Anton232

Проблема решена отключил Modsecurity в Cpanel - Безопасность -> ModSecurity

[volosuz@web1 logs]$ grep x-lab.uz /usr/local/apache/logs/error_log | grep ModSecurity [Thu Jul 26 19:32:38.390695 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:ascp_settings[box_share]: <!-- AddThis Button BEGIN -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook_like\\x22 fb:like:layout=\\x22button_count\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_youtube\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Thu Jul 26 19:32:38.390824 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:ascp_settings[box_share_list]: <!-- AddThis Button BEGIN -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style \\x22\\x0d\\x0a\\x09addthis:url=\\x22{URL}\\x22\\x0d\\x0a\\x09addthis:title=\\x22{TITLE}\\x22\\x0d\\x0a\\x09addthis:description=\\x22{DESCRIPTION}\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Thu Jul 26 19:32:38.391219 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Pattern match "(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)" at ARGS:ascp_settings[box_share]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "45"] [id "941110"][rev "2"] [msg "XSS Filter - Category 1: Script Tag Vector"] [data "Matched Data: <script async type=\\x22text/javascript\\x22 src=\\x22https://s7.addthis.com/js/250/addthis_widget.js\\x22> found within ARGS:ascp_settings[box_share]: <!-- AddThis Button BEGIN -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook_like\\x22 fb:like:layout=\\x22button_count\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_youtube\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_v..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CR [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Thu Jul 26 19:32:38.391334 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Pattern match "(?i)([<\\xef\\xbc\\x9c]script[^>\\xef\\xbc\\x9e]*[>\\xef\\xbc\\x9e][\\\\s\\\\S]*?)" at ARGS:ascp_settings[box_share_list]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "45"] [id "941110"] [rev "2"] [msg "XSS Filter - Category 1: Script Tag Vector"] [data "Matched Data: <script async type=\\x22text/javascript\\x22 src=\\x22https://s7.addthis.com/js/250/addthis_widget.js\\x22> found within ARGS:ascp_settings[box_share_list]: <!-- AddThis Button BEGIN -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style \\x22\\x0d\\x0a\\x09addthis:url=\\x22{URL}\\x22\\x0d\\x0a\\x09addthis:title=\\x22{TITLE}\\x22\\x0d\\x0a\\x09addthis:description=\\x22{DESCRIPTION}\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWA [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Thu Jul 26 19:32:38.393655 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:ascp_settings[box_share]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <div class=\\x22addthis_toolbox addthis_default_style\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook_like\\x22 fb:like:layout=\\x22button_count\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_youtube\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_tweet\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_pinterest_pin [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Thu Jul 26 19:32:38.393838 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:ascp_settings[box_share_list]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <div class=\\x22addthis_toolbox addthis_default_style \\x22\\x0d\\x0a\\x09addthis:url=\\x22{URL}\\x22\\x0d\\x0a\\x09addthis:title=\\x22{TITLE}\\x22\\x0d\\x0a\\x09addthis:description=\\x22{DESCRIPTION}\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_twitter\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_email\\x22></a>\\x0d\\x0a\\x09<a [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Thu Jul 26 19:32:38.395449 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Matched phrase "<!--" at ARGS:ascp_settings[box_share]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "87"] [id "941180"] [rev "2"] [msg "Node-Validator Blacklist Keywords"] [data "Matched Data: <!-- found within ARGS:ascp_settings[box_share]: <!-- addthis button begin -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook_like\\x22 fb:like:layout=\\x22button_count\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_youtube\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWA [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Thu Jul 26 19:32:38.395534 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Matched phrase "<!--" at ARGS:ascp_settings[box_share_list]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "87"] [id "941180"] [rev "2"] [msg "Node-Validator Blacklist Keywords"] [data "Matched Data: <!-- found within ARGS:ascp_settings[box_share_list]: <!-- addthis button begin -->\\x0d\\x0a<div class=\\x22addthis_toolbox addthis_default_style \\x22\\x0d\\x0a\\x09addthis:url=\\x22{url}\\x22\\x0d\\x0a\\x09addthis:title=\\x22{title}\\x22\\x0d\\x0a\\x09addthis:description=\\x22{description}\\x22>\\x0d\\x0a\\x09<a class=\\x22addthis_button_vk\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_facebook\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_odnoklassniki_ru\\x22></a>\\x0d\\x0a\\x09<a class=\\x22addthis_button_tw..