Are There Issues With Mod_Security And Forums
Aug 13, 2008
I am running Apache 2.2 on CentOS. I really want to install mod_security to lock things down. But I saw where there were some issues with mod_security and forums. I plan on having a forum live on my site shortly. I found this bit of info:
If you install mod security on the server, some forums will not work properly as this will compare each pattern which is posted against the rule set and will block it if found matching.
Is anyone using mod_security with a forum currently?
View 4 Replies
ADVERTISEMENT
Jun 18, 2009
I run a small vb forum that is quickly expanding beyond the shared hosting plan we currently have with GoDaddy. So far we have been looking at VPS as a solution that would allow us to grow as we grow.
I hope I'm allowed to ask this, but I am looking for examples of vb forums that have about 100 concurrently logged in members and examples of vb forums with 200 members concurrently logged in and are running on either KnownHost or WiredTree (or an alternative service).
Please provide a link to your forum, the name of the host, and the VPS package you currently have. Finally, please let me know if you are utilizing Litespeed.
I'm hoping this will become a great resource for growing community owners looking to take the next step.
Link:
Provider:
VPS Package:
View 6 Replies
View Related
Jun 22, 2008
Over the past 4 years I have had 5 different hosting companies. I run a small forum (400 to 1k page vies per day) and is a nuke forum. It usually runs flawlessly on the new host for 7 to 9 months and then the db bogs down and I switch to a new host and install the complete db again to the days postings and it runs gr8 yet again.
Im no expert but Im no newb either. I have worked for 2 hosting companies (Hostgator & Applied Innovations) and I have my Bachelors in IT. I know enough to be dangerous! Is there anyone who can tell me if there is a host that I can put my little forums on that doesnt charge an arm and a leg and is reliable enough to stay with.
I have seen all the reviews all over the place, but from working at hostgator I know they have their level 2 support people logging in to these types of forums as different people and posting great reviews every day, I dont think they have stopped doing that.
Is there any one who has been with their hosting co for years and have a site like mine that can say that they recommend it?
View 6 Replies
View Related
Jun 20, 2007
Alot of VB forums have hacking every day
In fact All hackers couldn't hack databases or files
They only edit one template in style like header or forumhome
So Uploading style again resolve the problem
But How can I disallow them to to edit templates
Any functiond to disable or rule for mod_sec ?
View 4 Replies
View Related
Aug 29, 2008
I want to know that my main site smsbucket.com and smsbucket.com/forums are both hosted on same server.
But in future when my forum will grow I will need to switch host because my current hosting provider doesn't provide big disk space so in future can I just host /forums on different server? and keep smsbucket.com on my current server?
View 14 Replies
View Related
Aug 31, 2008
Does anyone know if such a thing exists? A Tool to convert a mailing list to a forum like say phpBB or VB?
View 1 Replies
View Related
Feb 24, 2008
Whats the best host for hosting a forum for free?
View 1 Replies
View Related
Dec 22, 2007
I'm an owner and manager of a server running about a year ago, and everything was fine till three months ago.
Many VBulletin forums hacked from one hacer.
i hired a technical to re-setup security of the server
upgrading for ( OS , php , apache ) done. and other setting...
after that he said every thing is ok now.
3 weeks later , hack back again from another hacker on 3 VBulletin forums
put in your concideration all hacked forums are secured enough and using 3.6.8 patch level 2.
what possible reasons assist the hacker to reach config file?
is this a gab from the server or VB version?
OS : Fedore 5 .. upgraded from Fedora 4
php Version : 5.2.4
Apache Version : 1.3.39
PERL version 5.8.8
View 13 Replies
View Related
Jul 14, 2007
some of my user , have problem by sending activate email , from their forums and sites such as Vbulletin and phpnuke
this issue happen since i checked (Prevent the user "nobody" from sending out mail to remote addresses) box in Tweak setting , for preventing Spammers.
Suexec was enabled in my server , but i dont enable PhpSuexec in apache build .
