Failed to start Apache SpamAssassin error

rendy alexander

Registered
Mar 14, 2019
1
0
0
Indonesia
cPanel Access Level
Root Administrator
(1)
Code:
[Tue Mar 12 23:04:12.746492 2019] [:error] [pid 26968:tid 46962332174080] [client 140.143.200.61:7253] [client 140.143.200.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "xx.xx.xx.xx"] [uri "/403.shtml"] [unique_id "[email protected]"]
[Tue Mar 12 23:04:12.746097 2019] [:error] [pid 26968:tid 46962332174080] [client 140.143.200.61:7253] [client 140.143.200.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "xx.xx.xx.xx"] [uri "/wp-config.php"] [unique_id "[email protected]"]
[Tue Mar 12 23:04:12.745960 2019] [:error] [pid 26968:tid 46962332174080] [client 140.143.200.61:7253] [client 140.143.200.61] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "xx.xx.xx.xx"] [uri "/wp-config.php"] [unique_id "[email protected]"]
[Tue Mar 12 23:03:33.392797 2019] [:error] [pid 26968:tid 46962315364096] [client 140.143.200.61:65426] [client 140.143.200.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): HTTP header is restricted by policy (%{MATCHED_VAR})"] [tag "event-correlation"] [hostname "localhost"] [uri "/403.shtml"] [unique_id "[email protected]"]
[Tue Mar 12 23:03:33.375762 2019] [:error] [pid 26968:tid 46962315364096] [client 140.143.200.61:65426] [client 140.143.200.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "localhost"] [uri "/"] [unique_id "[email protected]"]
[Tue Mar 12 23:03:33.375029 2019] [:error] [pid 26968:tid 46962315364096] [client 140.143.200.61:65426] [client 140.143.200.61] ModSecurity: Warning. String match within "/proxy/ /lock-token/ /content-range/ /translate/ /if/" at TX:header_name_if. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "480"] [id "920450"] [rev "2"] [msg "HTTP header is restricted by policy (/if/)"] [data " Restricted header detected: /if/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/HEADER_RESTRICTED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/12.1"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/12.1"] [hostname "localhost"] [uri "/"] [unique_id "[email protected]"]
[Tue Mar 12 23:02:19.089709 2019] [mpm_worker:notice] [pid 26960:tid 46962013946944] AH00292: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 configured -- resuming normal operations
[Tue Mar 12 23:02:18.970153 2019] [:notice] [pid 26957:tid 46962013946944] ModSecurity for Apache/2.9.2 ([URL='http://www.modsecurity.org/']ModSecurity: Open Source Web Application Firewall[/URL]) configured.
(2)
Code:
The subprocess "/usr/local/cpanel/scripts/restartsrv_spamd" reported error number 69 when it ended.

spamd.service start operation timed out. Terminating.
Failed to start Apache SpamAssassin™ deferral daemon.
Unit spamd.service entered failed state.
spamd.service failed.
Anyone can help ??
thank you.
 
Last edited by a moderator:

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,304
1,247
313
Houston
Hi @rendy alexander

is anything noted in the spamd error logs or cPanel error logs? They can be found in the following locations:

Code:
/usr/local/cpanel/logs/spamd_error_log
Code:
/usr/local/cpanel/logs/error_log