Hello. I recently was trying to upgrade phplist from 3.6.8 to 3.6.10. It wasn’t working. I entered the phplist 3.6.8 and went to examine plugins to get a list of them because I was going to do a manual upgrade.
I clicked on the common plugin and immediately my server’s csf (configserver) firewall threw a security warning with a bunch of code that I don’t understand but indeed it lookes very malicous. I don’t want to post it here but do have the details.
What should I do?
I’d need to understand exactly what you clicked. You can send me a private message including the firewall warnings, but I don’t think that there is a problem. More likely is overly-strict firewall rules.
@pancakehollow seems to be a apache mod security rule that is matching part of the content of the phpinfo page.
ModSecurity: Access denied with code 403 (phase 4). Pattern match “(?i:ORA-[0-9][0-9][0-9][0-9]|java\\.sql\\.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)” at RESPONSE_BODY. [file “/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf”]
You could just ignore it, and accept that you cannot view the phpinfo page, or disable that particular rule but I don’t know how or whether you can do that.
Thanks Duncan appreciate the valuable feedback. I’ve changed the modsecurity settings.