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Thu Jul 26 19:32:38.410410 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 40)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Thu Jul 26 19:32:38.466628 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 40 - SQLI=0,XSS=40,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Node-Validator Blacklist Keywords"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Thu Jul 26 19:32:38.467460 2018] [:error] [pid 2553387:tid 140696358782720] [client 213.230.95.74:34362] [client 213.230.95.74] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1nbhoSVCaaU@O796Cmi2QAAAVQ"], referer: http://x-lab.uz/admin/index.php?route=module/blog&token=181ba5aa98a715f6501756ea4bb7120c [Fri Jul 27 13:18:32.457758 2018] [:error] [pid 46544:tid 140696434317056] [client 83.221.170.59:57623] [client 83.221.170.59] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:welcome_module[1][description][3]: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style=\\x22font-size: x-large;\\x22><strong><em>\\x1f>G5<C 2K =5 >1;KA55B5, A>E@0=8B5 8 C:@5?8B5 A2>8 2>;>AK, E>BO 35=5B8G5A:8 2 20A 70;>65=>>1@0B=>5</em></strong></span></p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\x12K 70<5B8;8, GB> =0 @0AG5A:5, ?>4CH:5 2>;>A >AB05BAO 2A5 1>;LH5, 0 =0 3>;>25 2A5 <5=LH5? \\x12AQ B@C4=55 A:@K20BL ?;5H8? \\x12 :0:>9-B> <><5=B 2K 3..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVWE0JrVNnDvPaFbK90QAAAEs"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=5a4f04f7e783aa85452f48c338391519 [Fri Jul 27 13:18:32.462312 2018] [:error] [pid 46544:tid 140696434317056] [client 83.221.170.59:57623] [client 83.221.170.59] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:welcome_module[1][description][3]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style= found within ARGS:welcome_module[1][description][3]: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style=\\x22font-size: x-large;\\x22><strong><em>\\x1f>G5<C 2K =5 >1;KA55B5, A>E@0=8B5 8 C:@5?8B5 A2>8 2>;>AK, E>BO 35=5B8G5A:8 2 20A 70;>65=> >1@0B=>5</em></strong></span></p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\x12K 70<5B8;8, GB> =0 @0AG5A:5, ?>4CH:5 2>; [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVWE0JrVNnDvPaFbK90QAAAEs"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=5a4f04f7e783aa85452f48c338391519 [Fri Jul 27 13:18:32.562761 2018] [:error] [pid 46544:tid 140696434317056] [client 83.221.170.59:57623] [client 83.221.170.59] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVWE0JrVNnDvPaFbK90QAAAEs"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=5a4f04f7e783aa85452f48c338391519 [Fri Jul 27 13:18:33.129115 2018] [:error] [pid 46544:tid 140696434317056] [client 83.221.170.59:57623] [client 83.221.170.59] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1rVWE0JrVNnDvPaFbK90QAAAEs"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=5a4f04f7e783aa85452f48c338391519 [Fri Jul 27 13:18:33.129724 2018] [:error] [pid 46544:tid 140696434317056] [client 83.221.170.59:57623] [client 83.221.170.59] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1rVWE0JrVNnDvPaFbK90QAAAEs"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=5a4f04f7e783aa85452f48c338391519 [Fri Jul 27 13:19:32.773683 2018] [:error] [pid 46545:tid 140696409138944] [client 83.221.170.59:57767] [client 83.221.170.59] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:welcome_module[1][description][3]: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style=\\x22font-size: x-large;\\x22><strong><em>\\x1f>G5<C 2K =5 >1;KA55B5, A>E@0=8B5 8 C:@5?8B5 A2>8 2>;>AK, E>BO 35=5B8G5A:8 2 20A 70;>65=>>1@0B=>5</em></strong></span></p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\x12K 70<5B8;8, GB> =0 @0AG5A:5, ?>4CH:5 2>;>A >AB05BAO 2A5 1>;LH5, 0 =0 3>;>25 2A5 <5=LH5? \\x12AQ B@C4=55 A:@K20BL ?;5H8? \\x12 :0:>9-B> <><5=B 2K 3..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVlCpUPBLq54fcn-p9RwAAAQ4"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=0834aa91e16a1787e3ec88b9bd0485a8 [Fri Jul 27 13:19:32.778285 2018] [:error] [pid 46545:tid 140696409138944] [client 83.221.170.59:57767] [client 83.221.170.59] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:welcome_module[1][description][3]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style= found within ARGS:welcome_module[1][description][3]: <h1>\\x0d\\x0a\\x09(C715:A:89)!@54AB20 ?@>B82 2K?045=8O 2>;>A</h1>\\x0d\\x0a<p>\\x0d\\x0a\\x09<span style=\\x22font-size: x-large;\\x22><strong><em>\\x1f>G5<C 2K =5 >1;KA55B5, A>E@0=8B5 8 C:@5?8B5 A2>8 2>;>AK, E>BO 35=5B8G5A:8 2 20A 70;>65=> >1@0B=>5</em></strong></span></p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\x12K 70<5B8;8, GB> =0 @0AG5A:5, ?>4CH:5 2>; [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVlCpUPBLq54fcn-p9RwAAAQ4"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=0834aa91e16a1787e3ec88b9bd0485a8 [Fri Jul 27 13:19:32.879720 2018] [:error] [pid 46545:tid 140696409138944] [client 83.221.170.59:57767] [client 83.221.170.59] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1rVlCpUPBLq54fcn-p9RwAAAQ4"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=0834aa91e16a1787e3ec88b9bd0485a8 [Fri Jul 27 13:19:32.910276 2018] [:error] [pid 46545:tid 140696409138944] [client 83.221.170.59:57767] [client 83.221.170.59] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1rVlCpUPBLq54fcn-p9RwAAAQ4"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=0834aa91e16a1787e3ec88b9bd0485a8 [Fri Jul 27 13:19:32.910910 2018] [:error] [pid 46545:tid 140696409138944] [client 83.221.170.59:57767] [client 83.221.170.59] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1rVlCpUPBLq54fcn-p9RwAAAQ4"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=0834aa91e16a1787e3ec88b9bd0485a8 [Fri Jul 27 16:15:51.204657 