Mod_Security Log File On Remote Box
Apr 6, 2007I have mod security installed on my box!
i want to make the mod_security logfile "audit_log" created on a remote box instead of the local "/etc/httpd/logs/audit_log"!
how to do that?
ADVERTISEMENT
Mod_security- Hacker Still Upload File..
Jan 18, 2007I just have someone uploading file via php on a website, i need a way to block that kind of attack via mod security?
can add in mod security to avoid this?
89.146.147.144 - - [17/Jan/2007:12:24:11 -0600] "GET /favicon.ico HTTP/1.1" 404 1002 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
89.146.147.144 - - [17/Jan/2007:12:24:23 -0600] "GET /XXXX/index.php?x=************.***?&action=mkdir&chdir=/var/www/vhosts/XXXX.net/httpdocs/XXXX/&newdir=bh HTTP/1.1" 200 154634 [url]
x=************.***??" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
89.146.147.144 - - [17/Jan/2007:12:24:32 -0600] "GET /XXXX/index.php?x=************.***?&chdir=/var/www/vhosts/XXXX.net/httpdocs/XXXX/bh/ HTTP/1.1" 200 7444 [url
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
89.146.147.144 - - [17/Jan/2007:12:24:41 -0600] "GET /XXXX/index.php?x=************.***?&action=mkdir&chdir=/var/www/vhosts/XXXX.net/httpdocs/XXXX/bh/&newdir=************.*** HTTP/1.1" 200 8422 [url]
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
Remote File Access
May 11, 2007if there's an OS where that is possible?...i'm probably in the wrong section at this point, but i was thinking about using Remote Desktop to accomplish this...something like a Virtual Private Network... but i don't have XP pro or any other system that could act like a server...
my goal is to allow staff working off site to easily access files through windows programs like ms word or ms excel to save, edit, etc -- files would be located on the web server or on a network computer on site (not necessarily a network server)
Remote Desktop And File Transfer
Nov 8, 2008I want to set up my desktop to be kind of a database. So I can access all my files on my home desktop, from school. (and be able to back up all my files on my reliable desktop as opposed to my not so reliable lappy)
Then the next thing I wanted to do is to be able to access my desktop using remote access. So I can control everything on my desktop, while I'm not there.
My laptop is running Vista Home Premium, I dont think that matters too much. But my desktop is running XP Home Edition.
I have a no-ip account. but I dont really know what my next step would be, I'm guessing to make a sort of FTP on my desktop? and I have NO clue how I'd do the remote desktop.
Import File From A Remote Backup Space
Feb 13, 2008How I can import my backups from remote backup space to my VPS.
View 6 Replies View RelatedPlesk 11.x / Linux :: FTP - File Do Not Show In Remote Server
May 11, 2014After a fresh install of Plesk 11.5 am unable to FTP the server.
The FTP client shows that successful but no file in the remote server and its lock I saw only / I cannot stroll the client on remote server
Site builders work ok, Wordpress and built software update and publish...
Upload A File On A Server To A Remote FTP Server Via SSH?
Oct 27, 2009Is there any way I can upload a file on a server to a remote FTP server via SSH?
View 10 Replies View RelatedRemote File Server And Web Server
Mar 16, 2007I own a file hosting site. The site is powered by 2 servers - 1 front end web and database server, and 1 where all the files are stored.
I'm facing a problem that uploading and downloading often failed. Connections to mysql would timeout.
Has it to do with mysql settings or because the file server is located at a distance from the sql server?
(my.cnf on the sql server)
[mysqld]
skip-locking
skip-innodb
max_user_connections=6000
max_connections=6000
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
Plesk 12.x / Linux :: Deny User Upload File Via File Manager Or Hidden File Tab?
Feb 10, 2015I'm build Plesk Panel for Linux and Presence Builder, I don't want my user can upload their website to hosting via File Manager. How can I do it...
View 2 Replies View Related1.com/file.php, 2.com/file.php Where File.php Is Hosted On Main.com/file.php
May 26, 2008Say I have 2 websites and they all use file.php which is located on mainserver.com/file.php.
I want to use the file like this:
website1.com/file.php
website2.com/file.php
Mod_Security 2.5, Or 2.0?
