Jump to content

Modsecurity Errors


spinko

Recommended Posts

Hello,

 

I'm super happy I found revive as I was using openads for a really long time. A new server forced me to find a new solution and here I am. One thing I'm noticing though is I'm getting errors in appache log as follows:

[Mon Dec 01 20:55:56.639812 2014] [:error] [pid 32688:tid 140229656618752] [client 70.71.139.164] ModSecurity: Rule 2259b98 [id "2000149"][file "/usr/local/apache
/conf/modsec2.user.conf"][line "402"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.huntingbc.ca"] [uri "/adver/www/delivery/lg.php"] [uni
que_id "VH1GXEg01kAAAH@w68IAAADR"]

Any suggestions on how to resolve? It seems as though the ad server is working correctly, just getting the error log filling up.

 

I found this in mod security:

 #PHP Injection Attack generic signature
SecRule REQUEST_URI "\.php\?(((LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action|content|dir|name|menu|pm_path|pagina|path|pathtoroot|cat|include_location|gorumDir|root|page|site|topside|pun_root|open|seite)=(http|https|ftp)\:/|.*(cmd|command)=(cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(download|request|mirror|rget) |id|uname |cvs |svn |(s|r)(cp|sh) |net(stat|cat)|rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z]))" "id:2000149" 
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...