Biker
Well-known member
It appears mod_security is triggering on the word nmap within a forum post, preventing replies to the thread.
The mod_security log shows the following:
Only thing that has changed on the server is the installation of XenForo. I haven't had to fiddle with the mod_security rules for ages.
The mod_security log shows the following:
Code:
Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:(?:n(?:et(?:\\b\\W+?
\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:eek:ute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(?:(?:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}? ..." at REQUEST_HEADERS:X-Ajax-Referer. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "149"] [id "959006"] [msg "System Command Injection"] [data "/nmap-"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"]
Only thing that has changed on the server is the installation of XenForo. I haven't had to fiddle with the mod_security rules for ages.