The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTP login problem

Discussion in 'General Discussion' started by crazyaboutlinux, Apr 14, 2009.

  1. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    one of my client is facing to connect FTP server everyday.

    they have Dynamic ISP of BSNL
    BSNL is the India's Largest ISP provider

    we are using CSF 4.63 firewall so i just put their local ISP's IP addresss into etc/csf.allow/ file & they can able to login to FTP server

    but this problem is causing again once their local ISP's IP address gets changed it self

    so i just tell them that buy a new static IP instead of dyanmic but they do not agree with us & we don't want to add whole BSNL IP range in our server firewall this may cause problem to our server performance

    so whats the solutions for this
     
  2. big_bull

    big_bull Well-Known Member

    Joined:
    Nov 19, 2006
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    no need of any static IP, they must be using wrong credentials thats why their local IP got banned frequently.
     
  3. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    sounds like good.
    might be but i don't believe that they using wrong credentials everyday ???

    it could possible for 1 time , 2nd time , 3rd time but everyday it's not possible
     
  4. big_bull

    big_bull Well-Known Member

    Joined:
    Nov 19, 2006
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Yes Nilesh, you are right :)

    You must have forwarded root emails to specific email address.Please search the IP there and check the reason for getting blocked everytime.


    :) hope you will get the reason for IP block.
     
  5. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Hi Bull,

    how can i come to know this thing ? where can i put root email

    One more thing
    i got below details from /etc/csf.deny file

    59.96.145.59 # lfd: 5 (mod_security) login failures from 59.96.145.59 in the last 300 secs - Tue Apr 14 19:01:02 2009

    it may can help us guy's to resolve this issue
     
  6. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    also i got below details from mod_security under plugins menu

    Date - 2009-04-15
    Time - 16:12:59
    IP - 59.95.202.17
    GET - /type=text/javascript HTTP/1.1
    Host - domain.com
    Message - Access denied with code 406 (phase 2). Pattern match "(?:\b(?:eek:n(?:(?:mo(?:use(?:eek:(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)\b\W*?=|abort\b)|(?:l(?:eek:wsrc\b\W*?\b(?:(?:java|vb)script|shell)|ivescript)|(?:href|url)\b\W*?\b(?:(?:j ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "79"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack. Matched signature <type=text/javascript>"] [severity "CRITICAL"]

    Action - 406
     
  7. big_bull

    big_bull Well-Known Member

    Joined:
    Nov 19, 2006
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    In WHM >> Server Contacts >> Change System Mail Preferences >> root's mail and forward to your desired email address so that you can monitor activities.

    For mod security, just delete the code in /etc/httpd/conf/modsec2.conf
     
  8. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    Try after disabling mod_security for your client's domain. To disable it just add below code in .htaccess file:

    SecFilterEngine Off
    SecFilterScanPOST Off

    It is not recommended to disable it for the security reasons.
     
  9. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    is there any problem create to mt server if do this ??

    yes mod_security can not be disable for security reason.
     
  10. tuxicans

    tuxicans Active Member

    Joined:
    Oct 16, 2008
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    if you are using mod_security 2 try the following method.

    create the file,

    /usr/local/apache/conf/userdata/std/2/username/domain.com/mod_security.conf

    replace domain.com with your domain name and add,

    <IfModule mod_security.c>
    SecRuleEngine Off
    </IfModule>

    Save it.

    Then run:

    /scripts/ensure_vhost_includes –user=username
     
    #10 tuxicans, Apr 18, 2009
    Last edited: Apr 18, 2009
  11. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    thanks for your support but i think its very difficult to use


    As per thewebhosting comments

    SecFilterEngine Off
    SecFilterScanPOST Off

    it s not to hard
     
  12. tuxicans

    tuxicans Active Member

    Joined:
    Oct 16, 2008
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Hi Nilesh,

    As I mentioned those steps are required when you are using mod_security version 2. The steps provided by thewebhosting is for modsec version one. The settings for each versions are different.
     
  13. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Hi Tuxicans

    Thank you so much for the clarification.

    we are using mod security 2

    can you please elaborate your suggestion

    i am very confused in this please explain more about this
     
  14. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Hi Tuxican,

    please explain me how to create this file ????????
     
  15. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
  16. tuxicans

    tuxicans Active Member

    Joined:
    Oct 16, 2008
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Hi Nilesh,

    mkdir -p /usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN.COM
    Then create a mod_security conf file:

    touch /usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN.COM/mod_security.conf
    Now add the following directives,

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>
    Save the file and then run:

    /scripts/ensure_vhost_includes –user=USERNAME
     
  17. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Hi Tuxicans,

    this is really really very easy to use & you are doing fantastic job

    Thank you so much for this

    let me ask you one thing

    will it effect for one domain or all ??
     
  18. tuxicans

    tuxicans Active Member

    Joined:
    Oct 16, 2008
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Hi Nilesh,

    Thanks !

    This is only for one domain which you are mentioning while creating the directory structure.
     
  19. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Hi Tuxicans,

    i really obliged you.

    & thanks for accept my friend request.

    Bye !!

    have a nice day!
     
Loading...

Share This Page