View 2 Replies
View Related
Dec 29, 2007
I've been receiving many bounced mail looking like this:
------------------------------------------------------
-----Original Message-----
From: Mail Delivery System [mailto:Mailer-Daemon@swh1.sellwebhost.com]
Sent: December 29, 2007 6:05 AM
To: nobody@swh1.sellwebhost.com
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
alakeneex@mail.ru
SMTP error from remote mail server after RCPT TO:<alakeneex@mail.ru>:
host mxs.mail.ru [194.67.23.20]: 550 Access from ip address 72.55.156.210 blocked. Visit http://win.mail.ru/cgi-bin/support_bl?ip=72.55.156.210
------ This is a copy of the message, including all the headers. ------
Return-path: <nobody@swh1.sellwebhost.com>
Received: from nobody by swh1.sellwebhost.com with local (Exim 4.68)
(envelope-from <nobody@swh1.sellwebhost.com>)
id 1J8ZV7-0001oN-QQ
for alakeneex@mail.ru; Sat, 29 Dec 2007 06:05:09 -0500
To: alakeneex@mail.ru
Subject: Welcome to hidden.com Forums
Reply-to: jim@hidden.com
From: jim@hidden.com
Message-ID: <4448804740c38716c8c65ef3203108b3@hidden.com>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Sat, 29 Dec 2007 06:05:09 -0500
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
Welcome to hidden.com Forums
Please keep this email for your records. Your account information is as
follows:
----------------------------
Username: enunkkawncuri
Password: jOFwawk954
----------------------------
Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account.
Thank you for registering.
--
Thanks,
hidden.com
-----------------------------------------------------------
This is only one exemple from one forum but many of our users use forums as well and we receive dozens of similar mails.. Is there a way to stop this or to make the mail rebound to the user instead to nobody?
View 3 Replies
View Related
Nov 7, 2009
Staminus Communications has been hosting a botnet forum, which distributes bots, worms, trojans, illegal clickers, and tons more, 95% of the site is illegal, and is forbidden by Staminus's provider yet they could care less as long as they get there money, I sent an abuse letter August 17th 2009, they even admitted things were illegal on the site, I pointed out several like the Google Adsense clicker bot which is highly illegal and which is nothing close to the other content hosted and/or linked to.
They are hosting unkn0wn.ws they refuse to remove the site or make them remove the illegal content which is most of the forum, which now forces me to send a letter to there provider and the cybercrime which I am now doing.
Now I guess they do not care about what they host, only if the person pays, so I guess I'm just going to expose it here for everyone to notice, because it's just going to get there data center raided over time by hosting illegal content and not removing it.
Let's see what you guys think, or what the admins have to say when they read this post.
What do you guys think when a provider does nothing about illegal content do you think it's the employee's that are at fault or the customer?
View 0 Replies
View Related
Jan 7, 2009
I have spent several hours on this forum over the past few days doing some research and have officially confused myself. I am a volunteer with a nonprofit organization and our online forums (running on vbulletin) are maxing out the database SQL connections several times per day. The host has a max_user_connections limit of 15 but doesn't have an intermediary step from shared hosting to dedicated hosting. Dedicated hosting is cost-prohibitive and the rest of our site has more than enough room to grow on our current hosting plan (including traffic bandwidth, disk space, etc).
We are planning to register a new domain name for the forums and move them off to another hosting provider. I donate the hosting fees to the organization and I don't have much of a budget to work with ($20/mo or so ideally). I am looking for recommendations for a hosting provider that will support a somewhat busy forum (usually only between 30-50 users online at once but anywhere between 1,000 and 2,500 pageviews per day) and also allow a stepped growth plan (instead of from shared straight to dedicated.)
I've seen Hawk Host, Siteground and URLJet mentioned frequently on posts here and over at vBulletin but I don't want to just jump into a new host and face a similar problem in the future.
View 14 Replies
View Related
Jul 17, 2007
Email on server working fine, I can send mails from webmaster@xxx.com to any email only forums like VB don't send emails to hotmail & yahoo ! but emails from forums arrive to emails like webmaster@xxx.com
View 1 Replies
View Related
Nov 24, 2006
I'll second what is said about Lunarpages. They are an absmal McHost whose priority is to lure in as many customers as possible without bothering about the quality of their service. I challenge anybody to ring their telephone support line and see if somebody picks it up. I have tried to call ten times in the last six months and never been able to get through once, despite hanging on for ages.
Just today my entire website was down because Lunarpages moved it to a new server (without asking me) and screwed up. The website, Azam.biz has over 17,000 references to it in Google and is critical to my business. I sat drowing in sweat for hours. I couldn't get hold of anybody at Lunarpages by telephone or live chat and the one support response I received ws addressing an unrelated issue.
Worse thing of the lot is Lunarpages censors criticism them on their forums more so than any webhost I have ever know. Every time I post a comment about downtime or not being able to get hold of anybody on the telephone, they delete the post saying it is "incorrect". I have never met a company with such a Stalinesque censorship policy.
I have feared posting anything negative about Lunarpages on other forums because I've been worried about them closing down my account. But, after having suffered so much stress because of them today, I don't care any more.
I am going to back up by entire site now, because I'm worried they will close down my account after reading this. They are not the type of company to take on board criticism and use it to improve their offerings; their obsession is to stifle any criticism.
I am now suffering pain in my heart for the first time in my life because of how badly Lunarpages have treated me today. Their arrogance shows no bounds - they are smug, full of hype and don't give a damn about ruining customers' businesses.
View 7 Replies
View Related
May 15, 2009
I want my users to be redirected directly to my forum
so when they type in www.mywebsite.com it will redirect instantly to www.mywebsite.com/forums
I know this can be done on Cpanel... any other ways?
View 7 Replies
View Related
Apr 21, 2008
I have been using mod_security 1.9.x since it first release on apache 1.3 and apache 2.0.x, rules are great and they work perfect with no issues at all with any php-mysql website. Do you recommend using mod_security 2.0 or 2.5 ? (I do know that 2.5 does not work with apache 1.3).
View 2 Replies
View Related
Apr 19, 2008
using mod_security, but I believe that I have it installed correctly with some rules that should be generating entries in the security audit log. No matter what I do, I can't seem to get mod_security to generate any sort of log entries.
I am using version 2.1.7. I compiled it with no problems. In my httpd.conf file, I have the following relevant lines:
LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf
I don't think there are any problems here, as I know it is running directives from the configuration file I edited. This is the file I'm working with:
modsecurity_crs_10_config.conf
Here are the relevant lines from the config file:
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 524288
SecDefaultAction "phase:2,auditlog,log,pass,status:500"
SecAuditEngine On
SecAuditLogType Serial
SecAuditLog logs/modsec_audit.log
SecAuditLogParts "ABIFHZ"
SecRequestBodyInMemoryLimit 131072
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 3
I know that the config file is being read because when I start apache, the log files (modsec_audit.log and modsec_debug.log) are created. The problem is that the files are empty and remain empty no matter what I do. I have even tried setting permissions on the files to 777.
Here are a couple of rules I created in an attempt to generate log entries:
SecRule REQUEST_BODY "viagra"
SecRule REMOTE_ADDR "^1.1.3.4$" auditlog,phase:1,allow
I put these in the same config file mentioned above. As far as I understand, the first rule should examine the request body (which would include data in POST requests) for the word, "viagra". Since my default action is phase:2,auditlog,log,pass,status:500, such requests should end up in the audit log. However, when I use a form on my site to post the word "viagra", nothing is generated in the log file.
The second rule, as far as I understand, should generate a log entry any time the IP address 1.2.3.4 is sent in the request headers. Instead of 1.2.3.4, of course, I have put in my real IP address. However, when I visit my server and browse pages, nothing is logged. I assume that my requests should generate log entries since I match the IP address.
View 3 Replies
View Related
Dec 1, 2007
I am currently running a few small websites that use a CMS. Two are Dragonfly and one is Joomla.
I am getting sporadic errors with both systems that, upon research, seem to be related to Apache and the mod_security module. I am getting the following error:
Code:
Not Acceptable
An appropriate representation of the requested resource /somefolder/index.php could not be found on this server.
