Failed to start Apache SpamAssassin error
(1)
[Tue Mar 12 23:04:12.746492 2019] [:error] [pid 26968:tid 46962332174080] [client 140.143.200.61:7253] [client 140.143.200.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"> [line "37"> [id "980130"> [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"> [tag "event-correlation"> [hostname "xx.xx.xx.xx"> [uri "/403.shtml"> [unique_id "XIfYfMPd8r1afqIO@UtGLAAAAJI">
[Tue Mar 12 23:04:12.746097 2019] [:error] [pid 26968:tid 46962332174080] [client 140.143.200.61:7253] [client 140.143.200.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"> [line "30"> [id "949110"> [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"> [severity "CRITICAL"> [tag "application-multi"> [tag "language-multi"> [tag "platform-multi"> [tag "attack-generic"> [hostname "xx.xx.xx.xx"> [uri "/wp-config.php"> [unique_id "XIfYfMPd8r1afqIO@UtGLAAAAJI">
[Tue Mar 12 23:04:12.745960 2019] [:error] [pid 26968:tid 46962332174080] [client 140.143.200.61:7253] [client 140.143.200.61] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"> [line "49"> [id "930130"> [rev "1"> [msg "Restricted File Access Attempt"> [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"> [severity "CRITICAL"> [ver "OWASP_CRS/3.0.0"> [maturity "7"> [accuracy "8"> [tag "application-multi"> [tag "language-multi"> [tag "platform-multi"> [tag "attack-lfi"> [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"> [tag "WASCTC/WASC-33"> [tag "OWASP_TOP_10/A4"> [tag "PCI/6.5.4"> [hostname "xx.xx.xx.xx"> [uri "/wp-config.php"> [unique_id "XIfYfMPd8r1afqIO@UtGLAAAAJI">
[Tue Mar 12 23:03:33.392797 2019] [:error] [pid 26968:tid 46962315364096] [client 140.143.200.61:65426] [client 140.143.200.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"> [line "37"> [id "980130"> [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): HTTP header is restricted by policy (%{MATCHED_VAR})"> [tag "event-correlation"> [hostname "localhost"> [uri "/403.shtml"> [unique_id "XIfYVcPd8r1afqIO@UtGFwAAAIo">
[Tue Mar 12 23:03:33.375762 2019] [:error] [pid 26968:tid 46962315364096] [client 140.143.200.61:65426] [client 140.143.200.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"> [line "30"> [id "949110"> [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"> [severity "CRITICAL"> [tag "application-multi"> [tag "language-multi"> [tag "platform-multi"> [tag "attack-generic"> [hostname "localhost"> [uri "/"> [unique_id "XIfYVcPd8r1afqIO@UtGFwAAAIo">
[Tue Mar 12 23:03:33.375029 2019] [:error] [pid 26968:tid 46962315364096] [client 140.143.200.61:65426] [client 140.143.200.61] ModSecurity: Warning. String match within "/proxy/ /lock-token/ /content-range/ /translate/ /if/" at TX:header_name_if. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"> [line "480"> [id "920450"> [rev "2"> [msg "HTTP header is restricted by policy (/if/)"> [data " Restricted header detected: /if/"> [severity "CRITICAL"> [ver "OWASP_CRS/3.0.0"> [maturity "9"> [accuracy "9"> [tag "application-multi"> [tag "language-multi"> [tag "platform-multi"> [tag "attack-protocol"> [tag "OWASP_CRS/POLICY/HEADER_RESTRICTED"> [tag "WASCTC/WASC-21"> [tag "OWASP_TOP_10/A7"> [tag "PCI/12.1"> [tag "WASCTC/WASC-15"> [tag "OWASP_TOP_10/A7"> [tag "PCI/12.1"> [hostname "localhost"> [uri "/"> [unique_id "XIfYVcPd8r1afqIO@UtGFwAAAIo">
[Tue Mar 12 23:02:19.089709 2019] [mpm_worker:notice] [pid 26960:tid 46962013946944] AH00292: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 configured -- resuming normal operations
[Tue Mar 12 23:02:18.970153 2019] [:notice] [pid 26957:tid 46962013946944] ModSecurity for Apache/2.9.2 (
Anyone can help ??
thank you.Please sign in to leave a comment.
Comments
0 comments