Updating Mod_Security Rules
May 1, 2009How can I update mod_security rules in Cpanel/WHM server from gotroot.com?
View 3 Replies
ADVERTISEMENT
Mod_security Rules
May 25, 2009Is it possible to disable a particular mod_security rule for particular directory or the rules are global?
View 4 Replies View RelatedMod_security Rules In WHM
Aug 15, 2008I just installed mod_security via WHM, and want to know what rule should I enter to prevent some URLs from being opened.
For example, if URL contains word "abc" (like domain.com/some_folder/abc/file.php), it should not be opened.
How To Set The Rules Of MOD_Security
Jun 4, 2008how to set the rules of MOD_Security.
Another question for professionals:
Q: What are the best rules to secure my server? I'd appreciate if you managed to attach these rules to your replies. // FYI, I host VBulletin portals.
Mod_security 2 Rules
Feb 25, 2008make this rules work on apache 2 mod_security 2?
View 4 Replies View RelatedMod_security 2 Rules
Dec 17, 2008Any good secure rules for mod_security 2 that work well for shared servers?
Can someone share what rules you are using to secure your shared servers. Have tried a few different sets of rules, but a few customers always end up with errors and disabling it for their domain name doesn't sound like a safer option for them or the server.
Share your mod_sec 2 rules.
Mod_security 2 Rules
May 10, 2008Is there any difference with the old one?
I have a customized modsecurity.conf file in my old Apache 1.3 server. Is it ok to copy it to new modsec2.conf?
Setting The Right Rules For Mod_Security
Nov 6, 2009We were recently hacked on our dedicated server and the hacker managed to insert php files that generated thousands of doorway pages in one of our images folder on our site. We have done an extensive cleanup of our site, removing all malicious files and are locking down the server. We have already updated to the latest versions of PHP and Wordpress,not to mention change all database passwords and admin password. My question is about mod_security for apache.
We were told Mod_security can prevent this from happening again but it must be configured correctly.
We have already set rules for mod_security. The rules set up are in the files in the directory, /etc/httpd/modsecurity.d/modsec. We were told that the file 10_asl_rules.conf specifically has filters to prevent SQL injection attacks.
These are are current rules:
----------------------------------------------------------------------
/etc/httpd/modsecurity.d/modsec
# ls
05_asl_exclude.conf 30_asl_antispam.conf domain-blacklist-local.txt malware-blacklist.txt
05_asl_scanner.conf 30_asl_antispam_referrer.conf domain-blacklist.txt sql.txt
10_asl_antimalware.conf 40_asl_apache2-rules.conf domain-spam-whitelist.conf trusted-domains.conf
10_asl_rules.conf 50_asl_rootkits.conf domain-spam-whitelist.txt trusted-domains.txt
11_asl_data_loss.conf 60_asl_recons.conf malware-blacklist-high.txt whitelist.txt
20_asl_useragents.conf 99_asl_exclude.conf malware-blacklist-local.txt
30_asl_antimalware.conf 99_asl_jitp.conf malware-blacklist-low.txt
-----------------------------------------------------------------
I can do to prevent this or tune up apache mod_security from letting this happen again. We are so paranoid that we are now checking our access log files for POST commands every day?
Gotroot Rules With Mod_security
Jul 2, 2009Im using a vps with centos 5 and cpanel/whm with apache 2.2.
Im tring to figure out how to use the gotroot rules with mod_security. I had enabled mod_security with easy apache. I tried to follow some other post had I found around on other forums with no luck really, with that said I am a linux noob. I had tried to follow the wiki on atomic sites <-- not enof post so I cant do links sorry, but I found it hard to under stand cause I dont have a modsecurity.config file that I can find, also I cant find AddModule mod_security.c in my httpd.config, but I did find this line, Include "/usr/local/apache/conf/modsec2.conf". My thing is im looking for a complete noob guide on how to use gotroot rules with mod_security enabled through easy apache, or would it be easyer to manully install mod_security?
Mod_security Rules & 500 Error
Nov 4, 2009I am having the Modsec 2.5.9 I am using the defaults rules by the cpanel when i try to update the rules along with default rules given by the cpanel i am getting internal server error (500 Error)
The rules i tried to implement are from
Quote:
[url]
Best Mod_security Rules Site
Apr 29, 2008I doubt anyone is writing their own rules so what do you think is the best site for mod_security rules which are strong but also do not result in many false positives.
I know of [url] posts rules but is there anyone else worth mentioning?
C99Shell :: Attack Rules For Mod_security
Oct 3, 2007i want to prevent c99shell scripts from running.
I found this rule to detect URI's for the c99 shell.
#new kit
SecFilterSelective REQUEST_URI "/c99shell.txt"
SecFilterSelective REQUEST_URI "/c99.txt?"
