Are There Issues With Mod_Security And Forums

Aug 13, 2008

I am running Apache 2.2 on CentOS. I really want to install mod_security to lock things down. But I saw where there were some issues with mod_security and forums. I plan on having a forum live on my site shortly. I found this bit of info:

If you install mod security on the server, some forums will not work properly as this will compare each pattern which is posted against the rule set and will block it if found matching.

Is anyone using mod_security with a forum currently?

View 4 Replies


ADVERTISEMENT

VB Forums On VPS Hosts

Jun 18, 2009

I run a small vb forum that is quickly expanding beyond the shared hosting plan we currently have with GoDaddy. So far we have been looking at VPS as a solution that would allow us to grow as we grow.

I hope I'm allowed to ask this, but I am looking for examples of vb forums that have about 100 concurrently logged in members and examples of vb forums with 200 members concurrently logged in and are running on either KnownHost or WiredTree (or an alternative service).

Please provide a link to your forum, the name of the host, and the VPS package you currently have. Finally, please let me know if you are utilizing Litespeed.

I'm hoping this will become a great resource for growing community owners looking to take the next step.

Link:
Provider:
VPS Package:

View 6 Replies View Related

Hosting Forums

Jun 22, 2008

Over the past 4 years I have had 5 different hosting companies. I run a small forum (400 to 1k page vies per day) and is a nuke forum. It usually runs flawlessly on the new host for 7 to 9 months and then the db bogs down and I switch to a new host and install the complete db again to the days postings and it runs gr8 yet again.

Im no expert but Im no newb either. I have worked for 2 hosting companies (Hostgator & Applied Innovations) and I have my Bachelors in IT. I know enough to be dangerous! Is there anyone who can tell me if there is a host that I can put my little forums on that doesnt charge an arm and a leg and is reliable enough to stay with.

I have seen all the reviews all over the place, but from working at hostgator I know they have their level 2 support people logging in to these types of forums as different people and posting great reviews every day, I dont think they have stopped doing that.

Is there any one who has been with their hosting co for years and have a site like mine that can say that they recommend it?

View 6 Replies View Related

Forums Hacking

Jun 20, 2007

Alot of VB forums have hacking every day
In fact All hackers couldn't hack databases or files

They only edit one template in style like header or forumhome
So Uploading style again resolve the problem
But How can I disallow them to to edit templates

Any functiond to disable or rule for mod_sec ?

View 4 Replies View Related

Can I Host My Forums On Different Server

Aug 29, 2008

I want to know that my main site smsbucket.com and smsbucket.com/forums are both hosted on same server.

But in future when my forum will grow I will need to switch host because my current hosting provider doesn't provide big disk space so in future can I just host /forums on different server? and keep smsbucket.com on my current server?

View 14 Replies View Related

Mailing List To Forums

Aug 31, 2008

Does anyone know if such a thing exists? A Tool to convert a mailing list to a forum like say phpBB or VB?

View 1 Replies View Related

Good Free Host For Forums

Feb 24, 2008

Whats the best host for hosting a forum for free?

View 1 Replies View Related

Why Always ALL VBulletin Forums Get Hacked Easily

Dec 22, 2007

I'm an owner and manager of a server running about a year ago, and everything was fine till three months ago.

Many VBulletin forums hacked from one hacer.

i hired a technical to re-setup security of the server
upgrading for ( OS , php , apache ) done. and other setting...
after that he said every thing is ok now.
3 weeks later , hack back again from another hacker on 3 VBulletin forums
put in your concideration all hacked forums are secured enough and using 3.6.8 patch level 2.

what possible reasons assist the hacker to reach config file?
is this a gab from the server or VB version?

OS : Fedore 5 .. upgraded from Fedora 4
php Version : 5.2.4
Apache Version : 1.3.39
PERL version 5.8.8

View 13 Replies View Related

Sending Activat Mail From Their Forums

Jul 14, 2007

some of my user , have problem by sending activate email , from their forums and sites such as Vbulletin and phpnuke

this issue happen since i checked (Prevent the user "nobody" from sending out mail to remote addresses) box in Tweak setting , for preventing Spammers.

Suexec was enabled in my server , but i dont enable PhpSuexec in apache build .

View 2 Replies View Related

Bouncing Mails From User's Forums..

