mod_security silliness

Unlimited Shared hosting & Unlimited Disk Space from $5.95 - Dreamhost
Solid Managed VPS with 4 IP's from $60 - Liquid Web
Lightning Fast Dedicated Servers & 1GB RAM from $149 - Liquid Web
#1 Domain Registration with WHOIS Privacy - Just $9.95

The Dreamhost web hosting thread below was started by on 2010-07-28 11:10:14:

[Wed Jul 28 09:04:18 2010] [error] [client x.x.x.x] ModSecurity: Access denied with code 501 (phase 2). Pattern match “../etc/(?:passwd|shadow)” at ARGS:text_more. [file "/dh/apache2/template/etc/mod_sec2/mod_sec.conf"] [line "7"] [id "1990010"] [msg "passwd/shadow access"] [data "g /etc/passwd"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "beesbuzz.biz"] [uri "/mt/mt.cgi"] [unique_id "TFBVAkWjzVcAAHVuQ0QAAAAN"] happened when I was trying to post a blog entry about my new NAS box, in which I used the phrase “editing /etc/passwd” From the actual pattern listed, it looks like the match pattern should be “../etc” rather than “../etc”

Join in on the original post at the Dreamhost Forum, Sign up for Dreamhost or view our Review of Dreamhost.