[solved] Weird error in my ISPCFG3 logs

Discussion in 'General' started by Ovidiu, Apr 17, 2018.

  1. Ovidiu

    Ovidiu Active Member

    I visit my dashboard => Monitoring => Show System Log and see the following error but cannot find it on my system. In which file can I locate it and what does it mean?

    [INTERFACE]: PHP IDS Alert.Total impact: 5<br/> Affected tags: dt, id, lfi<br/> <br/> Variable: POST.php_open_basedir | Value: /var/www/clients/client17/web84/web:/var/www/clients/client17/web84/private:/var/www/clients/client17/web84/tmp:/var/www/sabrinalashes.com/web:/srv/www/sabrinalashes.com/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/usr/share/php:/var/run/nginx-cache<br/> Impact: 5 | Tags: dt, id, lfi<br/> Description: Detects specific directory and path traversal | Tags: dt, id, lfi | ID 11<br/> <br/>
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. Ovidiu

    Ovidiu Active Member

  4. Ovidiu

    Ovidiu Active Member

    OK, have to ask another question as the other linked thread is a priority forum I cannot reply to.

    The easy way would be to edit this line:
    and possibly
    but where can I learn more about this? is this covered in the latest manual for ISPCFG3?
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Ovidiu and till like this.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The values have already been raised in GIT a few weeks ago, so if you want to get the new version right now instead of waiting for 3.1.12, update your ISPConfig install to git-stable branch.
  7. Ovidiu

    Ovidiu Active Member

    Thank you both, I can wait, this is just a cosmetical issue in my log files.
  8. inside83

    inside83 Member

    I'm on 3.1.13p1 and I have this issue.
    [INTERFACE]: PHP IDS Alert.Total impact: 18<br/> Affected tags: sqli, id, lfi<br/> <br/> Variable: COOKIE.mp_a36067b00a263cce0299cfd960e26ecf_mixpanel | Value: {&quot;distinct_id&quot;: &quot;169ddfaf5cc48a-07e906783df28d8-4c312c7c-1aeaa0-169ddfaf5cd49e&quot;,&quot;$device_id&quot;: &quot;169ddfaf5cc48a-07e906783df28d8-4c312c7c-1aeaa0-169ddfaf5cd49e&quot;,&quot;$initial_referrer&quot;: &quot;https://domain.com/wp-admin/update.php?action=upload-plugin&quot;,&quot;$initial_referring_domain&quot;: &quot;domain.com&quot;}<br/> Impact: 18 | Tags: sqli, id, lfi<br/> Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID 43<br/> Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID 45<br/> Description: Detects MySQL comment-/space-obfuscated injections and backtick termination | Tags: sqli, id | ID 57<br/> <br/>
    Strange thing is, i deleted 'domain.com' domain.
    Last edited: Jun 9, 2019

Share This Page