Dec 29, 2007

I've been receiving many bounced mail looking like this:

------------------------------------------------------

-----Original Message-----
From: Mail Delivery System [mailto:Mailer-Daemon@swh1.sellwebhost.com]
Sent: December 29, 2007 6:05 AM
To: nobody@swh1.sellwebhost.com
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

alakeneex@mail.ru
SMTP error from remote mail server after RCPT TO:<alakeneex@mail.ru>:
host mxs.mail.ru [194.67.23.20]: 550 Access from ip address 72.55.156.210 blocked. Visit http://win.mail.ru/cgi-bin/support_bl?ip=72.55.156.210

------ This is a copy of the message, including all the headers. ------

Return-path: <nobody@swh1.sellwebhost.com>
Received: from nobody by swh1.sellwebhost.com with local (Exim 4.68)
(envelope-from <nobody@swh1.sellwebhost.com>)
id 1J8ZV7-0001oN-QQ
for alakeneex@mail.ru; Sat, 29 Dec 2007 06:05:09 -0500
To: alakeneex@mail.ru
Subject: Welcome to hidden.com Forums
Reply-to: jim@hidden.com
From: jim@hidden.com
Message-ID: <4448804740c38716c8c65ef3203108b3@hidden.com>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Sat, 29 Dec 2007 06:05:09 -0500
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2

Welcome to hidden.com Forums

Please keep this email for your records. Your account information is as
follows:

----------------------------
Username: enunkkawncuri
Password: jOFwawk954
----------------------------

Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account.

Thank you for registering.

--
Thanks,

hidden.com
-----------------------------------------------------------

This is only one exemple from one forum but many of our users use forums as well and we receive dozens of similar mails.. Is there a way to stop this or to make the mail rebound to the user instead to nobody?

View 3 Replies View Related

Staminus Communications Hosting Botnet Forums

Nov 7, 2009

Staminus Communications has been hosting a botnet forum, which distributes bots, worms, trojans, illegal clickers, and tons more, 95% of the site is illegal, and is forbidden by Staminus's provider yet they could care less as long as they get there money, I sent an abuse letter August 17th 2009, they even admitted things were illegal on the site, I pointed out several like the Google Adsense clicker bot which is highly illegal and which is nothing close to the other content hosted and/or linked to.

They are hosting unkn0wn.ws they refuse to remove the site or make them remove the illegal content which is most of the forum, which now forces me to send a letter to there provider and the cybercrime which I am now doing.

Now I guess they do not care about what they host, only if the person pays, so I guess I'm just going to expose it here for everyone to notice, because it's just going to get there data center raided over time by hosting illegal content and not removing it.

Let's see what you guys think, or what the admins have to say when they read this post.

What do you guys think when a provider does nothing about illegal content do you think it's the employee's that are at fault or the customer?

View 0 Replies View Related

Forums Outgrowing Shared Hosting Plan Already

Jan 7, 2009

I have spent several hours on this forum over the past few days doing some research and have officially confused myself. I am a volunteer with a nonprofit organization and our online forums (running on vbulletin) are maxing out the database SQL connections several times per day. The host has a max_user_connections limit of 15 but doesn't have an intermediary step from shared hosting to dedicated hosting. Dedicated hosting is cost-prohibitive and the rest of our site has more than enough room to grow on our current hosting plan (including traffic bandwidth, disk space, etc).

We are planning to register a new domain name for the forums and move them off to another hosting provider. I donate the hosting fees to the organization and I don't have much of a budget to work with ($20/mo or so ideally). I am looking for recommendations for a hosting provider that will support a somewhat busy forum (usually only between 30-50 users online at once but anywhere between 1,000 and 2,500 pageviews per day) and also allow a stepped growth plan (instead of from shared straight to dedicated.)

I've seen Hawk Host, Siteground and URLJet mentioned frequently on posts here and over at vBulletin but I don't want to just jump into a new host and face a similar problem in the future.

View 14 Replies View Related

Forums Don't Send To Free Mails Like Hotmail

Jul 17, 2007

Email on server working fine, I can send mails from webmaster@xxx.com to any email only forums like VB don't send emails to hotmail & yahoo ! but emails from forums arrive to emails like webmaster@xxx.com

View 1 Replies View Related

Lunarpages Service Is Poor And They Censor All Criticism On Their Forums

Nov 24, 2006

I'll second what is said about Lunarpages. They are an absmal McHost whose priority is to lure in as many customers as possible without bothering about the quality of their service. I challenge anybody to ring their telephone support line and see if somebody picks it up. I have tried to call ten times in the last six months and never been able to get through once, despite hanging on for ages.

Just today my entire website was down because Lunarpages moved it to a new server (without asking me) and screwed up. The website, Azam.biz has over 17,000 references to it in Google and is critical to my business. I sat drowing in sweat for hours. I couldn't get hold of anybody at Lunarpages by telephone or live chat and the one support response I received ws addressing an unrelated issue.

Worse thing of the lot is Lunarpages censors criticism them on their forums more so than any webhost I have ever know. Every time I post a comment about downtime or not being able to get hold of anybody on the telephone, they delete the post saying it is "incorrect". I have never met a company with such a Stalinesque censorship policy.

I have feared posting anything negative about Lunarpages on other forums because I've been worried about them closing down my account. But, after having suffered so much stress because of them today, I don't care any more.

I am going to back up by entire site now, because I'm worried they will close down my account after reading this. They are not the type of company to take on board criticism and use it to improve their offerings; their obsession is to stifle any criticism.

I am now suffering pain in my heart for the first time in my life because of how badly Lunarpages have treated me today. Their arrogance shows no bounds - they are smug, full of hype and don't give a damn about ruining customers' businesses.

View 7 Replies View Related

How To Redirect.. Www.website.com -> Www.website.com/forums

May 15, 2009

I want my users to be redirected directly to my forum

so when they type in www.mywebsite.com it will redirect instantly to www.mywebsite.com/forums

I know this can be done on Cpanel... any other ways?

View 7 Replies View Related

Mod_Security 2.5, Or 2.0?

Apr 21, 2008

I have been using mod_security 1.9.x since it first release on apache 1.3 and apache 2.0.x, rules are great and they work perfect with no issues at all with any php-mysql website. Do you recommend using mod_security 2.0 or 2.5 ? (I do know that 2.5 does not work with apache 1.3).

View 2 Replies View Related

Mod_security Won't Log Anything

Apr 19, 2008

using mod_security, but I believe that I have it installed correctly with some rules that should be generating entries in the security audit log. No matter what I do, I can't seem to get mod_security to generate any sort of log entries.

I am using version 2.1.7. I compiled it with no problems. In my httpd.conf file, I have the following relevant lines:

LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf

I don't think there are any problems here, as I know it is running directives from the configuration file I edited. This is the file I'm working with:

modsecurity_crs_10_config.conf

Here are the relevant lines from the config file:

SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 524288
SecDefaultAction "phase:2,auditlog,log,pass,status:500"
SecAuditEngine On
SecAuditLogType Serial
SecAuditLog logs/modsec_audit.log
SecAuditLogParts "ABIFHZ"
SecRequestBodyInMemoryLimit 131072
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 3

I know that the config file is being read because when I start apache, the log files (modsec_audit.log and modsec_debug.log) are created. The problem is that the files are empty and remain empty no matter what I do. I have even tried setting permissions on the files to 777.

Here are a couple of rules I created in an attempt to generate log entries:

SecRule REQUEST_BODY "viagra"
SecRule REMOTE_ADDR "^1.1.3.4$" auditlog,phase:1,allow

I put these in the same config file mentioned above. As far as I understand, the first rule should examine the request body (which would include data in POST requests) for the word, "viagra". Since my default action is phase:2,auditlog,log,pass,status:500, such requests should end up in the audit log. However, when I use a form on my site to post the word "viagra", nothing is generated in the log file.

The second rule, as far as I understand, should generate a log entry any time the IP address 1.2.3.4 is sent in the request headers. Instead of 1.2.3.4, of course, I have put in my real IP address. However, when I visit my server and browse pages, nothing is logged. I assume that my requests should generate log entries since I match the IP address.

View 3 Replies View Related

Mod_security

Dec 1, 2007

I am currently running a few small websites that use a CMS. Two are Dragonfly and one is Joomla.

I am getting sporadic errors with both systems that, upon research, seem to be related to Apache and the mod_security module. I am getting the following error:

Code:
Not Acceptable

An appropriate representation of the requested resource /somefolder/index.php could not be found on this server.

Well, I'm no idiot (although some people may tend to disagree ) and after some searching, I found that this most likely points to an Apache error. Most solutions suggest to put the following in my .htacess file for the site:

Code:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

It was noted that "SecFilterScanPOST Off" may or not be necessary. I have added the above to the .htaccess for each site (all 3 sites are subdomains) and have also added it to the .htaccess that is in the root folder for the site. Nothing has worked.

So my question is, is it possible that my webhost can override my .htaacess settings with their own? This is the only explanation that I can think of. But of course, I am no expert, which is why I turn to you good folks for help once again.

View 0 Replies View Related

Mod_security

Jul 27, 2008

I want to add some more rules to to mod_security, however I am unsure if some of them are already being used.

So would it cause any problems if there are duplicate rules for the time being till I can check through all the rules?

View 2 Replies View Related

Mod_security On RH 5 64

Jul 23, 2007

I am having lots of problems installing mod_security on RH5 64 w/ Plesk.

mainly related to apr0, subversion, and the headers.

Any reason why everyone recommends to use version 1.94 of mod_security rather than the latest version available on www.modsecurity.org?

View 3 Replies View Related

Mod_security

Oct 2, 2007

I've got this:

mod_security: Access denied with code 406. Error normalising REQUEST_URI: Invalid URL encoding detected: invalid characters used [hostname "www.mydomain.com"] [uri "/search/include/js_suggest/suggest.php?type=query&q=%u062E%u0636%u0631%u0627"]

how to disable/exclude this uri in mentioned host from being catched by mod_security?

View 4 Replies View Related

Mod_security 1 Or 2 - What Do You Use?

Mar 29, 2007

how many people are actually using mod_security 2 instead of 1?

And why did you choose the version you did?

View 4 Replies View Related

Mod_security & C99shell Anyone Help Please ?

Jun 5, 2007

I installed modsecurity from Addone module in Cpanel

When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini.

Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site?

View 14 Replies View Related

Mod_security And Mod_filter

May 11, 2009

I tried using mod_security and mod_filter together. However, when I try to filter js files, I noticed that certain pages stop working, especially those using ajax.

View 2 Replies View Related

Mod_Security Configuration

Jul 24, 2009

I installed Mod_Security on my Cent OS server today and having some problem in configurating it.

Problem -

I have added this module in 'httpd.conf' file

Code:
<IfModule mod_security.c>
SecFilterEngine On

SecServerSignature "Apache"
SecFilterCheckUnicodeEncoding Off
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterScanPOST On

SecFilterDefaultAction "deny,log,status:403"

SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

SecFilterSelective HTTP_Transfer-Encoding "!^$"

SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilter "../"

SecFilter "viewtopic.php?" chain
SecFilter "chr(([0-9]{1,3}))" "deny,log"

SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "/../../ "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "

# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"

# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"

# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
</IfModule>

But my website is multi forum hosting and requires 'index.php' file to pass parameter to make it work.

Example -

[url]
[url]
[url]

So i had to delete below mention code from above module.

Code:
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"

SecFilterSelective HTTP_Transfer-Encoding "!^$"

SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilter "../"

View 0 Replies View Related

Mod_security Rules

May 25, 2009

Is it possible to disable a particular mod_security rule for particular directory or the rules are global?

View 4 Replies View Related

Mod_security Rules In WHM

Aug 15, 2008

I just installed mod_security via WHM, and want to know what rule should I enter to prevent some URLs from being opened.

For example, if URL contains word "abc" (like domain.com/some_folder/abc/file.php), it should not be opened.

View 4 Replies View Related

Mod_security And ISPConfig3

May 20, 2009

I have installed a new server with debian lenny 5, ISPConfig 3.0.1.1 and the newest mod_security and implemented the default rules.

I deactivated the rule detecting IP in pageheaders.

Then I got another problem. Some actions of ISPConfig are detected as "remote file access attempt", severity "critical", tag "web attack/file injection" data "/etc/"

detected by rule file crs_40 line 114, id 950005

question: how do I authorize ISPConfig and only ISPConfig to perform such requests on the server?

View 4 Replies View Related

How To Set The Rules Of MOD_Security

Jun 4, 2008

how to set the rules of MOD_Security.

Another question for professionals:

Q: What are the best rules to secure my server? I'd appreciate if you managed to attach these rules to your replies. // FYI, I host VBulletin portals.

View 3 Replies View Related

Mod_Security - Using RBLs

Dec 24, 2008

Trying to use an RBL with ModSecurity but this matches everything whether listed or not.
SecRule REMOTE_ADDR "@rbl bb.barracudacentral.org" "log,deny,msg:'POST RBL Comment Spammer'"

What I would like to do is do an RBL lookup and any POST operations.

View 2 Replies View Related

Mod_security 2 Rules

Feb 25, 2008

make this rules work on apache 2 mod_security 2?

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved