The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

From which file CPanel reads the logs for mod_security?

Discussion in 'cPanel Developers' started by chris_j, May 6, 2006.

  1. chris_j

    chris_j Member

    Joined:
    Oct 14, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    In my WHM, when I click on the addon "Mod Security", I see the list of denied items as expected. I wish to know from which file exactly CPanel reads these info? I am using FreeBSD-5.4. Basically, I am trying to block the IPs that frequently show up in this "hacking" list. Thanks for your help in advance.
     
  2. Beermonster

    Beermonster Member

    Joined:
    Mar 27, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Click on the mod_security link in WHM then at the top you will see a Edit Config button click on that and in the text box put this

    SecFilterSelective "REMOTE_ADDR" "^xx.xx.xx.xx" "deny,log,status:412"

    xx.xx.xx.xx = IP of cause :) or for a range change it to xx.xx.*$.*$
     
  3. chris_j

    chris_j Member

    Joined:
    Oct 14, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Actually, I am trying to deny the hacking attempts at the firewall (IPFW) level, so that the hacker's IP never reaches the box again to try his new tricks. So, I was looking for the file from which CPanel actually reads the list. Any idea??
     
  4. avijit

    avijit Well-Known Member

    Joined:
    Jul 26, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    An hourly cron /etc/cron.hourly/modsecparse.pl checks the /usr/local/apache/logs/audit_log and parses it for the banning the ips/hosts.
     
  5. chris_j

    chris_j Member

    Joined:
    Oct 14, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Thanks, that's exactly what I was looking for. :)
     
Loading...

Share This Page