Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Failed to start Apache SpamAssassin error

Discussion in 'General Discussion' started by rendy alexander, Mar 14, 2019.

  1. rendy alexander

    rendy alexander Registered

    Joined:
    Mar 14, 2019
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    (1)
    Code:
    [Tue Mar 12 23:04:12.746492 2019] [:error] [pid 26968:tid 46962332174080] [client 140.143.200.61:7253] [client 140.143.200.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "xx.xx.xx.xx"] [uri "/403.shtml"] [unique_id "XIfYfMPd8r1afqIO@UtGLAAAAJI"]
    [Tue Mar 12 23:04:12.746097 2019] [:error] [pid 26968:tid 46962332174080] [client 140.143.200.61:7253] [client 140.143.200.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "xx.xx.xx.xx"] [uri "/wp-config.php"] [unique_id "XIfYfMPd8r1afqIO@UtGLAAAAJI"]
    [Tue Mar 12 23:04:12.745960 2019] [:error] [pid 26968:tid 46962332174080] [client 140.143.200.61:7253] [client 140.143.200.61] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "xx.xx.xx.xx"] [uri "/wp-config.php"] [unique_id "XIfYfMPd8r1afqIO@UtGLAAAAJI"]
    [Tue Mar 12 23:03:33.392797 2019] [:error] [pid 26968:tid 46962315364096] [client 140.143.200.61:65426] [client 140.143.200.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): HTTP header is restricted by policy (%{MATCHED_VAR})"] [tag "event-correlation"] [hostname "localhost"] [uri "/403.shtml"] [unique_id "XIfYVcPd8r1afqIO@UtGFwAAAIo"]
    [Tue Mar 12 23:03:33.375762 2019] [:error] [pid 26968:tid 46962315364096] [client 140.143.200.61:65426] [client 140.143.200.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "localhost"] [uri "/"] [unique_id "XIfYVcPd8r1afqIO@UtGFwAAAIo"]
    [Tue Mar 12 23:03:33.375029 2019] [:error] [pid 26968:tid 46962315364096] [client 140.143.200.61:65426] [client 140.143.200.61] ModSecurity: Warning. String match within "/proxy/ /lock-token/ /content-range/ /translate/ /if/" at TX:header_name_if. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "480"] [id "920450"] [rev "2"] [msg "HTTP header is restricted by policy (/if/)"] [data " Restricted header detected: /if/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/HEADER_RESTRICTED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/12.1"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/12.1"] [hostname "localhost"] [uri "/"] [unique_id "XIfYVcPd8r1afqIO@UtGFwAAAIo"]
    [Tue Mar 12 23:02:19.089709 2019] [mpm_worker:notice] [pid 26960:tid 46962013946944] AH00292: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 configured -- resuming normal operations
    [Tue Mar 12 23:02:18.970153 2019] [:notice] [pid 26957:tid 46962013946944] ModSecurity for Apache/2.9.2 ([URL='http://www.modsecurity.org/']ModSecurity: Open Source Web Application Firewall[/URL]) configured.
    (2)
    Code:
    The subprocess "/usr/local/cpanel/scripts/restartsrv_spamd" reported error number 69 when it ended.
    
    spamd.service start operation timed out. Terminating.
    Failed to start Apache SpamAssassin™ deferral daemon.
    Unit spamd.service entered failed state.
    spamd.service failed.
    
    Anyone can help ??
    thank you.
     
    #1 rendy alexander, Mar 14, 2019
    Last edited by a moderator: Mar 14, 2019
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,734
    Likes Received:
    436
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @rendy alexander

    is anything noted in the spamd error logs or cPanel error logs? They can be found in the following locations:

    Code:
    /usr/local/cpanel/logs/spamd_error_log
    Code:
    /usr/local/cpanel/logs/error_log
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice