Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

block userAgent on server, with mod_security?

Discussion in 'Security' started by upsforum, Nov 26, 2013.

  1. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    470
    Likes Received:
    0
    Trophy Points:
    166
    What is best solution for block specific userAgent on all websites of server? I have any client that use joomla with old versions insicure, for example this vulnerability:

    POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1" 200 10 "-" "BOT/0.1 (BOT for JCE)"

    what is best solution for block it on all accounts of server?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 upsforum, Nov 26, 2013
  2. Deehem

    Deehem Member
    PartnerNOC

    Joined:
    Jul 6, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Preston, UK
    cPanel Access Level:
    DataCenter Provider
    Instead of using modsec to achieve this, you could use bad-bot-blocker in a global .htaccess file.

    An example of b-b-b can be found here.
     
    #2 Deehem, Nov 26, 2013
  3. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    470
    Likes Received:
    0
    Trophy Points:
    166
    can I post this also in Apache Configuration -> Include Editor -> Post VirtualHost Include right?

    thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 upsforum, Nov 26, 2013
  4. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    470
    Likes Received:
    0
    Trophy Points:
    166
    I added in /home/.htaccess but get a internal server error
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 upsforum, Nov 26, 2013
  5. Deehem

    Deehem Member
    PartnerNOC

    Joined:
    Jul 6, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Preston, UK
    cPanel Access Level:
    DataCenter Provider
    Do you have the correct permissions on that file? What does the apache error_log file say?

    644 should suffice for /home/.htaccess :)
     
    #5 Deehem, Nov 26, 2013
  6. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    470
    Likes Received:
    0
    Trophy Points:
    166
    I removed ips and now work fine, thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 upsforum, Nov 26, 2013
  7. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    These are the rules I use for that attack:
    Code:
    
#Joomla com_jce exploit
SecRule HTTP_User-Agent "BOT for JCE" "deny,status:500,id:5000218,msg:'Joomla com_jce code exec'"

#Joomla com_jce exploit
SecRule REQUEST_URI "/images/stories/.+\.php" "deny,status:500,id:5000219,msg:'Joomla com_jce code exec'"
    The first blocks the user agent. That exploit puts PHP files into site.com/images/stories/something.php if it is successful, so the 2nd rule blocks access to those in case they change user agent.

    Even with the .htaccess or this first rule, you should still use the 2nd rule. Changing user agents is very simple.
     
    #7 quizknows, Nov 26, 2013
    Last edited: Nov 26, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - block userAgent server
  1. pixelaté

    SMTP Restrictions Disabled but Still Blocked

    pixelaté, Aug 14, 2018 at 11:21 PM, in forum: Security
    Replies:
    3
    Views:
    37
    pixelaté
    Aug 15, 2018 at 8:39 PM
  2. Znuff

    Same-domain impersonation increases deferred count, triggering domain-wide blocking

    Znuff, Aug 13, 2018 at 6:00 AM, in forum: E-mail Discussion
    Replies:
    2
    Views:
    57
    Znuff
    Aug 16, 2018 at 5:08 AM
  3. Vipin Haridas

    SpamAssassin not blocking emails with invalid SPF?

    Vipin Haridas, Aug 10, 2018 at 5:42 AM, in forum: E-mail Discussion
    Replies:
    1
    Views:
    47
    cPanelLauren
    Aug 13, 2018 at 11:31 AM
  4. Usif Nasirov

    SOLVED Can't find cause of CBL blocking

    Usif Nasirov, Aug 2, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    65
    cPanelMichael
    Aug 2, 2018
  5. Jason Richmond

    Block all incoming SMTP except from ip's of my spam filter service

    Jason Richmond, Jul 31, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    46
    cPanelLauren
    Aug 1, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice