RC2 possible security attack

I install RC2 and receive over 1000 email messages:

Total impact: 22

Affected tags: xss, csrf, sqli, id, lfi

Variable: REQUEST.marker | Value: a:6:{s:3:\"key\";s:8:\"d906ee70\";s:8:\"datetime\";s:15:\"09.11.19 10:13\";s:7:\"page_in\";s:11:\"/index.php?\";s:7:\"site_in\";s:6:\"1gb.ru\";s:2:\"ip\";s:12:\"195.250.56.5\";s:7:\"referer\";N;}

Impact: 11 | Tags: xss, csrf, sqli, id, lfi

Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7

Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43

Variable: COOKIE.marker | Value: a:6:{s:3:\"key\";s:8:\"d906ee70\";s:8:\"datetime\";s:15:\"09.11.19 10:13\";s:7:\"page_in\";s:11:\"/index.php?\";s:7:\"site_in\";s:6:\"1gb.ru\";s:2:\"ip\";s:12:\"195.250.565\";s:7:\"referer\";N;}

Impact: 11 | Tags: xss, csrf, sqli, id, lfi

Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7

Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43 Centrifuge detection data Threshold: 3.49 Ratio: 3.19444444444

REMOTE_ADDR: 195.250.56.5

HTTP_X_FORWARDED_FOR: 195.250.56.5

HTTP_CLIENT_IP:

SCRIPT_FILENAME: /home/virtwww/w_trefilov-net_d735b54b/http/v7/index.php

QUERY_STRING:

REQUEST_URI: /v7/

QUERY_STRING:

SCRIPT_NAME: /v7/index.php

PHP_SELF: /v7/index.php

How can i fix it?

Do you happen to have any custom fields on your join page?

Chris

You have some widget or banner which set cookie with 'marker' name. security module knows nothing about it and become complaining. To get rid of this messages, try to rise these settings in admin -> settings -> advanced settings:

Total security impact threshold to send report

Total security impact threshold to send report and block aggressor

No,i am use default fields only

 Thanks, i'm set Total security impact threshold to send to 25 and it's ok now!