Home General support

spam urls with video views

buddhamouse Member
in General support
I added video folders and uploaded mp4 and mov files to the folders. Every time I tried to view the videos, my connection would be lost. I contacted my host provider, and they determined that my ip had been blocked because of their security firewall. everytime i tried to view a video, the jplayer would spew out urls with porn spam links in them. is j player or zenphoto corrupted or compromised? I deleted the videos and video directories, and i can view photos with no problem. I reloaded ne directories and new videos directly and experienced the same problem, and once again my host had to unblock my ip. Anyone know whats going on?

Comments

  • buddhamouse Member
    this is what i received from my host:

    Hello,

    There seems to be references to porn content while accessing zenphoto gallery which is why modsecurity is getting triggered resulting in your IP getting blocked on the firewall. I have copied the server entry log for the same below for your reference.
    You may need to check your convert software / gallery again to clear this. I can temporarily disable modsecurity for your account so that it does not block your access but for that I would need the cpanel logins as proof of ownership. You have not provided it while opening the ticket.

    IP has been removed and firewall restarted.

    ======================
    [Sun Sep 13 20:13:59 2015] [error] [client 999.99.999.999] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:s-e-x|zoo(?:ph|f)ilia|giant cock|porn(?:hub|tube)|sexyongpin|(?:wi(?:f|v)es?|slaves?|strippers?|whores?|prostitutes?|under[ -_.,\\"\\\\'\\\\|]?age|teeners?|lolitas?|animal|dog|couples?|bisexuals?|bicurious|anal|ass|fisting|rimming|pussy[ -_.,\\"\\\\'\\\\|]?(? ..." at ARGS:i. [file "/usr/local/apache/conf/mod_sec/mod_sec.spam.conf"] [line "286"] [id "300074"] [rev "22"] [msg "Atomicorp.com WAF AntiSpam Rules: Spam: Adult"] [data "ass-video"] [severity "CRITICAL"] [hostname "www.xxxxxxxxxx.com"] [uri "/Smoke/zp-core/i.php"] [unique_id "VfYRR9BMVbQAAFlgac0AAAAM"]
    [Sun Sep 13 20:13:59 2015] [error] [client 173.78.168.220] File does not exist: /home/xxxxxx/public_html/403.shtml, referer: http://www.xxxxxxxxxx.com/Smoke/Videos/20150908(145053)_m2ts_Output_1.mp4
    ======================

    Regards,

    Balakrishnan U
    Manager - Technical Support
    TotalChoice Hosting, Inc.
  • acrylian Administrator, Developer
    While it is of course possible that your site could be hackend as it is with any site, this is not the case here.

    Ask your host to adjust their filewall setting. They for some reason trigger on Zenphoto's image processor url `zp-core/i.php` which is completely correct.

    It is quite usual that modsecurity is set a bit too tight on host…
Sign In or Register to comment.