Apache:Logwatch possible successful probes
 

Hi, I have setup a webpage where our clients can sign their name with their mouse and then save that signature. When I pass the base64 image in the url to be saved I'm see the follow in the Logwatch:
A total of 8 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/tenant/Thanks.php?imageData=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAfQAAAA3CAYAAAD63bgkAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAfzS URBVHhe7d27qixFFMbx7QU0OhoIJmLoK2jmA/gSRsZGPoEYGwhmcryAoIGJGAkGBpqKgmDgJRUE8a7H2/r2ng8XZfVlerq6e3r+P1j0TF+qq7urak33nr33FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgcd8fpjW3I/6eGH9FAACAg7sO0xaUdO+OKPdxJ+KeCM//5zAdy9spsascAAAu3twJXUk2K5N23t8pCdkfFkjq6KKnQ7duXo6iNkpbAnC2lBTnlpN2mcj1/osIvT9l8PS2LeqP86IPd/pgl0Pt7IGI3Bb7aD21JW3Hj3MAnKWxA95YGkwlJ9ravDn4Ll00EJPcL0O+7pk/PJp+tHPfzctRcrlqs9ytA7hovjvKavPmokFYZTu4u9o/tydd674vXU7ltgQAF80JNifWnyM0T9NWXojIAz32S9dZ0UqtDQPARdJgqMj0vuUgbLV9Y19aJ3QhqQM4Oy1+7uzBNg+GSyVZ75vB eN/m/u5HyT8/b70fAJhNi4S+5jfQtW8nde2fpL4/vx6mLX+EIzzpAYBQPrJc4jFpqawD9kPXtXV7WqPNAsBkre6ifaec75KXfny55pMCtKWEzuNwAEhaD4pK5kqoTu4aiJdMsHn/TvDYB7Wllu3Jd+dLttdLMPTUg/MNTNS68yiJetDVdGn5SYH2z+P3/dD15C79PNWuG9cSOBMafBVDn85bUSJ3HUjq+9D67xus2V73TOe0dl41T+ccwERLfSpWZ/W+1vwkziP4ffGHtLmfNLm9/hkxtp2oHrSpYU7m5TWjbwInWjK5+tN3iwH4GK2SAJZ3bBLQ+kNtvr!
bcbbeLtyEZDetK6ELfBE6wZEJXR/b+ltxvyfVg4NiHsUnd60lO0LW2qOUq797rd+O4zKF6XDqdH6n1vb5lAAYs2XH0+NLccde05ocKzEfJU+1JbVlJu4uvd1cy1/xvIjRPZR2TzMXlalu97qvLpevre/RL4ExooFOsndA12DLo7ovalK7pH9fv/v+f2LS8Fr9HzMXtykH7qtO50bkvaV7XMgAb44FuCx2WgaO9lyK+ivggRUtOCE6sayiTuurU4t+8njNfp5Ln15Yd47mIB29eAmglD 3Zr0+Dh4E6qjR8idG6XSuhfR6htOTFougbvvwy3M7e7MXFs29SHh1o5Q7FkH/gkQudD00z18LnS6ymUyL+L0PZfRrwZ8XAEgAbcaddOonnw2EJ9WtPxltHimL+NuBOh70zovL4VsSQ9ctd+dXxrXdfyPOuxfq6PX7 ueXeF1vF0XJ/G8fllWX4zZx9xcx6yszykei3gjwu3hx4gPIx6NADCjWmdemgcOTTWQ6fUag/9S8vH6teLpiCmejPglwuXlMpXMldTfi1iDr6cj1/GUGKtrO9dL81y3IflYyvaZy1Ho/dTvBLiMTPvzMSjm5LpneV9aVh7vVI9HfBzhctU2X48AMINaZ16DBw/xwDk0iHgbxVwDzhJ0bD5W8Z2LIx/XUHRt91PEIxFbcMrxldFVTpe+9dzOHGPbUG6fuQyVP8cX+3L5kvfh/czp0wiVq6lpH3mf3u/c4bLfjwBwgmcjcqfSp2WFBpCy45Wh9Z6KmKrch+tg5aBWk7cbWlc+isj7HBtD5R6j77jejajtvy90B/58xNaprmOv0xD9fN7H7zIVnqfyfZ69Py8r5fVyaN2+L9CV66pOc3K5oqnei157fsnLFMee47y/zyN8bJ6fX88Vvk4aS/QY/qEIYBfW+J1PfTHqiYj7r9/99/vp+v3dofrk5erox+ja1vPV2fU7zR5Eun5HX+uJf99YvK15nan1nb!
JdV33FZeRyL4EG7nxeyut0CiVT/zy2dl51zjVf07625HWkvO7qG/qxxi3NCF7e!
V+YpXB9P
Rftxe67tM68rej/2H HTTP Response 200

My question, is there a way to turn this off. The log could get quit large since all clients will be require to sign and save there signature.

Thank You
Dennis Boyer

Don't use the URL to pass data.

Besides not being secure, as you found out. The "signature" is now available to anyone.

Thank you for your response.
It was like a slap in the face that woke me up!!! Thank you.
I agree that is unsecured. I was able to figure out how to save the signature by using ajax.
Thank you for setting me straight.