2010-05-19, 10:01 PM
[Sat May 15 13:25:36 2010] [error] [client 91.192.168.241] ModSecurity: Access denied with code 501 (phase 2). Pattern match "../proc/self/environ" at ARGS:root_dir. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "5"] [msg "/proc/self/environ access"] [data "../proc/self/environ"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.easymybb.com"] [uri "/forum/Phorum_forum.php"] [unique_id "S@8DQEt3wj8AAF-YI@YAAAAC"]
[Sat May 15 13:25:42 2010] [error] [client 91.192.168.241] ModSecurity: Access denied with code 501 (phase 2). Pattern match "../proc/self/environ" at ARGS:root_dir. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "5"] [msg "/proc/self/environ access"] [data "../proc/self/environ"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.easymybb.com"] [uri "/forum/Phorum_forum.php"] [unique_id "S@8DRkt3wj8AAF-YI@cAAAAC"]
[Sat May 15 13:26:32 2010] [error] [client 91.192.168.241] ModSecurity: Access denied with code 501 (phase 2). Pattern match "../proc/self/environ" at ARGS:root_dir. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "5"] [msg "/proc/self/environ access"] [data "../proc/self/environ"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.easymybb.com"] [uri "/forum/Phorum_forum.php"] [unique_id "S@8DeEt3wj8AAF-YI@gAAAAC"]
[Sat May 15 13:27:25 2010] [error] [client 91.192.168.241] ModSecurity: Access denied with code 501 (phase 2). Pattern match "../proc/self/environ" at ARGS:root_dir. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "5"] [msg "/proc/self/environ access"] [data "../proc/self/environ"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.easymybb.com"] [uri "/forum/Phorum_forum.php"] [unique_id "S@8DrUt3wj8AAD8fNtIAAAAA"]
[Sat May 15 13:27:55 2010] [error] [client 91.192.168.241] ModSecurity: Access denied with code 501 (phase 2). Pattern match "../proc/self/environ" at ARGS:root_dir. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "5"] [msg "/proc/self/environ access"] [data "../proc/self/environ"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "www.easymybb.com"] [uri "/forum/Phorum_forum.php"] [unique_id "S@8Dy0t3wj8AAF-YI@kAAAAC"]
got that in the error logs ...looks "critical" bnut might just be nothing ...so asking someone who knows
should i be worried --- did a ip lookup ..somewhere in Germany or Russia or something