I have a VPS (Virtuozzo) with cPanel installed. I notice that iptables running in the VPS had many DROP rules when I listed using iptables -nL command. So I flushed iptabled using "iptables -F" command and also "> /etc/sysconfig/iptables" command and restarted iptabled. When I try to list the rules it would show empty. However when I try to list after a few minutes it is showing the same old rules with many DROP rules yet again! Is there anyway to remove the rules completely?
I keep trying to flush my iptables on my linux server but every time i try to do so my server seems to freeze (i lose access and have to reboot it for it to come back online), how can I go about deleting those ips manually rather than executing the flushing command? what options do I have?
I had csf firewall installed, and due to my own stupidity, attempted to login with the wrong password one too many times, which added my IP to iptables, locking me out. I had to SSH into a linux box at school, and then ssh into my server to stop the iptables service so I could get into my server.
I removed every trace of my IP that I could find in csf, but sometime in the middle of the night, iptables reloads some rules from somewhere that blocks me again. I also tried doing iptables -F to clear all rules, but again, sometime in the middle of the night, rules are reloaded and I get blocked. I even uninstalled csf to no avail. I just want to remove my IP once and for all.
Are you using any kind of external firewalling? I have enabled the passive ports in pure-ftpd and attempted to connect in passive mode, but it still fails.
and
Howdy,
You should allow connections on 30000 through 50000 for passive ftp
I use APF and APF is working with iptables , when I define a large number of IPs in deny_hosts.rules or allow_hosts.rules and restart the APF , iptables begins to display errors after applying some number of rules , I have set SET_TRIM="0" in APF , so the number of APF rules is unlimited and the error is from iptables.
Is there any setting in iptables config files for maximum number of rules?
Is it unlimited and depends only on system available memory? O/S , ...?
was wondering whether you thought it would be a good idea to flush my /tmp folder on a daily basis (rm -rf /tmp/*).
Do you think this would cause more issues than solutions? Seems my server could have potentially had some scripts in the /tmp that brought it down this morning...
ive got a site which auto creates subdomains and installs a script automaticly and inserts details into a mysql db. i have had some issues recent so have loads (talking 100s) of folders that are empty which i need to remove, and to remove the details of said folder from db also. any ideas how i can do this, using plesk control panel so removing the subdomain via plesk cli may be the best way in that respect but the db is external to plesk so that would not be edited
I signed up with Lunarpages a while back for a dedicated server for my business. Good price, managed hosting rocks, decent disk space... little problem once with a huge power outage, but **** happens, cool.
All is well until I wake up this morning to an email a minute about a failed cron job. It smells fishy, so I contact LUnar pages support to see whats up.
They inform me that some asswad had managed to brute force into my server using a temporary account I set up a while back for some tech support. (I prefaced this with 'im an idiot', so no you know why) Either way, my server now has a rootkit, plus other **** im sure im not aware of... so they propose to move me to a brand new fresh box. im thinking they are gonna charge me a fee for this, a fee for that... no way. All is free of charge.
Im ****ting kittens now.
so im resetting everything up, and i manage to look myself out of my database...(i told you I was an idiot.. and this was a looooong day already)
they fix it. again. no problem...
If you are looking for a dedicated server, go to lunarpages. otherwise you are a freaking idiot as far as I am concerned... Lunarpages, I love you, I want your babies...
PS: I am in no way affiliated with lunarpages... however, if they want to give me a free year on their servers, i wouldnt complain... *hint hint*
Any good secure rules for mod_security 2 that work well for shared servers?
Can someone share what rules you are using to secure your shared servers. Have tried a few different sets of rules, but a few customers always end up with errors and disabling it for their domain name doesn't sound like a safer option for them or the server.
how to create rules with ip/5hit/s is black list and auto ban ip with IPSec.
when test attack file .php info test : using code attack files. attack file test.php ( code files : <?php echo "we are test" ; ?> ) Ex : attack files test.php ( http://mydomain.php/test.php ) attack 200hit/s ( all files .php is not run ) php application is hang.
also wherewith code attack. i tested asp, html. it isn't problem. ( 1879hit/s ) ( good working)
Does anyone know any good mod_evasive rules that pick up DoS, but not many false positives? Just looking to see what works for everyone out there, been having trouble.
Or if there is better apache module to combat DoS.
We were recently hacked on our dedicated server and the hacker managed to insert php files that generated thousands of doorway pages in one of our images folder on our site. We have done an extensive cleanup of our site, removing all malicious files and are locking down the server. We have already updated to the latest versions of PHP and Wordpress,not to mention change all database passwords and admin password. My question is about mod_security for apache.
We were told Mod_security can prevent this from happening again but it must be configured correctly.
We have already set rules for mod_security. The rules set up are in the files in the directory, /etc/httpd/modsecurity.d/modsec. We were told that the file 10_asl_rules.conf specifically has filters to prevent SQL injection attacks.
These are are current rules: ---------------------------------------------------------------------- /etc/httpd/modsecurity.d/modsec # ls 05_asl_exclude.conf 30_asl_antispam.conf domain-blacklist-local.txt malware-blacklist.txt 05_asl_scanner.conf 30_asl_antispam_referrer.conf domain-blacklist.txt sql.txt 10_asl_antimalware.conf 40_asl_apache2-rules.conf domain-spam-whitelist.conf trusted-domains.conf 10_asl_rules.conf 50_asl_rootkits.conf domain-spam-whitelist.txt trusted-domains.txt 11_asl_data_loss.conf 60_asl_recons.conf malware-blacklist-high.txt whitelist.txt 20_asl_useragents.conf 99_asl_exclude.conf malware-blacklist-local.txt 30_asl_antimalware.conf 99_asl_jitp.conf malware-blacklist-low.txt -----------------------------------------------------------------
I can do to prevent this or tune up apache mod_security from letting this happen again. We are so paranoid that we are now checking our access log files for POST commands every day?
Im using a vps with centos 5 and cpanel/whm with apache 2.2.
Im tring to figure out how to use the gotroot rules with mod_security. I had enabled mod_security with easy apache. I tried to follow some other post had I found around on other forums with no luck really, with that said I am a linux noob. I had tried to follow the wiki on atomic sites <-- not enof post so I cant do links sorry, but I found it hard to under stand cause I dont have a modsecurity.config file that I can find, also I cant find AddModule mod_security.c in my httpd.config, but I did find this line, Include "/usr/local/apache/conf/modsec2.conf". My thing is im looking for a complete noob guide on how to use gotroot rules with mod_security enabled through easy apache, or would it be easyer to manully install mod_security?
I am having the Modsec 2.5.9 I am using the defaults rules by the cpanel when i try to update the rules along with default rules given by the cpanel i am getting internal server error (500 Error)
