Internal Server Error

Million Dollar Script Forums Installation Internal Server Error Internal Server Error



hi ryan, got this from hosting;

This is due to the web app submitting data that is completely unencoded, and that contains a string that is commonly used in remote file injection attacks. Please contact the developer and ask them to improve their form handling to eliminate this issue.

The other option is to disable mod security for this account, and expose the site to the internet unprotected – or find another script that encodes form data before submitting it.


[10/Dec/2012:15:20:56 +0000] UMX9101IBEIAChhZkwsAAAAT 51798 8888
POST /newcastle/users/write_ad.php HTTP/1.0
Connection: close
Accept-Language: en
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=8d8a225f88ad1ab72da10a3c8d7f7f02
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/4.1.3 Safari/533.19.4
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Content-Type: multipart/form-data; boundary=—-WebKitFormBoundary0fQQdWhmRgQqbk8j
Content-Length: 941

HTTP/1.1 403 Forbidden
Content-Length: 349
Connection: close
Content-Type: text/html; charset=iso-8859-1

Message: Access denied with code 403 (phase 2). Match of “beginsWith http:/%{SERVER_NAME}/” against “MATCHED_VAR” required. [file “/usr/local/apache/conf/modsec_rules/10_asl_rules.conf”] [line “486”] [id “340162”] [rev “257”] [msg “ UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (AE)”] [data “http:/”] [severity “CRITICAL”]
Apache-Error: [file “core.c”] [line 3706] [level 3] File does not exist: /home/bizzer/public_html/403.shtml, referer:
Action: Intercepted (phase 2)
Stopwatch: 1355152855993248 58343 (- – -)
Stopwatch2: 1355152855993248 58343; combined=4615, p1=368, p2=4235, p3=0, p4=0, p5=11, sr=177, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.6.7 (
Server: Apache



Steve Sant

Krystal Hosting Ltd