Skip to content

Instantly share code, notes, and snippets.

@darron
Created June 18, 2012 23:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save darron/2951370 to your computer and use it in GitHub Desktop.
Save darron/2951370 to your computer and use it in GitHub Desktop.
Jun 18 13:34:44 bam apache2: [error] [client 216.208.7.254] ModSecurity: Warning. Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?([\\\\d\\\\w]+)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?\\\\2|([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\ ..." at REQUEST_COOKIES:__utmz. [file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2.2.4"] [msg "SQL Injection Attack"] [data "r=r"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "website.com"] [uri "/images/layout/gsep.png"] [unique_id "T9@C1a3La5wAABewQr0AAABJ"]
Jun 18 13:34:44 bam apache2: [error] [client 216.208.7.254] ModSecurity: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file "/etc/modsecurity/modsecurity_crs_60_correlation.conf"] [line "33"] [id "981203"] [msg "Inbound Anomaly Score (Total Inbound Score: 15, SQLi=15, XSS=): SQL Injection Attack"] [hostname "website.com"] [uri "/images/layout/gsep.png"] [unique_id "T9@C1a3La5wAABewQr0AAABJ"]
Jun 18 13:34:53 bam apache2: [error] [client 173.248.147.18] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "2.2.4"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "website.com"] [uri "/"] [unique_id "T9@C3q3La5wAABKBOxUAAAAP"]
Jun 18 13:34:53 bam apache2: [error] [client 173.248.147.18] ModSecurity: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file "/etc/modsecurity/modsecurity_crs_60_correlation.conf"] [line "33"] [id "981203"] [msg "Inbound Anomaly Score (Total Inbound Score: 2, SQLi=, XSS=): Request Missing an Accept Header"] [hostname "website.com"] [uri "/"] [unique_id "T9@C3q3La5wAABKBOxUAAAAP"]
Jun 18 13:34:56 bam apache2: [error] [client 216.208.7.254] ModSecurity: Warning. Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?([\\\\d\\\\w]+)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?\\\\2|([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\ ..." at REQUEST_COOKIES:__utmz. [file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2.2.4"] [msg "SQL Injection Attack"] [data "r=r"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "website.com"] [uri "/showroom/tent-trailer"] [unique_id "T9@C4a3La5wAABfpeL0AAAAA"]
Jun 18 13:34:56 bam apache2: [error] [client 216.208.7.254] ModSecurity: Warning. Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?([\\\\d\\\\w]+)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?\\\\2|([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\ ..." at REQUEST_COOKIES:__utmz. [file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2.2.4"] [msg "SQL Injection Attack"] [data "r=r"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "website.com"] [uri "/showroom/tent-trailer"] [unique_id "T9@C4a3La5wAABfpeL0AAAAA"]
Jun 18 13:34:56 bam apache2: [error] [client 216.208.7.254] ModSecurity: Warning. Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?([\\\\d\\\\w]+)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*)?\\\\2|([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\ ..." at REQUEST_COOKIES:__utmz. [file "/etc/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2.2.4"] [msg "SQL Injection Attack"] [data "r=r"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "website.com"] [uri "/showroom/tent-trailer"] [unique_id "T9@C4a3La5wAABfpeL0AAAAA"]
Jun 18 13:34:56 bam apache2: [error] [client 216.208.7.254] ModSecurity: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file "/etc/modsecurity/modsecurity_crs_60_correlation.conf"] [line "33"] [id "981203"] [msg "Inbound Anomaly Score (Total Inbound Score: 15, SQLi=16, XSS=): SQL Injection Attack"] [hostname "guaranteerv.com"] [uri "/index.php"] [unique_id "T9@C4a3La5wAABfpeL0AAAAA"]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment