The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Client denied by server configuration

Discussion in 'Security' started by sahostking, Jun 10, 2015.

  1. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    299
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    I noticed this tonight working on one of our servers which seemed to cause high diskio:
    Code:
    [Wed Jun 10 21:44:07.454501 2015] [access_compat:error] [pid 688223:tid 140362137986816] [client 5.189.133.161:59264] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:07.455714 2015] [access_compat:error] [pid 688223:tid 140362137986816] [client 5.189.133.161:59264] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
    [Wed Jun 10 21:44:07.844864 2015] [access_compat:error] [pid 688261:tid 140362043578112] [client 5.189.133.161:59493] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:07.846160 2015] [access_compat:error] [pid 688261:tid 140362043578112] [client 5.189.133.161:59493] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
    [Wed Jun 10 21:44:08.234826 2015] [access_compat:error] [pid 688250:tid 140362271758080] [client 5.189.133.161:59716] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:08.236149 2015] [access_compat:error] [pid 688250:tid 140362271758080] [client 5.189.133.161:59716] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
    [Wed Jun 10 21:44:08.625294 2015] [access_compat:error] [pid 688263:tid 140362240288512] [client 5.189.133.161:59947] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:08.626347 2015] [access_compat:error] [pid 688263:tid 140362240288512] [client 5.189.133.161:59947] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
    [Wed Jun 10 21:44:09.017554 2015] [access_compat:error] [pid 688250:tid 140362075047680] [client 5.189.133.161:60174] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:09.019254 2015] [access_compat:error] [pid 688250:tid 140362075047680] [client 5.189.133.161:60174] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
    [Wed Jun 10 21:44:09.410814 2015] [access_compat:error] [pid 688263:tid 140362106517248] [client 5.189.133.161:60400] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:09.413479 2015] [access_compat:error] [pid 688263:tid 140362106517248] [client 5.189.133.161:60400] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plug
    
    Seems it's an attack to plugins and wp-login.php for same domain. Who knows if this happens with other domain.

    But thats not my issue. My issue is how do I block it? Is there no setting to block it after certain amount? Any reason why mod security doesn't pickit up before? or is .htaccess rules before modsecurity?
     
    #1 sahostking, Jun 10, 2015
    Last edited by a moderator: Jun 10, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    There's a few threads on this on our forums. EX:

    https://forums.cpanel.net/threads/denied-brutforce-wp-login-php.392672/

    You can search for "wp-login.php" for some additional results. Let me know if this isn't helpful or if you have some additional questions not answered on those threads. Or, do you mean the previous rules are no longer working?

    Thank you.
     
  3. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    299
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    oops my mistake. Fixed it by adding the right conf file.
     
Loading...

Share This Page