My problem is that the hackers are being more stealthy and calling the
script some random name like .../myphpstuff.php. So the URI no longer helps detect it.
How could I detect "c99shell" in the actual file that apache servers? This assumes that the hacker was successfully in installing it.
my box
Apache 1.3.37
WHM 11.2.0 cPanel 11.11.0-R16983
FEDORA 5 i686 - WHM X v3.1.0
Redistribuable And DFSG-free Mod_security Rules
Mar 23, 2009I'm the main author of a control panel, and we are working toward security enforcement. So we are looking at what kinds of rules we can add in mod_security.
The issue is that our control panel is open source, and that, even if I have found some nice mod_security rule sets on the internet (for example at gotroot.com), I need to get some that are FREE (as freedom), and that I can include in our project.
What I am looking for is application specific rules (like the ones preventing phpBB highlight insertions, for example), so having someone using an old version of a given software on his hosting space is not an issue anymore.
Mod_security With Gotroot Rules Filtering Out Firefox
Feb 4, 2008I just wanted to confirm if you guys had the same problem. It seems that mod_security with gotroot rules for apache 1.3 is filtering out firefox. Everything works fine with IE. With the latest firefox I get this for any page requested:
mod_security-message: Access denied with code 500. Pattern match "^GET (http|https|ftp):/" at THE_REQUEST [severity "EMERGENCY"]
Fantastico Updating?
Jun 12, 2008I recently had Fantastico update issues, my fantistico was giving me errors such as "This feature is currently not availabel, please contact your host." lol
I tried lodging a CRON job to do the update ...but waited 72 hours and nothing ! lol
Later i found our that the Fantastico licensing server was down for a while lol
Any one had this issue lately ... ?
Ftp Dead After Updating Vps By Yum
Feb 10, 2009i just installed rpmforge repo and updated the my vps everything went fine now every thing is fine exept ftp i have tried both pure-ftp and pro-ftp both are not workingh the port 21 is used by xinetd i am not able to find out what to due the ftp installs successfully but after installations is done it give Failed on restarting stopping or starting
WHat can i do to remove this i used the status command to
/etc/init.d/pureftpd status
Pureftpd is dead
this is what i got
Pro-ftpd gives error unable to bind ip at port 21
Updating My Security
Jul 26, 2008I'm trying to figure out which security measures to apply to my new server. I last tweaked security on a web server four years ago, and it seems like these days cPanel does automatically much that I did manually before. CSF seems to help with a lot of the rest.
I know chrooted BIND was all the rage, for example, four years ago, but now I can hardly find mention of it. Is it still worth it?
also, thoughts on changing the SSH port? Is that really worth it? I presume that means users would manually have to specify the SSH port every time they wished to connect...
Bandmin Is Not Updating
Feb 2, 2007I have just got the new server adn I tried to check bandwidth usage via 'Bandmin' but it seems like not updating because its all 0,
Last updated Fri Feb 2 21:00:04 2007
Ip Possible Domain(s) Transfer in gig Transfer in meg Transfer in kbit/s Transfer in kb/s Transfer in mbit/s
Total in 0.000000 0 0.000000 0.000000 0.000000
What Is A Kernel And When Does It Need Updating
May 25, 2007What exactly is a kernel and when will we need to ask the server management to update it? Read quite a few posts here indicating that kernel's were vulnerable to security issues. Still trying to learn all the to do's for hosting websites on a dedicated server.
View 5 Replies View RelatedStats Not Updating
Jul 11, 2007root@server [/scripts]# ./runweblogs username
Log checker loaded ok..
==> WARNING: The configured processor count does not match the
==> actual processor count (4)! Running log analysis programs
==> on this system may cause excessive load! You should set "extracpus"
==> to "0" in /var/cpanel/cpanel.config if this is not ok.
==> cPanel Log Daemon version 22.2
==> Shared RRDTOOL support enabled
==> Starting cpbandwd (bandwidth monitoring for IMAP/POP)
cpbandwd is already running.
Processing eldred...
Run Logs domain: domain.com BW Limit: 262144000000 Domains: [save.domain.com save.info store.domain.com]
Stats are not updating for this account. I ran this twice, keeps getting stuck at this line forever..
Run Logs domain: domain.com BW Limit: 262144000000 Domains: [save.domain.com save.info store.domain.com]
Awstats Not Updating Frequently Enough
Jan 11, 2009My Awstats is updating every other day and I would like it to up date daily.
I am in my third month of hosting and in about first 2 months, Awstats would update every day.
I have searched and read where it is possible to get Awstats to update manualy but it seems that my scenario isn't the same as everyone else's.
I am accessing my Awstats through CPanel and there is no way that I see to modify when Awstats updates.
Php Not Updating After Php Update On Centos
Jul 14, 2009im trying to update my php version to 5.2+ so i can run phpmyadmin on my server. Ive tried two different methods both produced same results. First method was to download libxml2-2.7.3 and then do ./configure, make,etc then i download php, ./configure, make install, etc. At first i had to yum install make, then a c complier cause make and ./configure didnt work before that. After everything seemed to work fine until the end when it said you may have found a bug on php would you like to submit it? So obviously the php version didnt update at all.
Next i tried adding a repo that already contained php-5.2.5 and then yum install php since centos only seems to support regular yum install up to php version 5.1.6. i did rpm and installed php and thought sweet ive updated php. Ran php -v and i am still running php version 5.1.6.
Updating Httpd-devel
Jul 1, 2008We have dedicated server (Cpanel installed) in that I would like to install the mod_evasive for disabling the DOS attack. So that I have followed the below url
[url]
In that httpd-devel asked to update.
# up2date install httpd-devel*
When I update the httpd-devel I got message like
The following Packages were marked to be skipped by your configuration:
Name Version Rel Reason
-------------------------------------------------------------------------------
httpd-devel 2.0.52 38.ent.2Pkg name/pattern
The following wildcards did not match any packages:
httpd-devel*
So that I have removed the pkg-skip list from up2date command
# vi /etc/sysconfig/rhn/up2date
and tryied to update
# up2date install httpd-devel*
Later I am getting the following message.
Fetching Obsoletes list for channel: rhel-i386-es-4...
Fetching Obsoletes list for channel: rhel-i386-es-4-extras...
Fetching rpm headers...
########################################
Name Version Rel
----------------------------------------------------------
httpd-devel 2.0.52 38.ent.2 i386
An error has occurred:
xmlrpclib.Fault
Webpage Not Updating On My Network
Feb 2, 2007I was developing a website on my friend's server.
Due to some DNS problems we couldn't figure out how to resolve, I decided to just go commercial and bought a Dreamhost package.
I updated the nameservers and the DNS has since propagated. At work today, starting with the fresh, new root, I installed vbulletin and started configuring my website checking my progress live.
However, I get home and I go to my URL and it's still the same as it was when my website was hosted on my friend's server. With a DNS and WHOIS check, the nameservers definately propagated correctly. The FTP contents are the way they were at work. I've cleared all my cache and private data. However I STILL see the old "revert" of what my website USED to contain.
I called up a friend to go to my website and he says it's displaying what it should and verified that it's just on my side. How can I resolve this?
I've reset my router and modem and computer and cleared every temp and cache I know about.
Auto Updating Postfix
Oct 21, 2007I have searched the whole forum for help on this but couldnt find anything.
I have postfix running on a backup mx server for a plesk box. The backup mx does a very good job of reducing spam and virus to my plesk box thanks to mailscanner.
The problem i have now is i have to manually update postfix transport and relay_recipients file everytime a new domain is created in plesk. Do any one know how i can create a custom script that will pull domain information from my plesk box and will update postfix on the backup mx server. Maybe a website with information that can help.
i can always set a cron to run the postmap command to update the tables but i will need to update the respective files (transport, relay_recipients) first.
MRTG Stats Updating
Oct 15, 2007I have the following setup in cron for my MRTG stats:
0,10,20,30,40,50 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/bandwidth.cfg
0,11,21,31,41,51 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/cpu.cfg
0,12,22,32,42,52 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/cpu-temp.cfg
0,13,23,33,43,53 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/ping.cfg
0,15,25,35,45,55 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/memory.cfg
0,16,26,36,46,56 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/newconns.cfg
0,17,27,37,47,57 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/estabcons.cfg
0,18,28,38,48,58 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/ping2.cfg
But I'm not sure how much power it actually takes to generate theses MRTG stats... The server is a Celeron D 2.8Ghz, 512Mb ATA soft raid system. Do you think that I should update the stats less frequently to decrease the server usage?
MRTG Stats Updating
Oct 15, 2007I have the following setup in cron for my MRTG stats:
0,10,20,30,40,50 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/bandwidth.cfg
0,11,21,31,41,51 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/cpu.cfg
0,12,22,32,42,52 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/cpu-temp.cfg
0,13,23,33,43,53 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/ping.cfg
0,15,25,35,45,55 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/memory.cfg
0,16,26,36,46,56 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/newconns.cfg
0,17,27,37,47,57 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/estabcons.cfg
0,18,28,38,48,58 * * * * env LANG=C ../../mrtg-2/bin/mrtg ../...stats/ping2.cfg
But I'm not sure how much power it actually takes to generate theses MRTG stats... The server is a Celeron D 2.8Ghz, 512Mb ATA soft raid system. Do you think that I should update the stats less frequently to decrease the server usage?