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:58522] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1r@59mjLv3QEJpp2pZgvAAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:15:51.206204 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:58522] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1r@59mjLv3QEJpp2pZgvAAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:15:51.254059 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:58522] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1r@59mjLv3QEJpp2pZgvAAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:15:51.254547 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:58522] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1r@59mjLv3QEJpp2pZgvAAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:35:12.374596 2018] [:error] [pid 373130:tid 140696526636800] [client 213.230.93.194:52306] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sDcNmjLv3QEJpp2pZhYQAAAAA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:35:12.381028 2018] [:error] [pid 373130:tid 140696526636800] [client 213.230.93.194:52306] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sDcNmjLv3QEJpp2pZhYQAAAAA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:35:13.082205 2018] [:error] [pid 373130:tid 140696526636800] [client 213.230.93.194:52306] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sDcNmjLv3QEJpp2pZhYQAAAAA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:35:13.082695 2018] [:error] [pid 373130:tid 140696526636800] [client 213.230.93.194:52306] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sDcNmjLv3QEJpp2pZhYQAAAAA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:45:16.154136 2018] [:error] [pid 373344:tid 140696325211904] [client 213.230.93.194:29904] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sFzA1TjRqw0VbHDL2uogAAAVg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:45:16.155712 2018] [:error] [pid 373344:tid 140696325211904] [client 213.230.93.194:29904] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sFzA1TjRqw0VbHDL2uogAAAVg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:45:16.219376 2018] [:error] [pid 373344:tid 140696325211904] [client 213.230.93.194:29904] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sFzA1TjRqw0VbHDL2uogAAAVg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:45:16.219888 2018] [:error] [pid 373344:tid 140696325211904] [client 213.230.93.194:29904] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sFzA1TjRqw0VbHDL2uogAAAVg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:47:08.165614 2018] [:error] [pid 373343:tid 140696375568128] [client 213.230.93.194:44789] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09@825B ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sGPHCFKoS7yqQNPNRO7AAAANI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:47:08.167295 2018] [:error] [pid 373343:tid 140696375568128] [client 213.230.93.194:44789] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sGPHCFKoS7yqQNPNRO7AAAANI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:47:08.234858 2018] [:error] [pid 373343:tid 140696375568128] [client 213.230.93.194:44789] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sGPHCFKoS7yqQNPNRO7AAAANI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 16:47:08.235395 2018] [:error] [pid 373343:tid 140696375568128] [client 213.230.93.194:44789] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sGPHCFKoS7yqQNPNRO7AAAANI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=b40d2a30d7795fac597ecee75a48a479 [Fri Jul 27 17:08:36.543457 2018] [:error] [pid 373130:tid 140696493065984] [client 213.230.93.194:56455] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sLRNmjLv3QEJpp2pZlrAAAAAQ"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:08:36.545072 2018] [:error] [pid 373130:tid 140696493065984] [client 213.230.93.194:56455] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sLRNmjLv3QEJpp2pZlrAAAAAQ"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:08:36.551351 2018] [:error] [pid 373130:tid 140696493065984] [client 213.230.93.194:56455] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sLRNmjLv3QEJpp2pZlrAAAAAQ"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:08:36.551831 2018] [:error] [pid 373130:tid 140696493065984] [client 213.230.93.194:56455] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sLRNmjLv3QEJpp2pZlrAAAAAQ"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:09:09.066708 2018] [:error] [pid 373093:tid 140696501458688] [client 213.230.93.194:13451] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sLZfr-27kSUAVZAb-PiwAAAEM"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:09:09.068307 2018] [:error] [pid 373093:tid 140696501458688] [client 213.230.93.194:13451] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sLZfr-27kSUAVZAb-PiwAAAEM"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:09:09.139623 2018] [:error] [pid 373093:tid 140696501458688] [client 213.230.93.194:13451] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sLZfr-27kSUAVZAb-PiwAAAEM"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:09:09.140105 2018] [:error] [pid 373093:tid 140696501458688] [client 213.230.93.194:13451] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sLZfr-27kSUAVZAb-PiwAAAEM"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:19:43.305448 2018] [:error] [pid 373343:tid 140696459495168] [client 213.230.93.194:37384] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: = ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09@825BONB= ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sN33CFKoS7yqQNPNRQigAAAMg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:19:43.307089 2018] [:error] [pid 373343:tid 140696459495168] [client 213.230.93.194:37384] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sN33CFKoS7yqQNPNRQigAAAMg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:19:43.348425 2018] [:error] [pid 373343:tid 140696459495168] [client 213.230.93.194:37384] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sN33CFKoS7yqQNPNRQigAAAMg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:19:43.348927 2018] [:error] [pid 373343:tid 140696459495168] [client 213.230.93.194:37384] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sN33CFKoS7yqQNPNRQigAAAMg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:19:54.976725 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:50760] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sN6g1TjRqw0VbHDL2xAQAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:19:54.978241 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:50760] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sN6g1TjRqw0VbHDL2xAQAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:19:55.002562 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:50760] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sN6g1TjRqw0VbHDL2xAQAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:19:55.003049 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:50760] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sN6g1TjRqw0VbHDL2xAQAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:20:52.391894 2018] [:error] [pid 373344:tid 140696383960832] [client 213.230.93.194:37070] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB= =>=@@@=@=@</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sOJA1TjRqw0VbHDL2xGQAAAVE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:20:52.393570 2018] [:error] [pid 373344:tid 140696383960832] [client 213.230.93.194:37070] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sOJA1TjRqw0VbHDL2xGQAAAVE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:20:52.419143 2018] [:error] [pid 373344:tid 140696383960832] [client 213.230.93.194:37070] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sOJA1TjRqw0VbHDL2xGQAAAVE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:20:52.419634 2018] [:error] [pid 373344:tid 140696383960832] [client 213.230.93.194:37070] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sOJA1TjRqw0VbHDL2xGQAAAVE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:21:55.933730 2018] [:error] [pid 373093:tid 140696526636800] [client 213.230.93.194:20974] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sOY-r-27kSUAVZAb-QvwAAAEA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:21:55.935380 2018] [:error] [pid 373093:tid 140696526636800] [client 213.230.93.194:20974] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sOY-r-27kSUAVZAb-QvwAAAEA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:21:55.971317 2018] [:error] [pid 373093:tid 140696526636800] [client 213.230.93.194:20974] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sOY-r-27kSUAVZAb-QvwAAAEA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:21:55.971835 2018] [:error] [pid 373093:tid 140696526636800] [client 213.230.93.194:20974] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sOY-r-27kSUAVZAb-QvwAAAEA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:28:13.996360 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:61932] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sP3Q1TjRqw0VbHDL2xzwAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:28:13.997961 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:61932] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sP3Q1TjRqw0VbHDL2xzwAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:28:14.032399 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:61932] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sP3Q1TjRqw0VbHDL2xzwAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:28:14.032894 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:61932] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sP3Q1TjRqw0VbHDL2xzwAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:32:47.923648 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:41713] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][2]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][2]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sQ7-r-27kSUAVZAb-RYgAAAEg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:32:47.925206 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:41713] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sQ7-r-27kSUAVZAb-RYgAAAEg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:32:47.958587 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:41713] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sQ7-r-27kSUAVZAb-RYgAAAEg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:32:47.959109 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:41713] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sQ7-r-27kSUAVZAb-RYgAAAEg"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=ecefd0c64685063ff8243467cc760356 [Fri Jul 27 17:43:17.562716 2018] [:error] [pid 373130:tid 140696383960832] [client 213.230.93.194:41519] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sTZdmjLv3QEJpp2pZoWwAAABE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:43:17.564389 2018] [:error] [pid 373130:tid 140696383960832] [client 