Well, I'm no idiot (although some people may tend to disagree ) and after some searching, I found that this most likely points to an Apache error. Most solutions suggest to put the following in my .htacess file for the site:
Code:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
It was noted that "SecFilterScanPOST Off" may or not be necessary. I have added the above to the .htaccess for each site (all 3 sites are subdomains) and have also added it to the .htaccess that is in the root folder for the site. Nothing has worked.
So my question is, is it possible that my webhost can override my .htaacess settings with their own? This is the only explanation that I can think of. But of course, I am no expert, which is why I turn to you good folks for help once again.
View 0 Replies
View Related
Jul 27, 2008
I want to add some more rules to to mod_security, however I am unsure if some of them are already being used.
So would it cause any problems if there are duplicate rules for the time being till I can check through all the rules?
View 2 Replies
View Related
Jul 23, 2007
I am having lots of problems installing mod_security on RH5 64 w/ Plesk.
mainly related to apr0, subversion, and the headers.
Any reason why everyone recommends to use version 1.94 of mod_security rather than the latest version available on www.modsecurity.org?
View 3 Replies
View Related
Oct 2, 2007
I've got this:
mod_security: Access denied with code 406. Error normalising REQUEST_URI: Invalid URL encoding detected: invalid characters used [hostname "www.mydomain.com"] [uri "/search/include/js_suggest/suggest.php?type=query&q=%u062E%u0636%u0631%u0627"]
how to disable/exclude this uri in mentioned host from being catched by mod_security?
View 4 Replies
View Related
Mar 29, 2007
how many people are actually using mod_security 2 instead of 1?
And why did you choose the version you did?
View 4 Replies
View Related
Jun 5, 2007
I installed modsecurity from Addone module in Cpanel
When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini.
Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site?
View 14 Replies
View Related
May 11, 2009
I tried using mod_security and mod_filter together. However, when I try to filter js files, I noticed that certain pages stop working, especially those using ajax.
View 2 Replies
View Related
Jul 24, 2009
I installed Mod_Security on my Cent OS server today and having some problem in configurating it.
Problem -
I have added this module in 'httpd.conf' file
Code:
<IfModule mod_security.c>
SecFilterEngine On
SecServerSignature "Apache"
SecFilterCheckUnicodeEncoding Off
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterScanPOST On
SecFilterDefaultAction "deny,log,status:403"
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilter "../"
SecFilter "viewtopic.php?" chain
SecFilter "chr(([0-9]{1,3}))" "deny,log"
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "/../../ "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
</IfModule>
But my website is multi forum hosting and requires 'index.php' file to pass parameter to make it work.
Example -
[url]
[url]
[url]
So i had to delete below mention code from above module.
Code:
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilter "../"
View 0 Replies
View Related
May 25, 2009
Is it possible to disable a particular mod_security rule for particular directory or the rules are global?
View 4 Replies
View Related
Aug 15, 2008
I just installed mod_security via WHM, and want to know what rule should I enter to prevent some URLs from being opened.
For example, if URL contains word "abc" (like domain.com/some_folder/abc/file.php), it should not be opened.
View 4 Replies
View Related
May 20, 2009
I have installed a new server with debian lenny 5, ISPConfig 3.0.1.1 and the newest mod_security and implemented the default rules.
I deactivated the rule detecting IP in pageheaders.
Then I got another problem. Some actions of ISPConfig are detected as "remote file access attempt", severity "critical", tag "web attack/file injection" data "/etc/"
detected by rule file crs_40 line 114, id 950005
question: how do I authorize ISPConfig and only ISPConfig to perform such requests on the server?
View 4 Replies
View Related
Jun 4, 2008
how to set the rules of MOD_Security.
Another question for professionals:
Q: What are the best rules to secure my server? I'd appreciate if you managed to attach these rules to your replies. // FYI, I host VBulletin portals.
View 3 Replies
View Related
Dec 24, 2008
Trying to use an RBL with ModSecurity but this matches everything whether listed or not.
SecRule REMOTE_ADDR "@rbl bb.barracudacentral.org" "log,deny,msg:'POST RBL Comment Spammer'"
What I would like to do is do an RBL lookup and any POST operations.
View 2 Replies
View Related
Feb 25, 2008
make this rules work on apache 2 mod_security 2?
View 4 Replies
View Related