Apr 21, 2008I have been using mod_security 1.9.x since it first release on apache 1.3 and apache 2.0.x, rules are great and they work perfect with no issues at all with any php-mysql website. Do you recommend using mod_security 2.0 or 2.5 ? (I do know that 2.5 does not work with apache 1.3).
View 2 Replies View RelatedMod_security Won't Log Anything
Apr 19, 2008using mod_security, but I believe that I have it installed correctly with some rules that should be generating entries in the security audit log. No matter what I do, I can't seem to get mod_security to generate any sort of log entries.
I am using version 2.1.7. I compiled it with no problems. In my httpd.conf file, I have the following relevant lines:
LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf
I don't think there are any problems here, as I know it is running directives from the configuration file I edited. This is the file I'm working with:
modsecurity_crs_10_config.conf
Here are the relevant lines from the config file:
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 524288
SecDefaultAction "phase:2,auditlog,log,pass,status:500"
SecAuditEngine On
SecAuditLogType Serial
SecAuditLog logs/modsec_audit.log
SecAuditLogParts "ABIFHZ"
SecRequestBodyInMemoryLimit 131072
SecDebugLog logs/modsec_debug.log
SecDebugLogLevel 3
I know that the config file is being read because when I start apache, the log files (modsec_audit.log and modsec_debug.log) are created. The problem is that the files are empty and remain empty no matter what I do. I have even tried setting permissions on the files to 777.
Here are a couple of rules I created in an attempt to generate log entries:
SecRule REQUEST_BODY "viagra"
SecRule REMOTE_ADDR "^1.1.3.4$" auditlog,phase:1,allow
I put these in the same config file mentioned above. As far as I understand, the first rule should examine the request body (which would include data in POST requests) for the word, "viagra". Since my default action is phase:2,auditlog,log,pass,status:500, such requests should end up in the audit log. However, when I use a form on my site to post the word "viagra", nothing is generated in the log file.
The second rule, as far as I understand, should generate a log entry any time the IP address 1.2.3.4 is sent in the request headers. Instead of 1.2.3.4, of course, I have put in my real IP address. However, when I visit my server and browse pages, nothing is logged. I assume that my requests should generate log entries since I match the IP address.
Mod_security
Dec 1, 2007I am currently running a few small websites that use a CMS. Two are Dragonfly and one is Joomla.
I am getting sporadic errors with both systems that, upon research, seem to be related to Apache and the mod_security module. I am getting the following error:
Code:
Not Acceptable
An appropriate representation of the requested resource /somefolder/index.php could not be found on this server.
Well, I'm no idiot (although some people may tend to disagree ) and after some searching, I found that this most likely points to an Apache error. Most solutions suggest to put the following in my .htacess file for the site:
Code:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
It was noted that "SecFilterScanPOST Off" may or not be necessary. I have added the above to the .htaccess for each site (all 3 sites are subdomains) and have also added it to the .htaccess that is in the root folder for the site. Nothing has worked.
So my question is, is it possible that my webhost can override my .htaacess settings with their own? This is the only explanation that I can think of. But of course, I am no expert, which is why I turn to you good folks for help once again.
Mod_security
Jul 27, 2008I want to add some more rules to to mod_security, however I am unsure if some of them are already being used.
So would it cause any problems if there are duplicate rules for the time being till I can check through all the rules?
Mod_security On RH 5 64
Jul 23, 2007I am having lots of problems installing mod_security on RH5 64 w/ Plesk.
mainly related to apr0, subversion, and the headers.
Any reason why everyone recommends to use version 1.94 of mod_security rather than the latest version available on www.modsecurity.org?
Mod_security
Oct 2, 2007I've got this:
mod_security: Access denied with code 406. Error normalising REQUEST_URI: Invalid URL encoding detected: invalid characters used [hostname "www.mydomain.com"] [uri "/search/include/js_suggest/suggest.php?type=query&q=%u062E%u0636%u0631%u0627"]
how to disable/exclude this uri in mentioned host from being catched by mod_security?
Mod_security 1 Or 2 - What Do You Use?
Mar 29, 2007how many people are actually using mod_security 2 instead of 1?
And why did you choose the version you did?
Mod_security & C99shell Anyone Help Please ?
Jun 5, 2007I installed modsecurity from Addone module in Cpanel
When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini.
Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site?
Mod_security And Mod_filter
May 11, 2009I tried using mod_security and mod_filter together. However, when I try to filter js files, I noticed that certain pages stop working, especially those using ajax.
View 2 Replies View RelatedMod_Security Configuration
Jul 24, 2009I installed Mod_Security on my Cent OS server today and having some problem in configurating it.
Problem -
I have added this module in 'httpd.conf' file
Code:
<IfModule mod_security.c>
SecFilterEngine On
SecServerSignature "Apache"
SecFilterCheckUnicodeEncoding Off
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterScanPOST On
SecFilterDefaultAction "deny,log,status:403"
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilter "../"
SecFilter "viewtopic.php?" chain
SecFilter "chr(([0-9]{1,3}))" "deny,log"
SecFilterSelective THE_REQUEST "wget "
SecFilterSelective THE_REQUEST "lynx "
SecFilterSelective THE_REQUEST "scp "
SecFilterSelective THE_REQUEST "ftp "
SecFilterSelective THE_REQUEST "cvs "
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "curl "
SecFilterSelective THE_REQUEST "telnet "
SecFilterSelective THE_REQUEST "ssh "
SecFilterSelective THE_REQUEST "echo "
SecFilterSelective THE_REQUEST "links -dump "
SecFilterSelective THE_REQUEST "links -dump-charset "
SecFilterSelective THE_REQUEST "links -dump-width "
SecFilterSelective THE_REQUEST "links http:// "
SecFilterSelective THE_REQUEST "links ftp:// "
SecFilterSelective THE_REQUEST "links -source "
SecFilterSelective THE_REQUEST "mkdir "
SecFilterSelective THE_REQUEST "cd /tmp "
SecFilterSelective THE_REQUEST "cd /var/tmp "
SecFilterSelective THE_REQUEST "cd /etc/httpd/proxy "
SecFilterSelective THE_REQUEST "/config.php?v=1&DIR "
SecFilterSelective THE_REQUEST "/../../ "
SecFilterSelective THE_REQUEST "&highlight=%2527%252E "
SecFilterSelective THE_REQUEST "changedir=%2Ftmp%2F.php "
# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"
</IfModule>
But my website is multi forum hosting and requires 'index.php' file to pass parameter to make it work.
Example -
[url]
[url]
[url]
So i had to delete below mention code from above module.
Code:
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
SecFilter "../"
Mod_security Rules
May 25, 2009Is it possible to disable a particular mod_security rule for particular directory or the rules are global?
View 4 Replies View RelatedMod_security Rules In WHM
Aug 15, 2008I just installed mod_security via WHM, and want to know what rule should I enter to prevent some URLs from being opened.
For example, if URL contains word "abc" (like domain.com/some_folder/abc/file.php), it should not be opened.
Mod_security And ISPConfig3
May 20, 2009I have installed a new server with debian lenny 5, ISPConfig 3.0.1.1 and the newest mod_security and implemented the default rules.
I deactivated the rule detecting IP in pageheaders.
Then I got another problem. Some actions of ISPConfig are detected as "remote file access attempt", severity "critical", tag "web attack/file injection" data "/etc/"
detected by rule file crs_40 line 114, id 950005
question: how do I authorize ISPConfig and only ISPConfig to perform such requests on the server?
How To Set The Rules Of MOD_Security
Jun 4, 2008how to set the rules of MOD_Security.
Another question for professionals:
Q: What are the best rules to secure my server? I'd appreciate if you managed to attach these rules to your replies. // FYI, I host VBulletin portals.
Mod_Security - Using RBLs
Dec 24, 2008Trying to use an RBL with ModSecurity but this matches everything whether listed or not.
SecRule REMOTE_ADDR "@rbl bb.barracudacentral.org" "log,deny,msg:'POST RBL Comment Spammer'"
What I would like to do is do an RBL lookup and any POST operations.
Mod_security 2 Rules
Feb 25, 2008make this rules work on apache 2 mod_security 2?
View 4 Replies View Related