modsecurity

  1. hrace009

    Modsecurity Vendor Rule

    Hello, I am not to much experience at mod_security. I have installed Commodo ModSecurity Vendor Rule Set. Should i disable or Enable build in cPanel rule set?
  2. P

    In Progress [EA-8605] Mod_Security and Mod_Ruid2 with persistent storage

    Hi everyone, 2016 and still no fix from cPanel. We need thoses brute force rules to work with ruid2 because we need the security of ruid2, and we are hosting lots of Wordpress sites and we need to protect /wp-login from brute force attack. We made it work by appliying the workarround we...
  3. C

    Error when installing Comodo as cPanel Vendor

    Got this error: Error:API failure: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd: Syntax error on line 44 of /usr/local/apache/conf/httpd.conf: Syntax error on line 22 of...
  4. W

    ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/ip"

    Hi I run two servers: Server1) CENTOS 6.8 x86_64 WHM 58.0 (build 26) mod security Easy Apache3 Server 2) CLOUDLINUX 6.8 x86_64 WHM 58.0 (build 27) mod security Easy Apache4 On both servers I have exactly the same custom mod security rules as follows (the paths are slightly different...
  5. hrace009

    ModSecurity Failed to lock proc mutex

    Hi, I got this error many times [Sun Sep 04 03:38:22.056288 2016] [:error] [pid 10763] [client 124.83.51.106] ModSecurity: Geo Lookup: Failed to lock proc mutex: Permission denied [hostname "www.domain.com"] [uri "/members/"] [unique_id "V8s0vrccqMv5koTYEm2t9wAAAAU"] [Sun Sep 04...
  6. M

    /var/cpanel/secdatadir/ip.pag file massive

    Does anyone know why the file /var/cpanel/secdatadir/ip.pag is constantly growing to huge sizes? I can rm /var/cpanel/secdatadir/ip.pag and within a day it's back up to 8GB and growing.
  7. verdon

    Seemingly unable to disable mod_security rule

    Hello, I have a mod_security rule (Comodo 220030) that I don't seem to be able to disable. I have it disabled in 'Home »Security Center »ModSecurity™ Tools » Rules List' and disabled in 'ConfigServer ModSecurity Control - cmc v2.04' Whitelist, and yet hits on the rule are still showing up in...
  8. S

    modsec errors

    Hello, I have these errors in my modsec log file. Are they normal or should I worry? [Tue Aug 09 12:23:46.751981 2016] [:error] [pid 25520:tid 140358038025984] [client 180.76.15.12] ModSecurity: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required...
  9. W

    mod_sec - best way to ID user agents to block?

    Hi Forum I am new here so greetings to all ! I'm working on the best way to identify and stop bad user agents. I've read multiple threads and googled a lot - so far it seems there is no "clear" or obvious best practice so to speak. At the moment I've implemented a mod_sec rule to include a...
  10. L

    ModSecurity Not Working After EasyApache4 Upgrade

    I upgraded to WHM/cPanel v. 58 this morning on a CENTOS 6.8 x86_64 virtuozzo system running Litespeed, then did the EasyApache4 migration. Both went relatively smoothly, but since the upgrades, ModSecurity shows nothing new in the hits list. I have a couple of custom rules that typically...
  11. R

    New EA4, modruid2 apache jailshell and modsec issue

    Because the location of the modsec_audit folder has changed with EA4 to be in the new apache folder under /etc/apache2/logs rather than under /usr/local where it was in EA3, if you use the combination of apache jailshell, modruid2 and EA4, modsecurity can't access the modsec_audit folder to...
  12. S

    v58, EasyApache 4 and modsecurity possibly not working.

    Hi. I made the switch to v58 and EasyApache 4 on or around July 23rd, 2016. To this date, /var/log/apache2/modsec_audit.log, /var/log/apache2/modsec_debug.log and the directory /var/log/apache2/modsec_audit are completely empty. I also got an e-mail from cPanel saying httpd failed the md5...
  13. L

    ModSecurity Rule to Block Country for One Domain Only?

    I've got geolocation set up and a ModSecurity rule that works to block a country, but what I need is to block the country only for a few domains. The security rules below are working, but block the country (I substituted "XX" for the correct country code for the country in question) on all...
  14. S

    Do not have root privileges. Executable not set-uid root?

    Hi. I just noticed I cannot get to my site at all. I'm looking at the /usr/local/apache/logs/error_log file and see a whole bunch of weird stuff. When I try going to my site, I get a Too many redirects error, however, I can still successfully access the WHM stuff. Here's what a snippet of...
  15. S

    Issues with modsecurity OWASP and false positives.

    I see in /usr/local/apache/logs/error_logs a lot of error messages. Here's a small chunk. [Mon Jul 18 19:19:34.821609 2016] [:error] [pid 6823] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file...
  16. A

    issue with modesecurity not enabling some owasp rules

    I have cpanel/whm 56 build 25, centos 5.11. I have mode security enabled. There are 5 rules (OWASP) not enabled. I try to enable them but they won't enable. It says: Warning: You have successfully enabled some of the configuration files. The files that the system failed to enable are marked...
  17. M

    mod_security Blocking Form Contents

    mod_security Blocking Form Contents (IE: Textboxes containing URL Links) If a TextBox has a URL (starting with HTTP) as its contents, submitting the form triggers a FORBIDDEN error, I have tracked this down to a setting in "mod_security" which is possibly designed to prevent SQL Injection...
  18. H

    Mod_security is being triggered

    Hello, My mod_security is being triggered from last couple of days for few sites. Even the server's IP is also comes in host name in some triggered list. Here are the details of few attacks : 1- Host: Sitename.com Request: GET...
  19. W

    Problem with Modsec after last update

    /etc/cron.hourly/modsecparse.pl: $ENV{lib::restrict-!-d_ok_in} is deprecated use $lib::restrict::d_ok_in at /usr/local/cpanel/Cpanel/lib.pm line 19. $ENV{lib::restrict-!-d_ok_in} is deprecated use $lib::restrict::d_ok_in at /usr/local/cpanel/Cpanel/lib.pm line 19. $ENV{lib::restrict-!-d_ok_in}...
  20. N

    Failed to create subdirectories error

    Hi there!! I get a huge amount of errors from apache: ModSecurity: Audit log: Failed to create subdirectories: /usr/local/apache/logs/modsec_audit/nobody/20160530/20160530-1505 (Permission denied) [hostname "www.xxxxxxxx.com"] [uri "xxxx.php"] [unique_id "xxxxxxxxxxxxxxxx"] I'm running apache...