Control Web Panel

Security => Mod_Security => Topic started by: alierenerdal on June 20, 2015, 10:25:07 AM

Title: Not working simple web after installing mod_security (Solved)
Post by: alierenerdal on June 20, 2015, 10:25:07 AM
I can't use webftp_simple. Showing 404 Forbidden error!

Here error_log :

Code: [Select]
[Sat Jun 20 13:36:22 2015] [error] [client 185.59.46.239] ModSecurity: Access denied with code 403 (phase 4). Pattern match "(?:<title>[^<]*?(?:\\\\b(?:(?:c(?:ehennemden|gi-telnet)|gamma web shell)\\\\b|imhabirligi phpftp)|(?:r(?:emote explorer|57shell)|aventis klasvayv|zehir)\\\\b|\\\\.::(?:news remote php shell injection::\\\\.| rhtools\\\\b)|ph(?:p(?:(?: commander|-terminal)\\\\b|remot ..." at RESPONSE_BODY. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_45_trojans.conf"] [line "35"] [id "950922"] [rev "2"] [msg "Backdoor access"] [data "Matched Data: drwxr found within RESPONSE_BODY: <!DOCTYPE html PUBLIC \\x22-//W3C//DTD XHTML 1.0 Strict//EN\\x22 \\x22http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\\x22>\\x0d\\x0a<html>\\x0d\\x0a<head>\\x0d\\x0a\\x09<title>FTP v1.4.5</title>\\x0d\\x0a\\x09<link href=\\x22style.css\\x22 rel=\\x22stylesheet\\x22 type=\\x22text/css\\x22>\\x0d\\x0a\\x09<link href=\\x22skins/monsta.css\\x22 rel=\\x22stylesheet\\x22 type=\\x22text/css\\x22>\\x0d\\x0a\\x09<meta http-equiv=\\x22Content-Type\\x22 content=\\x22text/html; charset=utf-8\\x22>\\x0d\\..."] [severity "CRITICAL"] [ve [hostname "erdalbilisim.net"] [uri "/webftp_simple/index.php"] [unique_id "VYVCJrk7Lu8AAExwHcUAAAAI"]
Here is Solution:

1)Connect ssh and goto dir : 

cd /usr/local/apache/modsecurity-crs/base_rules/

2) Open file
nano modsecurity_crs_45_trojans.conf

3)
Press ctrl+w (Find)  and press ctrl + t (Gotoline), Enter number: 35, and delete this line (Start From [Secrule] to " " ).
press ctr+x and press y for saving file.

4) Restart apache :
service httpd restart