Member
Member
buddhamouse   2015-09-15, 00:37
#1

I added video folders and uploaded mp4 and mov files to the folders. Every time I tried to view the videos, my connection would be lost. I contacted my host provider, and they determined that my ip had been blocked because of their security firewall. everytime i tried to view a video, the jplayer would spew out urls with porn spam links in them. is j player or zenphoto corrupted or compromised? I deleted the videos and video directories, and i can view photos with no problem. I reloaded ne directories and new videos directly and experienced the same problem, and once again my host had to unblock my ip. Anyone know whats going on?

Member
Member
buddhamouse   2015-09-15, 01:45
#2

this is what i received from my host:

Hello,

There seems to be references to porn content while accessing zenphoto gallery which is why modsecurity is getting triggered resulting in your IP getting blocked on the firewall. I have copied the server entry log for the same below for your reference.
You may need to check your convert software / gallery again to clear this. I can temporarily disable modsecurity for your account so that it does not block your access but for that I would need the cpanel logins as proof of ownership. You have not provided it while opening the ticket.

IP has been removed and firewall restarted.

======================
[Sun Sep 13 20:13:59 2015] [error] [client 999.99.999.999] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?-e-x|zoo(?:ph|f)ilia|giant cock|porn(?:hub|tube)|sexyongpin|(?:wi(?:f|v)es?|slaves?|strippers?|whores?|prostitutes?|under[ -.,\"\\'\\|]?age|teeners?|lolitas?|animal|dog|couples?|bisexuals?|bicurious|anal|ass|fisting|rimming|pussy[ -.,\"\\'\\|]?(? ..." at ARGS:i. [file "/usr/local/apache/conf/mod_sec/mod_sec.spam.conf"] [line "286"] [id "300074"] [rev "22"] [msg "Atomicorp.com WAF AntiSpam Rules: Spam: Adult"] [data "ass-video"] [severity "CRITICAL"] [hostname "www.xxxxxxxxxx.com"] [uri "/Smoke/zp-core/i.php"] [unique_id "VfYRR9BMVbQAAFlgac0AAAAM"]
[Sun Sep 13 20:13:59 2015] [error] [client 173.78.168.220] File does not exist: /home/xxxxxx/public_html/403.shtml, referer: http://www.xxxxxxxxxx.com/Smoke/Videos/20150908%28145053%29_m2ts_Output_1.mp4


Regards,

Balakrishnan U
Manager - Technical Support
TotalChoice Hosting, Inc.

Administrator
Administrator
acrylian   2015-09-15, 07:54
#3

While it is of course possible that your site could be hackend as it is with any site, this is not the case here.

Ask your host to adjust their filewall setting. They for some reason trigger on Zenphoto's image processor url zp-core/i.php which is completely correct.

It is quite usual that modsecurity is set a bit too tight on host…

  
Powered By MyBB, © 2002-2026 MyBB Group.
Made with by Curves UI.