503 on request with query params


i’m getting a 503 response from one of my domains when i request a page that has query arguments:


the error log shows:
[Wed May 12 13:39:41 2010] [error] [client] ModSecurity: Access denied with code 503 (phase 2). Pattern match “/(new(cmd|command)|(cmd|command)[0-9]+|pro18|shell|sh|bash|get|root|spy|nmap|asc|lila)\.(c|dat|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|htm|html|tmp|php|asp)\?” at REQUEST_URI. [file “/dh/apache2/template/etc/mod_sec2/gotroot/50_asl_rootkits.conf”] [line “39”] [hostname “archinspection.com”] [uri “/lib/get.php”] [unique_id “S@sSDUWjyI8AAHysCZIAAAAC”]

i have no .htaccess files set up. fairly new to dreamhost so i’m not familiar with everything yet. looks like maybe this is some server level security thing. are we not allowed to use query args? the phpinfo dump shows that php is configured to accept them…

if anyone’s got any info on what might be going on i’d appreciate it!

What is the file permission?

If you are not sure how to check file permission, go to the directory where get.php stands and type command "ls -la"

$50 off and 3 free domains with code: [color=#CC0000]DH3[/color] Sign Up NOW or More Codes Here

Either rename the script to something other than “get.php” — that filename is associated with certain types of attacks — or disable ModSecurity (“Enhanced Security”) on the domain.

That is good to know :slight_smile:

$50 off and 3 free domains with code: [color=#CC0000]DH3[/color] Sign Up NOW or More Codes Here

Where’s the file get.php ?
I have the same problem.
They seem to be failing, but they just won’t stop.

[error] [client] ModSecurity: Access denied with code 503 (phase 2)

In my .htaccess file I inserted for all IP of intrusion contact (about #20 IP):
allow from all
deny from
deny from 77.xx.xx (complete IP)

In recent days they have increased.
What can I do?

I’m not sure exactly what issue you’re seeing, but it probably isn’t related to the one being reported in this thread. Start a new thread and carefully explain what issues you’re having.