I just turned on some modsec fetaures, and i got this:
Received From: kvm1->/var/log/httpd/error_log
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
body.xml:1: parser error : ParsePI: PI xmlversion space expected
Is this something that needs to be corrected at one of the web applications?
Thanks
ParsePI: PI xmlversion space expected
ParsePI: PI xmlversion space expected
CentOS 6.9
ASL 4.0.19-37
ASL 4.0.19-37
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: ParsePI: PI xmlversion space expected
yeah thats something dumping multiple lines into the error_log at once. You'd have to look at the lines before and after the event to narrow down the source.
Re: ParsePI: PI xmlversion space expected
The lines are repeatedly the same string, with nothing in between
body.xml:1: parser error : ParsePI: PI xmlversion space expected
<?xmlversion="1.0"?><methodCall><methodName>pingback.ping</methodName><params><p
^
body.xml:1: parser warning : xmlParsePITarget: invalid name prefix 'xml'
<?xmlversion="1.0"?><methodCall><methodName>pingback.ping</methodName><params><p
^
Is this because of one of the new rules I activated OR was it just a coincidence?
thanks!
body.xml:1: parser error : ParsePI: PI xmlversion space expected
<?xmlversion="1.0"?><methodCall><methodName>pingback.ping</methodName><params><p
^
body.xml:1: parser warning : xmlParsePITarget: invalid name prefix 'xml'
<?xmlversion="1.0"?><methodCall><methodName>pingback.ping</methodName><params><p
^
Is this because of one of the new rules I activated OR was it just a coincidence?
thanks!
CentOS 6.9
ASL 4.0.19-37
ASL 4.0.19-37
Re: ParsePI: PI xmlversion space expected
I found where it is coming from
https://wordpress.org/support/topic/bod ... e-expected
It would be nice to have ASL handle this hacking attempts at XML-RPC in wordpress, instead of having to install a plugin. Count on my help to build these rules.
https://wordpress.org/support/topic/bod ... e-expected
It would be nice to have ASL handle this hacking attempts at XML-RPC in wordpress, instead of having to install a plugin. Count on my help to build these rules.
CentOS 6.9
ASL 4.0.19-37
ASL 4.0.19-37
Re: ParsePI: PI xmlversion space expected
Here's more info on how to prevent this when upgrading wordpress is not possible: http://perishablepress.com/wordpress-xm ... erability/
CentOS 6.9
ASL 4.0.19-37
ASL 4.0.19-37
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: ParsePI: PI xmlversion space expected
I forgot to reply to this post, we added in rules for these XML parsing errors. ASL now automatically blocks hosts that cause these.It would be nice to have ASL handle this hacking attempts at XML-RPC in wordpress, instead of having to install a plugin. Count on my help to build these rules.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone