Possible attack detected not Fixed in 3.1.13?

Discussion in 'ISPConfig 3 Priority Support' started by ktownmods, Oct 30, 2018.

  1. ktownmods

    ktownmods Member

    Is this not fixed in actually ispconfig version?

    Code:
    Possible attack detected. This action has been logged.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This is not a bug, so nothing to be fixed. This message is from the intrusion detection system to point out that a possible harmful POST or GET request was sent to the ISPConfig UI.
     
  3. ktownmods

    ktownmods Member

    Ok i disable that user Block things in the settings.ini ist that safe to use?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You may do that, but I won't do it if I were you. Better check out why it got blocked and what got blocked and then either extend the whitelist to not monitor that specific field or raise the lock score.
     
  5. ktownmods

    ktownmods Member

    I set the score to 50 but in Chrome still the msg is there (in Firefox Developer edition not)
    Where can i Check why got blocked?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You should see it in the system log in ispconfig monitor.
     
  7. ktownmods

    ktownmods Member

    Code:
    [INTERFACE]: PHP IDS Alert.Total impact: 29<br/> Affected tags: xss, csrf, sqli, id, lfi<br/> <br/> Variable: COOKIE.pmaUser-1 | Value: {&quot;iv&quot;:&quot;277FAglp/f/LpNQakZIQJA==&quot;,&quot;mac&quot;:&quot;449aad86e6c56b987b2c83265bfe40155402fea4&quot;,&quot;payload&quot;:&quot;9N9QX4twyNOlSuQdOojFZg==&quot;}<br/> Impact: 29 | Tags: xss, csrf, sqli, id, lfi<br/> Description: Finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID 2<br/> Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID 43<br/> Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID 45<br/> Description: Detects basic SQL authentication bypass attempts 3/3 | Tags: sqli, id, lfi | ID 46<br/> Description: Detects MySQL comment-/space-obfuscated injections and backtick termination | Tags: sqli, id | ID 57<br/> <br/>
     

Share This Page