_dir. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "5"] [msg "/proc/self/environ access"] [data "../proc/self/environ"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.easymybb.com"] [uri "/forum/Phorum_forum.php"] [unique_id "S@8DQEt3wj8AAF-YI@YAAAAC"]


[Sat May 15 13:25:42 2010] [error] [client 91.192.168.241] ModSecurity: Access denied with code 501 (phase 2). Pattern match "../proc/self/environ" at ARGS:root_dir. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "5"] [msg "/proc/self/environ access"] [data "../proc/self/environ"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.easymybb.com"] [uri "/forum/Phorum_forum.php"] [unique_id "S@8DRkt3wj8AAF-YI@cAAAAC"]


[Sat May 15 13:26:32 2010] [error] [client 91.192.168.241] ModSecurity: Access denied with code 501 (phase 2). Pattern match "../proc/self/environ" at ARGS:root_dir. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "5"] [msg "/proc/self/environ access"] [data "../proc/self/environ"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.easymybb.com"] [uri "/forum/Phorum_forum.php"] [unique_id "S@8DeEt3wj8AAF-YI@gAAAAC"]
[Sat May 15 13:27:25 2010] [error] [client 91.192.168.241] ModSecurity: Access denied with code 501 (phase 2). Pattern match "../proc/self/environ" at ARGS:root_dir. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "5"] [msg "/proc/self/environ access"] [data "../proc/self/environ"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.easymybb.com"] [uri "/forum/Phorum_forum.php"] [unique_id "S@8DrUt3wj8AAD8fNtIAAAAA"]


[Sat May 15 13:27:55 2010] [error] [client 91.192.168.241] ModSecurity: Access denied with code 501 (phase 2). Pattern match "../proc/self/environ" at ARGS:root_dir. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "5"] [msg "/proc/self/environ access"] [data "../proc/self/environ"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.easymybb.com"] [uri "/forum/Phorum_forum.php"] [unique_id "S@8Dy0t3wj8AAF-YI@kAAAAC"]

got that in the error logs ...looks "critical" bnut might just be nothing ...so asking someone who knows

should i be worried --- did a ip lookup ..somewhere in Germany or Russia or something

Lithium

2010-05-19, 10:28 PM
Russia? Be very worried.

KuJoe

2010-05-20, 06:23 AM
You should be more worried about the attacks your server security is not logging/stopping. Wink

Diminished

2010-05-20, 07:08 AM
Is this from the error log in cPanel?

It looks ok, just seems to be that your server is denying requests to certain things.

However, I'm no expert, wait for a team member or someone experienced to reply.

cohen

2010-05-20, 08:03 AM
If they are coming from countries that have a bad reputation for hacking or other related activities, i would block those IP from having access to the site / server.

KuJoe

2010-05-20, 08:09 AM
It's just a mod_security alert, I get at least 100 of them an hour. If your server is configured properly the firewall already blocked them. Wink
MyBB Community Forums > Community > General Discussion > might sound noobish but should i be worried