WordPress.org

Ready to get started?Download WordPress

Forums

eShop
[resolved] mod_security (7 posts)

  1. BestyBoopsie
    Member
    Posted 1 year ago #

    hi there!

    we have been getting quite a few of these errors for awhile now, which are resulting in blocks of legitimate customers.

    any ideas on what may be wrong and what we need to do to correct it? our sites are hosted on a vps and the admin with the hosting company believes that disabling mod_security rule 959006 might fix it. however, we thought it best to check with you instead and get your opinion.

    thanks in advance.

    [Thu Apr 11 10:50:24 2013] [error] [client 66.151.103.8] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}? ..." at REQUEST_COOKIES:eshopcart. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "146"] [id "959006"] [msg "System Command Injection"] [data "|rm"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "ourdomainnamehere.com"] [uri "/shopping-cart/cancelled-order"] [unique_id "UWbNsGyglDMAAGPydLQAAAAG"]

    http://wordpress.org/extend/plugins/eshop/

  2. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    I agree with your admin. Modifying your mod_security settings would probably be the best way to deal with this. Looks like the eShop cookie request is being rejected. At what point in the purchasing process is this happening?

  3. BestyBoopsie
    Member
    Posted 1 year ago #

    from what we've been able to ascertain from folks who've been blocked, it's at some point during checkout. we are using paypal.

    thanks, i will have him modify those settings -- and i hope this info may be useful to you at some point.

    p.s. -- i made a donation. you are always helpful, and it's appreciated!

  4. elfin
    Moderator
    Plugin Author

    Posted 1 year ago #

    Also check the wiki, it is possible to disable the cookie, which can help.

  5. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    it's at some point during checkout

    That's what I was afraid of :-( Looks like the current mod_security configuration might even be blocking session - not just cookies. Try the changes suggested by your server admin first and see if that helps. If it doesn't, try the solution outlined in http://quirm.net/wiki/eshop/additional-plugins-and-code-snippets/remove-cookie-functionality/ as elfin suggested.

    And thank you very much for the donation. Your support is very much appreciated. :-)

  6. CPK Web Solutions
    Member
    Posted 1 year ago #

    Hi BestyBoopsie

    The Eshop Magic plugin allows you to turn off the cookie by ticking a box.

    Best wishes

    Paul

  7. esmi
    Theme Diva & Forum Moderator
    Posted 11 months ago #

    As there has not been an update to this topic for a while, I can only assume that the issue has now been resolved and I am now marking it as such. If this is incorrect, please feel free to change the topic's status and/or post a follow-up.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.