Internal Server Error

Million Dollar Script Forums Installation Internal Server Error Internal Server Error

#890

Ian
Participant

hi ryan, got this from hosting;


This is due to the web app submitting data that is completely unencoded, and that contains a string that is commonly used in remote file injection attacks. Please contact the developer and ask them to improve their form handling to eliminate this issue.

The other option is to disable mod security for this account, and expose the site to the internet unprotected – or find another script that encodes form data before submitting it.

Regards

–b6341d1d-A–
[10/Dec/2012:15:20:56 +0000] UMX9101IBEIAChhZkwsAAAAT 86.145.125.144 51798 77.72.4.66 8888
–b6341d1d-B–
POST /newcastle/users/write_ad.php HTTP/1.0
Host: bizzer.co.uk
X-Real-IP: 86.145.125.144
X-Forwarded-For: 86.145.125.144
Connection: close
Accept-Language: en
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=8d8a225f88ad1ab72da10a3c8d7f7f02
Referer: http://bizzer.co.uk/newcastle/users/write_ad.php
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; en) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/4.1.3 Safari/533.19.4
Origin: http://bizzer.co.uk
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Content-Type: multipart/form-data; boundary=—-WebKitFormBoundary0fQQdWhmRgQqbk8j
Content-Length: 941

–b6341d1d-I–
mode=edit&ad%5fid=&user%5fid=8d8a225f88ad1ab72da10a3c8d7f7f02&order%5fid=&banner%5fid=1&1=edot3&2=http%3a%2f%2fedot3%2eco%2euk&save=1
–b6341d1d-F–
HTTP/1.1 403 Forbidden
Content-Length: 349
Connection: close
Content-Type: text/html; charset=iso-8859-1

–b6341d1d-H–
Message: Access denied with code 403 (phase 2). Match of “beginsWith http:/%{SERVER_NAME}/” against “MATCHED_VAR” required. [file “/usr/local/apache/conf/modsec_rules/10_asl_rules.conf”] [line “486”] [id “340162”] [rev “257”] [msg “Atomicorp.com UNSUPPORTED DELAYED Rules: Remote File Injection attempt in ARGS (AE)”] [data “http:/”] [severity “CRITICAL”]
Apache-Error: [file “core.c”] [line 3706] [level 3] File does not exist: /home/bizzer/public_html/403.shtml, referer: http://bizzer.co.uk/newcastle/users/write_ad.php
Action: Intercepted (phase 2)
Stopwatch: 1355152855993248 58343 (- – -)
Stopwatch2: 1355152855993248 58343; combined=4615, p1=368, p2=4235, p3=0, p4=0, p5=11, sr=177, sw=1, l=0, gc=0
Producer: ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/).
Server: Apache

–b6341d1d-Z–

Regards

Steve Sant

Krystal Hosting Ltd