possible security attack!

I´m receiving so many emails with this title, and the text is:

Total impact: 10

Affected tags: xss, csrf

Variable: REQUEST.wooMeta | Value: OTc0MCYyMyY2NyYxMTE4MTAzMiYxMjY0MTA5NDI4ODE1JjEyNjQ0MzcwNjExNzMmJjEwMCYmNDAwMDI1JioqKioqKioqKioqKioqKiYmJg==

Impact: 5 | Tags: xss, csrf

Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7

Variable: COOKIE.wooMeta | Value: OTc0MCYyMyY2NyYxMTE4MTAzMiYxMjY0MTA5NDI4ODE1JjEyNjQ0MzcwNjExNzMmJjEwMCYmNDAwMDI1JioqKioqKioqKioqKioqKiYmJg==

Impact: 5 | Tags: xss, csrf

Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7

REMOTE_ADDR: 189.114.53.6

HTTP_X_FORWARDED_FOR:

HTTP_CLIENT_IP:

SCRIPT_FILENAME: /home/amigoinf/public_html/turismo/member_menu_queries.php

QUERY_STRING: action=get_bubbles_values&bubbles=Mail%3A0%2CFriends%3A0%2C&_r=0.12179626288899986

REQUEST_URI: /turismo/member_menu_queries.php?action=get_bubbles_values&bubbles=Mail%3A0%2CFriends%3A0%2C&_r=0.12179626288899986

QUERY_STRING: action=get_bubbles_values&bubbles=Mail%3A0%2CFriends%3A0%2C&_r=0.12179626288899986

SCRIPT_NAME: /turismo/member_menu_queries.php

PHP_SELF: /turismo/member_menu_queries.php

What is it? how can i fix it or stop the emails

It's the PHPIDS security built into D7.

Go into admin -> Settings -> Advanced Settings -> Other.

There you will find 2 security threshold settings.

The key is in the message you got. Total impact: 10

You want to be above that number on the lower setting of the 2.

Keep raising the numbers until the problem goes away during normal use of the site.

I set both to zero (0) to test, and now i can intro to administration or index page.

the message is:

Possible security attack!!! All data has been collected and sent to the site owner for analysis.

You changed the numbers in the wrong direction. You should have increased these values as Deano said, not decreased them. By setting them to 0 you have effectively made dolphin more paranoid than a convention of conspiracy theorists. You will now have to edit the database directly from the phpMyAdmin if you cannot get into the Admin Panel. I am not sure which table this value resides upon. Unless some one else knows.

You can edit the database directly with PHPMyAdmin to fix that.

Go to the table sys_options

On about page 5 you should find sys_security_impact_threshold_log and sys_security_impact_threshold_block

Edit and set the values to either 100 or to -1 if you want to disable it.

0 does not disable. It's just makes it worse.


You may also need to delete default_filter.cache from the tmp folder on the server.

Guys,

Thank you for your help. Good support here.

I hope this topic help others.