Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Client denied by server configuration

Discussion in 'Security' started by sahostking, Jun 10, 2015.

  1. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    328
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    I noticed this tonight working on one of our servers which seemed to cause high diskio:
    Code:
    [Wed Jun 10 21:44:07.454501 2015] [access_compat:error] [pid 688223:tid 140362137986816] [client 5.189.133.161:59264] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:07.455714 2015] [access_compat:error] [pid 688223:tid 140362137986816] [client 5.189.133.161:59264] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
    [Wed Jun 10 21:44:07.844864 2015] [access_compat:error] [pid 688261:tid 140362043578112] [client 5.189.133.161:59493] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:07.846160 2015] [access_compat:error] [pid 688261:tid 140362043578112] [client 5.189.133.161:59493] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
    [Wed Jun 10 21:44:08.234826 2015] [access_compat:error] [pid 688250:tid 140362271758080] [client 5.189.133.161:59716] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:08.236149 2015] [access_compat:error] [pid 688250:tid 140362271758080] [client 5.189.133.161:59716] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
    [Wed Jun 10 21:44:08.625294 2015] [access_compat:error] [pid 688263:tid 140362240288512] [client 5.189.133.161:59947] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:08.626347 2015] [access_compat:error] [pid 688263:tid 140362240288512] [client 5.189.133.161:59947] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
    [Wed Jun 10 21:44:09.017554 2015] [access_compat:error] [pid 688250:tid 140362075047680] [client 5.189.133.161:60174] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:09.019254 2015] [access_compat:error] [pid 688250:tid 140362075047680] [client 5.189.133.161:60174] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plugins
    [Wed Jun 10 21:44:09.410814 2015] [access_compat:error] [pid 688263:tid 140362106517248] [client 5.189.133.161:60400] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-login.php
    [Wed Jun 10 21:44:09.413479 2015] [access_compat:error] [pid 688263:tid 140362106517248] [client 5.189.133.161:60400] AH01797: client denied by server configuration: /home/niudhut/public_html/wp-content/plug
    
    Seems it's an attack to plugins and wp-login.php for same domain. Who knows if this happens with other domain.

    But thats not my issue. My issue is how do I block it? Is there no setting to block it after certain amount? Any reason why mod security doesn't pickit up before? or is .htaccess rules before modsecurity?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 sahostking, Jun 10, 2015
    Last edited by a moderator: Jun 10, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,971
    Likes Received:
    1,824
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    There's a few threads on this on our forums. EX:

    https://forums.cpanel.net/threads/denied-brutforce-wp-login-php.392672/

    You can search for "wp-login.php" for some additional results. Let me know if this isn't helpful or if you have some additional questions not answered on those threads. Or, do you mean the previous rules are no longer working?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    328
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    oops my mistake. Fixed it by adding the right conf file.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice