Updating Mod_Security Rules

May 1, 2009

How can I update mod_security rules in Cpanel/WHM server from gotroot.com?

View 3 Replies


Mod_security Rules

May 25, 2009

Is it possible to disable a particular mod_security rule for particular directory or the rules are global?

View 4 Replies View Related

Mod_security Rules In WHM

Aug 15, 2008

I just installed mod_security via WHM, and want to know what rule should I enter to prevent some URLs from being opened.

For example, if URL contains word "abc" (like domain.com/some_folder/abc/file.php), it should not be opened.

View 4 Replies View Related

How To Set The Rules Of MOD_Security

Jun 4, 2008

how to set the rules of MOD_Security.

Another question for professionals:

Q: What are the best rules to secure my server? I'd appreciate if you managed to attach these rules to your replies. // FYI, I host VBulletin portals.

View 3 Replies View Related

Mod_security 2 Rules

Feb 25, 2008

make this rules work on apache 2 mod_security 2?

View 4 Replies View Related

Mod_security 2 Rules

Dec 17, 2008

Any good secure rules for mod_security 2 that work well for shared servers?

Can someone share what rules you are using to secure your shared servers. Have tried a few different sets of rules, but a few customers always end up with errors and disabling it for their domain name doesn't sound like a safer option for them or the server.

Share your mod_sec 2 rules.

View 2 Replies View Related

Mod_security 2 Rules

May 10, 2008

Is there any difference with the old one?

I have a customized modsecurity.conf file in my old Apache 1.3 server. Is it ok to copy it to new modsec2.conf?

View 13 Replies View Related

Setting The Right Rules For Mod_Security

Nov 6, 2009

We were recently hacked on our dedicated server and the hacker managed to insert php files that generated thousands of doorway pages in one of our images folder on our site. We have done an extensive cleanup of our site, removing all malicious files and are locking down the server. We have already updated to the latest versions of PHP and Wordpress,not to mention change all database passwords and admin password. My question is about mod_security for apache.

We were told Mod_security can prevent this from happening again but it must be configured correctly.

We have already set rules for mod_security. The rules set up are in the files in the directory, /etc/httpd/modsecurity.d/modsec. We were told that the file 10_asl_rules.conf specifically has filters to prevent SQL injection attacks.

These are are current rules:
# ls
05_asl_exclude.conf 30_asl_antispam.conf domain-blacklist-local.txt malware-blacklist.txt
05_asl_scanner.conf 30_asl_antispam_referrer.conf domain-blacklist.txt sql.txt
10_asl_antimalware.conf 40_asl_apache2-rules.conf domain-spam-whitelist.conf trusted-domains.conf
10_asl_rules.conf 50_asl_rootkits.conf domain-spam-whitelist.txt trusted-domains.txt
11_asl_data_loss.conf 60_asl_recons.conf malware-blacklist-high.txt whitelist.txt
20_asl_useragents.conf 99_asl_exclude.conf malware-blacklist-local.txt
30_asl_antimalware.conf 99_asl_jitp.conf malware-blacklist-low.txt

I can do to prevent this or tune up apache mod_security from letting this happen again. We are so paranoid that we are now checking our access log files for POST commands every day?

View 13 Replies View Related

Gotroot Rules With Mod_security

Jul 2, 2009

Im using a vps with centos 5 and cpanel/whm with apache 2.2.

Im tring to figure out how to use the gotroot rules with mod_security. I had enabled mod_security with easy apache. I tried to follow some other post had I found around on other forums with no luck really, with that said I am a linux noob. I had tried to follow the wiki on atomic sites <-- not enof post so I cant do links sorry, but I found it hard to under stand cause I dont have a modsecurity.config file that I can find, also I cant find AddModule mod_security.c in my httpd.config, but I did find this line, Include "/usr/local/apache/conf/modsec2.conf". My thing is im looking for a complete noob guide on how to use gotroot rules with mod_security enabled through easy apache, or would it be easyer to manully install mod_security?

View 11 Replies View Related

Mod_security Rules & 500 Error

Nov 4, 2009

I am having the Modsec 2.5.9 I am using the defaults rules by the cpanel when i try to update the rules along with default rules given by the cpanel i am getting internal server error (500 Error)

The rules i tried to implement are from



View 5 Replies View Related

Best Mod_security Rules Site

Apr 29, 2008

I doubt anyone is writing their own rules so what do you think is the best site for mod_security rules which are strong but also do not result in many false positives.

I know of [url] posts rules but is there anyone else worth mentioning?

View 8 Replies View Related

C99Shell :: Attack Rules For Mod_security

Oct 3, 2007

i want to prevent c99shell scripts from running.

I found this rule to detect URI's for the c99 shell.

#new kit
SecFilterSelective REQUEST_URI "/c99shell.txt"
SecFilterSelective REQUEST_URI "/c99.txt?"
My problem is that the hackers are being more stealthy and calling the
script some random name like .../myphpstuff.php. So the URI no longer helps detect it.

How could I detect "c99shell" in the actual file that apache servers? This assumes that the hacker was successfully in installing it.

my box

Apache 1.3.37
WHM 11.2.0 cPanel 11.11.0-R16983
FEDORA 5 i686 - WHM X v3.1.0

View 3 Replies View Related

Redistribuable And DFSG-free Mod_security Rules

Mar 23, 2009

I'm the main author of a control panel, and we are working toward security enforcement. So we are looking at what kinds of rules we can add in mod_security.

The issue is that our control panel is open source, and that, even if I have found some nice mod_security rule sets on the internet (for example at gotroot.com), I need to get some that are FREE (as freedom), and that I can include in our project.

What I am looking for is application specific rules (like the ones preventing phpBB highlight insertions, for example), so having someone using an old version of a given software on his hosting space is not an issue anymore.

View 0 Replies View Related

Mod_security With Gotroot Rules Filtering Out Firefox

Feb 4, 2008

I just wanted to confirm if you guys had the same problem. It seems that mod_security with gotroot rules for apache 1.3 is filtering out firefox. Everything works fine with IE. With the latest firefox I get this for any page requested:

mod_security-message: Access denied with code 500. Pattern match "^GET (http|https|ftp):/" at THE_REQUEST [severity "EMERGENCY"]

View 4 Replies View Related

Fantastico Updating?

Jun 12, 2008

I recently had Fantastico update issues, my fantistico was giving me errors such as "This feature is currently not availabel, please contact your host." lol

I tried lodging a CRON job to do the update ...but waited 72 hours and nothing ! lol

Later i found our that the Fantastico licensing server was down for a while lol

Any one had this issue lately ... ?

View 6 Replies View Related

Ftp Dead After Updating Vps By Yum

Feb 10, 2009

i just installed rpmforge repo and updated the my vps everything went fine now every thing is fine exept ftp i have tried both pure-ftp and pro-ftp both are not workingh the port 21 is used by xinetd i am not able to find out what to due the ftp installs successfully but after installations is done it give Failed on restarting stopping or starting

WHat can i do to remove this i used the status command to
/etc/init.d/pureftpd status
Pureftpd is dead
this is what i got
Pro-ftpd gives error unable to bind ip at port 21

View 6 Replies View Related

Updating My Security

Jul 26, 2008

I'm trying to figure out which security measures to apply to my new server. I last tweaked security on a web server four years ago, and it seems like these days cPanel does automatically much that I did manually before. CSF seems to help with a lot of the rest.

I know chrooted BIND was all the rage, for example, four years ago, but now I can hardly find mention of it. Is it still worth it?

also, thoughts on changing the SSH port? Is that really worth it? I presume that means users would manually have to specify the SSH port every time they wished to connect...

View 0 Replies View Related

Bandmin Is Not Updating

Feb 2, 2007

I have just got the new server adn I tried to check bandwidth usage via 'Bandmin' but it seems like not updating because its all 0,

Last updated Fri Feb 2 21:00:04 2007

Ip Possible Domain(s) Transfer in gig Transfer in meg Transfer in kbit/s Transfer in kb/s Transfer in mbit/s
Total in 0.000000 0 0.000000 0.000000 0.000000

View 2 Replies View Related

What Is A Kernel And When Does It Need Updating

May 25, 2007

What exactly is a kernel and when will we need to ask the server management to update it? Read quite a few posts here indicating that kernel's were vulnerable to security issues. Still trying to learn all the to do's for hosting websites on a dedicated server.

View 5 Replies View Related

Stats Not Updating

Jul 11, 2007

root@server [/scripts]# ./runweblogs username
Log checker loaded ok..
==> WARNING: The configured processor count does not match the
==> actual processor count (4)! Running log analysis programs
==> on this system may cause excessive load! You should set "extracpus"
==> to "0" in /var/cpanel/cpanel.config if this is not ok.
==> cPanel Log Daemon version 22.2
==> Shared RRDTOOL support enabled
==> Starting cpbandwd (bandwidth monitoring for IMAP/POP)
cpbandwd is already running.
Processing eldred...
Run Logs domain: domain.com BW Limit: 262144000000 Domains: [save.domain.com save.info store.domain.com]

Stats are not updating for this account. I ran this twice, keeps getting stuck at this line forever..

Run Logs domain: domain.com BW Limit: 262144000000 Domains: [save.domain.com save.info store.domain.com]

View 11 Replies View Related

Awstats Not Updating Frequently Enough

Jan 11, 2009

My Awstats is updating every other day and I would like it to up date daily.

I am in my third month of hosting and in about first 2 months, Awstats would update every day.

I have searched and read where it is possible to get Awstats to update manualy but it seems that my scenario isn't the same as everyone else's.

I am accessing my Awstats through CPanel and there is no way that I see to modify when Awstats updates.

View 7 Replies View Related

Php Not Updating After Php Update On Centos

Jul 14, 2009

im trying to update my php version to 5.2+ so i can run phpmyadmin on my server. Ive tried two different methods both produced same results. First method was to download libxml2-2.7.3 and then do ./configure, make,etc then i download php, ./configure, make install, etc. At first i had to yum install make, then a c complier cause make and ./configure didnt work before that. After everything seemed to work fine until the end when it said you may have found a bug on php would you like to submit it? So obviously the php version didnt update at all.

Next i tried adding a repo that already contained php-5.2.5 and then yum install php since centos only seems to support regular yum install up to php version 5.1.6. i did rpm and installed php and thought sweet ive updated php. Ran php -v and i am still running php version 5.1.6.

View 14 Replies View Related

Updating Httpd-devel

Jul 1, 2008

We have dedicated server (Cpanel installed) in that I would like to install the mod_evasive for disabling the DOS attack. So that I have followed the below url


In that httpd-devel asked to update.
# up2date install httpd-devel*

When I update the httpd-devel I got message like

The following Packages were marked to be skipped by your configuration:

Name Version Rel Reason
httpd-devel 2.0.52 38.ent.2Pkg name/pattern

The following wildcards did not match any packages:

So that I have removed the pkg-skip list from up2date command

# vi /etc/sysconfig/rhn/up2date

and tryied to update

# up2date install httpd-devel*

Later I am getting the following message.

Fetching Obsoletes list for channel: rhel-i386-es-4...

Fetching Obsoletes list for channel: rhel-i386-es-4-extras...

Fetching rpm headers...

Name Version Rel
httpd-devel 2.0.52 38.ent.2 i386

An error has occurred:

View 4 Replies View Related

Webpage Not Updating On My Network

Feb 2, 2007

I was developing a website on my friend's server.

Due to some DNS problems we couldn't figure out how to resolve, I decided to just go commercial and bought a Dreamhost package.

I updated the nameservers and the DNS has since propagated. At work today, starting with the fresh, new root, I installed vbulletin and started configuring my website checking my progress live.

However, I get home and I go to my URL and it's still the same as it was when my website was hosted on my friend's server. With a DNS and WHOIS check, the nameservers definately propagated correctly. The FTP contents are the way they were at work. I've cleared all my cache and private data. However I STILL see the old "revert" of what my website USED to contain.

I called up a friend to go to my website and he says it's displaying what it should and verified that it's just on my side. How can I resolve this?

I've reset my router and modem and computer and cleared every temp and cache I know about.

View 0 Replies View Related

Auto Updating Postfix

Oct 21, 2007

I have searched the whole forum for help on this but couldnt find anything.

I have postfix running on a backup mx server for a plesk box. The backup mx does a very good job of reducing spam and virus to my plesk box thanks to mailscanner.

The problem i have now is i have to manually update postfix transport and relay_recipients file everytime a new domain is created in plesk. Do any one know how i can create a custom script that will pull domain information from my plesk box and will update postfix on the backup mx server. Maybe a website with information that can help.
i can always set a cron to run the postmap command to update the tables but i will need to update the respective files (transport, relay_recipients) first.

View 3 Replies View Related

MRTG Stats Updating

Oct 15, 2007

I have the following setup in cron for my MRTG stats:

0,10,20,30,40,50 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/bandwidth.cfg
0,11,21,31,41,51 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/cpu.cfg
0,12,22,32,42,52 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/cpu-temp.cfg
0,13,23,33,43,53 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/ping.cfg
0,15,25,35,45,55 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/memory.cfg
0,16,26,36,46,56 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/newconns.cfg
0,17,27,37,47,57 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/estabcons.cfg
0,18,28,38,48,58 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/ping2.cfg

But I'm not sure how much power it actually takes to generate theses MRTG stats... The server is a Celeron D 2.8Ghz, 512Mb ATA soft raid system. Do you think that I should update the stats less frequently to decrease the server usage?

View 3 Replies View Related

MRTG Stats Updating

Oct 15, 2007

I have the following setup in cron for my MRTG stats:

0,10,20,30,40,50 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/bandwidth.cfg
0,11,21,31,41,51 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/cpu.cfg
0,12,22,32,42,52 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/cpu-temp.cfg
0,13,23,33,43,53 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/ping.cfg
0,15,25,35,45,55 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/memory.cfg
0,16,26,36,46,56 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/newconns.cfg
0,17,27,37,47,57 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/estabcons.cfg
0,18,28,38,48,58 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/ping2.cfg

But I'm not sure how much power it actually takes to generate theses MRTG stats... The server is a Celeron D 2.8Ghz, 512Mb ATA soft raid system. Do you think that I should update the stats less frequently to decrease the server usage?

View 1 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved