Thread:Project:Support desk/Help with hacking issue/reply

The message

File does not exist: /home/xxx.org/html/wiki/skins/common

is irrelevant. This folder has been removed in MediaWiki 1.24 - if it does not exist in your 1.25 installation, this is ok.

The second entry,

ModSecurity: Access denied with code 403 (phase 2). Operator GT matched 15 at TX:sql_injection_score. [file "/etc/httpd/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf"] [line "51"] [id "4049002"] [msg "SQL Injection Detected (score 28): IE XSS Filters - Attack Detected

sounds like it might be security relevant. However, I do not know how exactly ModSecurity is scoring things. Maybe that is only a false positive? Anyway, the message makes me think that ModSecurity blocked that request - whether it was harmful or not.

If you want to investigate that further, it would be relevant to know, what the attacker posted in order to trigger the SQL injection rule.