Title: mod_security
Last modified: August 21, 2016

---

# mod_security

 *  Resolved [BestyBoopsie](https://wordpress.org/support/users/bestyboopsie/)
 * (@bestyboopsie)
 * [13 years, 2 months ago](https://wordpress.org/support/topic/mod_security-1/)
 * hi there!
 * we have been getting quite a few of these errors for awhile now, which are resulting
   in blocks of legitimate customers.
 * any ideas on what may be wrong and what we need to do to correct it? our sites
   are hosted on a vps and the admin with the hosting company believes that disabling
   mod_security rule 959006 might fix it. however, we thought it best to check with
   you instead and get your opinion.
 * thanks in advance.
 * [Thu Apr 11 10:50:24 2013] [error] [client 66.151.103.8] ModSecurity: Access 
   denied with code 501 (phase 2). Pattern match “(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\
   W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.
   exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\
   b|c(?:md(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\\\\\/]
   |\\\\W*?\\\\.\\\\.)|hmod.{0,40}? …” at REQUEST_COOKIES:eshopcart. [file “/usr/
   local/apache/conf/modsec2.user.conf”] [line “146”] [id “959006”] [msg “System
   Command Injection”] [data “|rm”] [severity “CRITICAL”] [tag “WEB_ATTACK/COMMAND_INJECTION”][
   hostname “ourdomainnamehere.com”] [uri “/shopping-cart/cancelled-order”] [unique_id“
   UWbNsGyglDMAAGPydLQAAAAG”]
 * [http://wordpress.org/extend/plugins/eshop/](http://wordpress.org/extend/plugins/eshop/)

Viewing 6 replies - 1 through 6 (of 6 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 2 months ago](https://wordpress.org/support/topic/mod_security-1/#post-3649272)
 * I agree with your admin. Modifying your mod_security settings would probably 
   be the best way to deal with this. Looks like the eShop cookie request is being
   rejected. At what point in the purchasing process is this happening?
 *  Thread Starter [BestyBoopsie](https://wordpress.org/support/users/bestyboopsie/)
 * (@bestyboopsie)
 * [13 years, 2 months ago](https://wordpress.org/support/topic/mod_security-1/#post-3649281)
 * from what we’ve been able to ascertain from folks who’ve been blocked, it’s at
   some point during checkout. we are using paypal.
 * thanks, i will have him modify those settings — and i hope this info may be useful
   to you at some point.
 * p.s. — i made a donation. you are always helpful, and it’s appreciated!
 *  Anonymous User
 * (@anonymized-3085)
 * [13 years, 2 months ago](https://wordpress.org/support/topic/mod_security-1/#post-3649329)
 * Also check the wiki, it is possible to disable the cookie, which can help.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 2 months ago](https://wordpress.org/support/topic/mod_security-1/#post-3649333)
 * >  it’s at some point during checkout
 * That’s what I was afraid of 🙁 Looks like the current mod_security configuration
   might even be blocking session – not just cookies. Try the changes suggested 
   by your server admin first and see if that helps. If it doesn’t, try the solution
   outlined in [http://quirm.net/wiki/eshop/additional-plugins-and-code-snippets/remove-cookie-functionality/](http://quirm.net/wiki/eshop/additional-plugins-and-code-snippets/remove-cookie-functionality/)
   as elfin suggested.
 * And thank you very much for the donation. Your support is very much appreciated.
   🙂
 *  [CPK Web Solutions](https://wordpress.org/support/users/cpkwebsolutions/)
 * (@cpkwebsolutions)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/mod_security-1/#post-3649393)
 * Hi BestyBoopsie
 * The Eshop Magic plugin allows you to turn off the cookie by ticking a box.
 * Best wishes
 * Paul
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/mod_security-1/#post-3649443)
 * As there has not been an update to this topic for a while, I can only assume 
   that the issue has now been resolved and I am now marking it as such. If this
   is incorrect, please feel free to change the topic’s status and/or post a follow-
   up.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘mod_security’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/eshop_d6e4b8.svg)
 * [eShop](https://wordpress.org/plugins/eshop/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/eshop/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/eshop/)
 * [Active Topics](https://wordpress.org/support/plugin/eshop/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/eshop/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/eshop/reviews/)

 * 6 replies
 * 4 participants
 * Last reply from: [esmi](https://wordpress.org/support/users/esmi/)
 * Last activity: [13 years, 1 month ago](https://wordpress.org/support/topic/mod_security-1/#post-3649443)
 * Status: resolved