213.230.93.194:41519] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sTZdmjLv3QEJpp2pZoWwAAABE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:43:17.564662 2018] [:error] [pid 373130:tid 140696383960832] [client 213.230.93.194:41519] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sTZdmjLv3QEJpp2pZoWwAAABE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:43:17.565092 2018] [:error] [pid 373130:tid 140696383960832] [client 213.230.93.194:41519] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sTZdmjLv3QEJpp2pZoWwAAABE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:43:58.678290 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:29045] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sTjg1TjRqw0VbHDL2y4wAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:43:58.679793 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:29045] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sTjg1TjRqw0VbHDL2y4wAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:43:58.680061 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:29045] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sTjg1TjRqw0VbHDL2y4wAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:43:58.680500 2018] [:error] [pid 373344:tid 140696425924352] [client 213.230.93.194:29045] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sTjg1TjRqw0VbHDL2y4wAAAUw"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:45:53.386278 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:54523] [client 213.230.93.194] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09<font style=\\x22vertical-align: inherit;\\x22><font style=\\x22vertical-align: inherit;\\x22>ONB=</font></font></p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUAdmjLv3QEJpp2pZobQAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:45:53.386732 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:54523] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <p>\\x0d\\x0a\\x09<font style=\\x22vertical-align: inherit;\\x22><fontstyle= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09<font style=\\x22vertical-align: inherit;\\x22><font style=\\x22vertical-align: inherit;\\x22>ONB=</font></font></p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8 [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUAdmjLv3QEJpp2pZobQAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:45:53.388461 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:54523] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUAdmjLv3QEJpp2pZobQAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:45:53.388822 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:54523] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: HTML Injection"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUAdmjLv3QEJpp2pZobQAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:45:53.389347 2018] [:error] [pid 373130:tid 140696392353536] [client 213.230.93.194:54523] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUAdmjLv3QEJpp2pZobQAAABA"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:47:13.879675 2018] [:error] [pid 373093:tid 140696383960832] [client 213.230.93.194:14891] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sUUfr-27kSUAVZAb-S9AAAAFE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:47:13.881185 2018] [:error] [pid 373093:tid 140696383960832] [client 213.230.93.194:14891] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sUUfr-27kSUAVZAb-S9AAAAFE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:47:13.881416 2018] [:error] [pid 373093:tid 140696383960832] [client 213.230.93.194:14891] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sUUfr-27kSUAVZAb-S9AAAAFE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:47:13.881812 2018] [:error] [pid 373093:tid 140696383960832] [client 213.230.93.194:14891] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sUUfr-27kSUAVZAb-S9AAAAFE"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:52:08.598176 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sVeA1TjRqw0VbHDL2zaAAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:52:08.599650 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sVeA1TjRqw0VbHDL2zaAAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:52:08.599924 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sVeA1TjRqw0VbHDL2zaAAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:52:08.600332 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sVeA1TjRqw0VbHDL2zaAAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:52:15.027608 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=0</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag"OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sVfw1TjRqw0VbHDL2zagAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:52:15.029101 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sVfw1TjRqw0VbHDL2zagAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:52:15.029356 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sVfw1TjRqw0VbHDL2zagAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 17:52:15.029768 2018] [:error] [pid 373344:tid 140696467887872] [client 213.230.93.194:47332] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sVfw1TjRqw0VbHDL2zagAAAUc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=c5c8fbb36b32e3c0504038868bdb9c72 [Fri Jul 27 18:04:57.936271 2018] [:error] [pid 373343:tid 140696509851392] [client 213.230.93.194:64259] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09=@@=@=@=bhghghghgghgh ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sYeXCFKoS7yqQNPNRU2QAAAMI"],referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0 [Fri Jul 27 18:04:57.937626 2018] [:error] [pid 373343:tid 140696509851392] [client 213.230.93.194:64259] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sYeXCFKoS7yqQNPNRU2QAAAMI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0 [Fri Jul 27 18:04:57.937944 2018] [:error] [pid 373343:tid 140696509851392] [client 213.230.93.194:64259] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sYeXCFKoS7yqQNPNRU2QAAAMI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0 [Fri Jul 27 18:04:57.938353 2018] [:error] [pid 373343:tid 140696509851392] [client 213.230.93.194:64259] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sYeXCFKoS7yqQNPNRU2QAAAMI"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0 [Fri Jul 27 18:05:11.154919 2018] [:error] [pid 373112:tid 140696476280576] [client 213.230.93.194:25355] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09=@@=@=@=bhghghghgghgh ONB= @=@@==@</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sYh0XLN-ozM67BhZT0pwAAAQY"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0 [Fri Jul 27 18:05:11.156255 2018] [:error] [pid 373112:tid 140696476280576] [client 213.230.93.194:25355] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sYh0XLN-ozM67BhZT0pwAAAQY"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0 [Fri Jul 27 18:05:11.156535 2018] [:error] [pid 373112:tid 140696476280576] [client 213.230.93.194:25355] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sYh0XLN-ozM67BhZT0pwAAAQY"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0 [Fri Jul 27 18:05:11.157013 2018] [:error] [pid 373112:tid 140696476280576] [client 213.230.93.194:25355] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sYh0XLN-ozM67BhZT0pwAAAQY"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=57cd1e9422051d35e00172e2cc0bfdf0 [Fri Jul 27 18:47:18.596775 2018] [:error] [pid 373130:tid 140696333604608] [client 213.230.93.194:11527] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:welcome_module[1][description][1]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:welcome_module[1][description][1]: <p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1siZtmjLv3QEJpp2pZsZgAAABc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=7344c87e82bf8c96121f804c87dfb3a4 [Fri Jul 27 18:47:18.598539 2018] [:error] [pid 373130:tid 140696333604608] [client 213.230.93.194:11527] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1siZtmjLv3QEJpp2pZsZgAAABc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=7344c87e82bf8c96121f804c87dfb3a4 [Fri Jul 27 18:47:18.598821 2018] [:error] [pid 373130:tid 140696333604608] [client 213.230.93.194:11527] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1siZtmjLv3QEJpp2pZsZgAAABc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=7344c87e82bf8c96121f804c87dfb3a4 [Fri Jul 27 18:47:18.599254 2018] [:error] [pid 373130:tid 140696333604608] [client 213.230.93.194:11527] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1siZtmjLv3QEJpp2pZsZgAAABc"], referer: http://x-lab.uz/admin/index.php?route=module/welcome&token=7344c87e82bf8c96121f804c87dfb3a4 [Fri Jul 27 18:52:22.994925 2018] [:error] [pid 373130:tid 140696425924352] [client 213.230.93.194:18690] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28O A>3;0H5=8O ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sjltmjLv3QEJpp2pZs7gAAAAw"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 18:52:22.998149 2018] [:error] [pid 373130:tid 140696425924352] [client 213.230.93.194:18690] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sjltmjLv3QEJpp2pZs7gAAAAw"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 18:52:22.998429 2018] [:error] [pid 373130:tid 140696425924352] [client 213.230.93.194:18690] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sjltmjLv3QEJpp2pZs7gAAAAw"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 18:52:22.998859 2018] [:error] [pid 373130:tid 140696425924352] [client 213.230.93.194:18690] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/403.shtml"] [unique_id "W1sjltmjLv3QEJpp2pZs7gAAAAw"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:04:25.202430 2018] [:error] [pid 373344:tid 140696526636800] [client 213.230.93.194:19500] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8O</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1smaQ1TjRqw0VbHDL28EAAAAUA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:04:25.205692 2018] [:error] [pid 373344:tid 140696526636800] [client 213.230.93.194:19500] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1smaQ1TjRqw0VbHDL28EAAAAUA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:04:26.271536 2018] [:error] [pid 373344:tid 140696526636800] [client 213.230.93.194:19500] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1smaQ1TjRqw0VbHDL28EAAAAUA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:04:26.272063 2018] [:error] [pid 373344:tid 140696526636800] [client 213.230.93.194:19500] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1smaQ1TjRqw0VbHDL28EAAAAUA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:06:28.427050 2018] [:error] [pid 373093:tid 140696509851392] [client 213.230.93.194:26557] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8O</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sm5Pr-27kSUAVZAb-ZHQAAAEI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:06:28.430310 2018] [:error] [pid 373093:tid 140696509851392] [client 213.230.93.194:26557] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sm5Pr-27kSUAVZAb-ZHQAAAEI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:06:28.456378 2018] [:error] [pid 373093:tid 140696509851392] [client 213.230.93.194:26557] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sm5Pr-27kSUAVZAb-ZHQAAAEI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:06:28.456910 2018] [:error] [pid 373093:tid 140696509851392] [client 213.230.93.194:26557] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sm5Pr-27kSUAVZAb-ZHQAAAEI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:07:04.347314 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:24712] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8O</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1snCNmjLv3QEJpp2pZuJwAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:07:04.350575 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:24712] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1snCNmjLv3QEJpp2pZuJwAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:07:04.846468 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:24712] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1snCNmjLv3QEJpp2pZuJwAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:07:04.846971 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:24712] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1snCNmjLv3QEJpp2pZuJwAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:08:49.404178 2018] [:error] [pid 373112:tid 140696333604608] [client 213.230.93.194:44360] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8O</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sncUXLN-ozM67BhZT6BgAAARc"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:08:49.407522 2018] [:error] [pid 373112:tid 140696333604608] [client 213.230.93.194:44360] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sncUXLN-ozM67BhZT6BgAAARc"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:08:49.799632 2018] [:error] [pid 373112:tid 140696333604608] [client 213.230.93.194:44360] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sncUXLN-ozM67BhZT6BgAAARc"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:08:49.800169 2018] [:error] [pid 373112:tid 140696333604608] [client 213.230.93.194:44360] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sncUXLN-ozM67BhZT6BgAAARc"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:13:25.030183 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:50910] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8Okiki</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=kiki</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag"WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sohfr-27kSUAVZAb-aBwAAAEg"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:13:25.033731 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:50910] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sohfr-27kSUAVZAb-aBwAAAEg"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:13:25.596649 2018] [:error] [pid 373112:tid 140696375568128] [client 213.230.93.194:44953] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8Okiki</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=kiki</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag"WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sohUXLN-ozM67BhZT6cAAAARI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:13:25.600145 2018] [:error] [pid 373112:tid 140696375568128] [client 213.230.93.194:44953] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sohUXLN-ozM67BhZT6cAAAARI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:13:26.034873 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:50910] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sohfr-27kSUAVZAb-aBwAAAEg"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:13:26.035404 2018] [:error] [pid 373093:tid 140696459495168] [client 213.230.93.194:50910] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sohfr-27kSUAVZAb-aBwAAAEg"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:13:26.052491 2018] [:error] [pid 373112:tid 140696375568128] [client 213.230.93.194:44953] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sohUXLN-ozM67BhZT6cAAAARI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:13:26.052970 2018] [:error] [pid 373112:tid 140696375568128] [client 213.230.93.194:44953] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sohUXLN-ozM67BhZT6cAAAARI"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:14:48.340234 2018] [:error] [pid 373112:tid 140696493065984] [client 213.230.93.194:57271] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8Okiki</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=kiki</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag"WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1so2EXLN-ozM67BhZT6uQAAAQQ"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:14:48.343597 2018] [:error] [pid 373112:tid 140696493065984] [client 213.230.93.194:57271] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1so2EXLN-ozM67BhZT6uQAAAQQ"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:14:49.376676 2018] [:error] [pid 373112:tid 140696493065984] [client 213.230.93.194:57271] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1so2EXLN-ozM67BhZT6uQAAAQQ"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:14:49.377239 2018] [:error] [pid 373112:tid 140696493065984] [client 213.230.93.194:57271] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1so2EXLN-ozM67BhZT6uQAAAQQ"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:17:19.924053 2018] [:error] [pid 373343:tid 140696526636800] [client 