FTP login problem

[crazyaboutlinux]

one of my client is facing to connect FTP server everyday.

they have Dynamic ISP of BSNL
BSNL is the India's Largest ISP provider

we are using CSF 4.63 firewall so i just put their local ISP's IP addresss into etc/csf.allow/ file & they can able to login to FTP server

but this problem is causing again once their local ISP's IP address gets changed it self

so i just tell them that buy a new static IP instead of dyanmic but they do not agree with us & we don't want to add whole BSNL IP range in our server firewall this may cause problem to our server performance

so whats the solutions for this

 

[big_bull]

no need of any static IP, they must be using wrong credentials thats why their local IP got banned frequently.

 

[crazyaboutlinux]

sounds like good.
might be but i don't believe that they using wrong credentials everyday ???

it could possible for 1 time , 2nd time , 3rd time but everyday it's not possible

 

[big_bull]

Yes Nilesh, you are right

You must have forwarded root emails to specific email address.Please search the IP there and check the reason for getting blocked everytime.


hope you will get the reason for IP block.

 

[crazyaboutlinux]

Hi Bull,

You must have forwarded root emails to specific email address.Please search the IP there and check the reason for getting blocked everytime.

how can i come to know this thing ? where can i put root email

One more thing
i got below details from /etc/csf.deny file

59.96.145.59 # lfd: 5 (mod_security) login failures from 59.96.145.59 in the last 300 secs - Tue Apr 14 19:01:02 2009

it may can help us guy's to resolve this issue

 

[crazyaboutlinux]

also i got below details from mod_security under plugins menu

Date - 2009-04-15
Time - 16:12:59
IP - 59.95.202.17
GET - /type=text/javascript HTTP/1.1
Host - domain.com
Message - Access denied with code 406 (phase 2). Pattern match "(?:\b(?n(??:mo(?:use(?(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)\b\W*?=|abort\b)|(?:l(?wsrc\b\W*?\b(??:java|vb)script|shell)|ivescript)|(?:href|url)\b\W*?\b(??:j ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "79"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack. Matched signature <type=text/javascript>"] [severity "CRITICAL"]

Action - 406

 

[big_bull]

In WHM >> Server Contacts >> Change System Mail Preferences >> root's mail and forward to your desired email address so that you can monitor activities.

For mod security, just delete the code in /etc/httpd/conf/modsec2.conf

 

[thewebhosting]

Hi Bull,
59.96.145.59 # lfd: 5 (mod_security) login failures from 59.96.145.59 in the last 300 secs - Tue Apr 14 19:01:02 2009

Try after disabling mod_security for your client's domain. To disable it just add below code in .htaccess file:

SecFilterEngine Off
SecFilterScanPOST Off

It is not recommended to disable it for the security reasons.

 

[crazyaboutlinux]

Try after disabling mod_security for your client's domain. To disable it just add below code in .htaccess file:

SecFilterEngine Off
SecFilterScanPOST Off

is there any problem create to mt server if do this ??

It is not recommended to disable it for the security reasons.

yes mod_security can not be disable for security reason.

 

[tuxicans]

if you are using mod_security 2 try the following method.

create the file,

/usr/local/apache/conf/userdata/std/2/username/domain.com/mod_security.conf

replace domain.com with your domain name and add,

<IfModule mod_security.c>
SecRuleEngine Off
</IfModule>

Save it.

Then run:

/scripts/ensure_vhost_includes –user=username

 

[crazyaboutlinux]

thanks for your support but i think its very difficult to use


As per thewebhosting comments

SecFilterEngine Off
SecFilterScanPOST Off

it s not to hard

 

[tuxicans]

Hi Nilesh,

thanks for your support but i think its very difficult to use


As per thewebhosting comments

SecFilterEngine Off
SecFilterScanPOST Off

it s not to hard

As I mentioned those steps are required when you are using mod_security version 2. The steps provided by thewebhosting is for modsec version one. The settings for each versions are different.

 

[crazyaboutlinux]

Hi Tuxicans

Thank you so much for the clarification.

we are using mod security 2

can you please elaborate your suggestion

create the file,

/usr/local/apache/conf/userdata/std/2/username/domain.com/mod_security.conf

replace domain.com with your domain name and add,

<IfModule mod_security.c>
SecRuleEngine Off
</IfModule>

Save it.

Then run:

/scripts/ensure_vhost_includes –user=username

i am very confused in this please explain more about this

 

[crazyaboutlinux]

if you are using mod_security 2 try the following method.

create the file,

/usr/local/apache/conf/userdata/std/2/username/domain.com/mod_security.conf

replace domain.com with your domain name and add,

<IfModule mod_security.c>
SecRuleEngine Off
</IfModule>

Save it.

Then run:

/scripts/ensure_vhost_includes –user=username

Hi Tuxican,

please explain me how to create this file ????????

 

[cPanelDavidG]

Hi Tuxican,

please explain me how to create this file ????????

There's some details on this topic of adding stuff to httpd.conf in the following documentation: http://www.cpanel.net/documentation/easyapache/customdirectives.html

 

[tuxicans]

Hi Nilesh,

mkdir -p /usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN.COM
Then create a mod_security conf file:

touch /usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN.COM/mod_security.conf
Now add the following directives,

<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Save the file and then run:

/scripts/ensure_vhost_includes –user=USERNAME

 

[crazyaboutlinux]

Hi Tuxicans,

this is really really very easy to use & you are doing fantastic job

Thank you so much for this

let me ask you one thing

will it effect for one domain or all ??

 

[tuxicans]

Hi Nilesh,

Thanks !

This is only for one domain which you are mentioning while creating the directory structure.

 

[crazyaboutlinux]

Hi Tuxicans,

i really obliged you.

& thanks for accept my friend request.

Bye !!

have a nice day!