Hacking Problem - ModSecurity: Access denied with code 503


#1

Hacking Problem - ModSecurity: Access denied with code 503
For same days in my “error.log.2010-06-xx” file in LOGS directory I can read a few lines like this: kredit online

[Sun Jun 06 23:31:12 2010] [error] [client 72.47.211.173] تجارة الذهب
ModSecurity: Access denied with code 503 (phase 2). Pattern match “=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\x20?\?” at REQUEST_URI. [file “… /gotroot/xx_asl_rootkits.conf”] [line “23”] [id “390144”] [rev “2”] [msg “Command shell attack: Generic Attempt to remote include command shell”] [severity “CRITICAL”] [hostname “…”] [uri “…/resource_categories_view.php”] [unique_id “TAySMEWjqY8AAD-Dbp0AAAAI”]
צימרים בצפון

They seems to Hacker Attacks.
After reading the thread in Forum, in my .htaccess file I inserted for all IP of abuse contact (about #20):

allow from all
deny from 72.47.xx … (complete IP)
deny from 77.xx.xx…

casino bonus

In recent days they have increased.giocare online casinò

What else can I do?

Claudius kredit online


#2

You can make sure that you’re running secure software. Blocking an IP address is a waste of time, as you’ve noticed. ModSecurity is plugging one hole. You should make sure that there are no other holes by updating to the latest software on your site.


#3

And make sure your PHP scripts are not vulnerable to injection attacks, and if you don’t run these yet - chkrootkit and rkhunter