213.230.93.194:24743] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09#A;>28OA>3;0H5=8Okiki</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=kiki</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag"WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1spb3CFKoS7yqQNPNRbgQAAAMA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:17:19.927339 2018] [:error] [pid 373343:tid 140696526636800] [client 213.230.93.194:24743] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1spb3CFKoS7yqQNPNRbgQAAAMA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:17:20.963039 2018] [:error] [pid 373343:tid 140696526636800] [client 213.230.93.194:24743] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1spb3CFKoS7yqQNPNRbgQAAAMA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:17:20.963578 2018] [:error] [pid 373343:tid 140696526636800] [client 213.230.93.194:24743] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1spb3CFKoS7yqQNPNRbgQAAAMA"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=5 [Fri Jul 27 19:19:07.012545 2018] [:error] [pid 373112:tid 140696518244096] [client 213.230.93.194:57688] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09\\x18=D>@<0F8O > 4>AB02:5jjONB=\\xa0</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\xa0</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sp20XLN-ozM67BhZT6-QAAAQE"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6 [Fri Jul 27 19:19:07.016112 2018] [:error] [pid 373112:tid 140696518244096] [client 213.230.93.194:57688] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sp20XLN-ozM67BhZT6-QAAAQE"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6 [Fri Jul 27 19:19:07.553236 2018] [:error] [pid 373112:tid 140696518244096] [client 213.230.93.194:57688] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sp20XLN-ozM67BhZT6-QAAAQE"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6 [Fri Jul 27 19:19:07.553748 2018] [:error] [pid 373112:tid 140696518244096] [client 213.230.93.194:57688] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sp20XLN-ozM67BhZT6-QAAAQE"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6 [Fri Jul 27 19:19:27.126760 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:31238] [client 213.230.93.194] ModSecurity: Warning. Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]+on[a-zA-Z]+[\\\\s\\\\x0B\\\\x09\\\\x0C\\\\x3B\\\\x2C\\\\x28\\\\x3B]*?=)" at ARGS:information_description[1][description]. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "52"] [id "941120"] [rev "2"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x0d\\x0a\\x09ONB= found within ARGS:information_description[1][description]: <p>\\x0d\\x0a\\x09\\x18=D>@<0F8O > 4>AB02:5jjONB=\\xa0</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09\\xa0</p>\\x0d\\x0a<p>\\x0d\\x0a\\x09ONB=</p>\\x0d\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "4"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "x-lab.uz"] [uri "/admin/index.php"] [unique_id "W1sp79mjLv3QEJpp2pZvLgAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6 [Fri Jul 27 19:19:27.130117 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:31238] [client 213.230.93.194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "x-lab.uz"] [uri"/admin/index.php"] [unique_id "W1sp79mjLv3QEJpp2pZvLgAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6 [Fri Jul 27 19:19:27.154466 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:31238] [client 213.230.93.194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 2: Event Handler Vector"] [tag "event-correlation"] [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sp79mjLv3QEJpp2pZvLgAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6 [Fri Jul 27 19:19:27.155012 2018] [:error] [pid 373130:tid 140696442709760] [client 213.230.93.194:31238] [client 213.230.93.194] ModSecurity: Input filter: SecUploadDir is undefined, unable to store multipart files. [hostname "x-lab.uz"] [uri "/index.php"] [unique_id "W1sp79mjLv3QEJpp2pZvLgAAAAo"], referer: http://x-lab.uz/admin/index.php?route=catalog/information/update&token=19d176e5e8731e312cd5d43e4608c0a9&information_id=6 Похоже ты прав на 100 % Попробую отключить правила http://kb.bodhost.com/why-and-how-to-disable-mod_security/

mod_security2.so нашел модуль в папке c apache через терминал

У меня есть панель cpanel как я могу оттуда его отключить?

Добавил в admin/.htaccess <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> php_value error_reporting 2047 php_value display_errors On Все тоже самое

Сам в шоке за 3 года работы в OPencart наткнуться на глюк Отключил javascript и попробовал отправить форму она ушла и обновилась Похоже кривой Wysiwyg в Ocstore щас залью opencart 1.5 отпишусь

htaccess уже удалил нафик, модулей нет никаких Установил чистый OCStore V1.5.5.1.2 проблема таже Стало известно что эта ошибка связана с Wysiwyg именно Wysiwyg поля выбрасывают ошибку

Устали от работы сейчас подкину вопрос который не может решить уже пятый гуру!!!!!!!!!!!!!!!!!!!!!!!!!!! Настроил Opencart 1.5 сайт на Openserver без глюков все работает перенес на сервак тоже все работает но не которые разделы админки через POst запросы (в товарах и модули приветствие странно работают)пишут ошибку при save и я мягко говоря в ступоре Дело такое если в Wysiwyg редакторе вставить текст все работает и сохраняется а если вставить такой текст "яютн" и (есть другие фразы нашел опытным путем ) при сохранении Forbidden У меня из за этого глюка не редактируются 5 - 7 товаров из 30 что это может быть Кто не понял мое описание демонстрация на видео