[resolved] mod_security (7 posts)

  1. BestyBoopsie
    Posted 2 years ago #

    hi there!

    we have been getting quite a few of these errors for awhile now, which are resulting in blocks of legitimate customers.

    any ideas on what may be wrong and what we need to do to correct it? our sites are hosted on a vps and the admin with the hosting company believes that disabling mod_security rule 959006 might fix it. however, we thought it best to check with you instead and get your opinion.

    thanks in advance.

    [Thu Apr 11 10:50:24 2013] [error] [client] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}? ..." at REQUEST_COOKIES:eshopcart. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "146"] [id "959006"] [msg "System Command Injection"] [data "|rm"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "ourdomainnamehere.com"] [uri "/shopping-cart/cancelled-order"] [unique_id "UWbNsGyglDMAAGPydLQAAAAG"]


  2. esmi
    Forum Moderator
    Posted 2 years ago #

    I agree with your admin. Modifying your mod_security settings would probably be the best way to deal with this. Looks like the eShop cookie request is being rejected. At what point in the purchasing process is this happening?

  3. BestyBoopsie
    Posted 2 years ago #

    from what we've been able to ascertain from folks who've been blocked, it's at some point during checkout. we are using paypal.

    thanks, i will have him modify those settings -- and i hope this info may be useful to you at some point.

    p.s. -- i made a donation. you are always helpful, and it's appreciated!

  4. elfin
    Plugin Author

    Posted 2 years ago #

    Also check the wiki, it is possible to disable the cookie, which can help.

  5. esmi
    Forum Moderator
    Posted 2 years ago #

    it's at some point during checkout

    That's what I was afraid of :-( Looks like the current mod_security configuration might even be blocking session - not just cookies. Try the changes suggested by your server admin first and see if that helps. If it doesn't, try the solution outlined in http://quirm.net/wiki/eshop/additional-plugins-and-code-snippets/remove-cookie-functionality/ as elfin suggested.

    And thank you very much for the donation. Your support is very much appreciated. :-)

  6. CPK Web Solutions
    Posted 2 years ago #

    Hi BestyBoopsie

    The Eshop Magic plugin allows you to turn off the cookie by ticking a box.

    Best wishes


  7. esmi
    Forum Moderator
    Posted 2 years ago #

    As there has not been an update to this topic for a while, I can only assume that the issue has now been resolved and I am now marking it as such. If this is incorrect, please feel free to change the topic's status and/or post a follow-up.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • eShop
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.