I visit my dashboard => Monitoring => Show System Log and see the following error but cannot find it on my system. In which file can I locate it and what does it mean? Code: [INTERFACE]: PHP IDS Alert.Total impact: 5<br/> Affected tags: dt, id, lfi<br/> <br/> Variable: POST.php_open_basedir | Value: /var/www/clients/client17/web84/web:/var/www/clients/client17/web84/private:/var/www/clients/client17/web84/tmp:/var/www/sabrinalashes.com/web:/srv/www/sabrinalashes.com/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/usr/share/php:/var/run/nginx-cache<br/> Impact: 5 | Tags: dt, id, lfi<br/> Description: Detects specific directory and path traversal | Tags: dt, id, lfi | ID 11<br/> <br/>
OK, have to ask another question as the other linked thread is a priority forum I cannot reply to. The easy way would be to edit this line: Code: ids_admin_warn_level=5 and possibly Code: ids_anon_warn_level=5 but where can I learn more about this? is this covered in the latest manual for ISPCFG3?
There was a thread about this, where it was said the fix for this is coming in 3.1.12, but I did not find that discussion when I answered. Now I find this, however: https://www.howtoforge.com/communit...ccounts-by-api-after-upgrade-to-3-1-11.78394/ Try Internet search engines with site:howtoforge.com and suitable keywords.
The values have already been raised in GIT a few weeks ago, so if you want to get the new version right now instead of waiting for 3.1.12, update your ISPConfig install to git-stable branch.
I'm on 3.1.13p1 and I have this issue. Code: [INTERFACE]: PHP IDS Alert.Total impact: 18<br/> Affected tags: sqli, id, lfi<br/> <br/> Variable: COOKIE.mp_a36067b00a263cce0299cfd960e26ecf_mixpanel | Value: {"distinct_id": "169ddfaf5cc48a-07e906783df28d8-4c312c7c-1aeaa0-169ddfaf5cd49e","$device_id": "169ddfaf5cc48a-07e906783df28d8-4c312c7c-1aeaa0-169ddfaf5cd49e","$initial_referrer": "https://domain.com/wp-admin/update.php?action=upload-plugin","$initial_referring_domain": "domain.com"}<br/> Impact: 18 | Tags: sqli, id, lfi<br/> Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID 43<br/> Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID 45<br/> Description: Detects MySQL comment-/space-obfuscated injections and backtick termination | Tags: sqli, id | ID 57<br/> <br/> Strange thing is, i deleted 'domain.com' domain.
