The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

gotroot rules makes apache to eat up all memory

Discussion in 'Security' started by hostnex, Aug 20, 2011.

Thread Status:
Not open for further replies.
  1. hostnex

    hostnex Well-Known Member

    Joined:
    May 2, 2008
    Messages:
    77
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Islamabad, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    we installed gotroot rules with mod security on couple of servers and apache started to eat up all memory which eventually make the servers down. if we use the default rules of cpanel then everything goes well. Anyone got any idea how we can fix it as cpanel own rules are very old and not effective and security is also on top priority.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You'll need to speak with GotRoot if you're having problems with their rulesets.
    This statement is incorrect.
     
  3. hostnex

    hostnex Well-Known Member

    Joined:
    May 2, 2008
    Messages:
    77
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Islamabad, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    if cpanel own rules are effective then why people use gotroot or other rules. when did you update the rules last time ? We even purchased light asl rules but still they denied to help in this matter. I dont know how other people are running gotroot rules and why they are not having memory leakage issues. We have tested gotroot rules on almost 5 servers and same result is coming on all. is there anyone who could help us in this matter.
     
  4. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    the rules eat a bit memory more but i dont have issues with memory leakage.
    to servers with 2 gig memory and more.
    with one gig memory there are issues
     
  5. hostnex

    hostnex Well-Known Member

    Joined:
    May 2, 2008
    Messages:
    77
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Islamabad, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    We have 12 Gigs of ram on each server. Even on 16 gigs of server it eats up all memory. Suddenly a apache nobody process starts and eventually eats up all memory . We have set KeepAlive Off in apache configurations but still nobody process eats up all available memory of the server even swap file too.
     
  6. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    on modsec2.user.conf which ruleset are you loading to apache?
    is that the free or the paid rules?
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    For added security of course. But, you must keep a close eye on things for a bit to tweak to fit your needs, watch for problems and decide if you want to remark out a certain rule or not is up to your needs.

    You can compare the latest main RuleSet from gotroot to cPanel's default rules if you like. I think you'd find them all but identical. When you add other RuleSet lists provided by GotRoot, you add more work to your day till you find which ones work for you and which ones take too much system resources, then tweak accordingly. There are special needs for a cPanel server that one might not have on some other server. GotRoot rules are not cPanel only rules.

    As I mentioned, if you've got a problem with GotRoot rules, you ask GotRoot. Even more so if you've purchased their product.

    If you see this problem using cPanel's default ruleset, put in a ticket to cPanel Support, they want to know about it I'm sure.
     
  8. hostnex

    hostnex Well-Known Member

    Joined:
    May 2, 2008
    Messages:
    77
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Islamabad, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    we dont have any problem with cpanel but recently when we were using cpanel rulset our one server got hacked. We installed Gotroot rules and it stopped happening but then we started to face memory leakage issue.
     
  9. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    well my frend i think you have to spend time to trigger your boxes and check which ruleset knocks apache down
    i have no idea about the paid staff since i use the free staff. Rules are not php frendly you need time to trigger the boxes and monitor which rules set to be disabled and adjustments on php.ini and modsec2.user.conf
    for the paid staff that you use here sergio found some things that can knock httpd down and disable them from modsec2.user.conf
    http://forums.cpanel.net/f185/modsecurity-auto-updater-147745-p9.html
     
  10. hostnex

    hostnex Well-Known Member

    Joined:
    May 2, 2008
    Messages:
    77
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Islamabad, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    Now We are using gotroot free ruleset and only two of them but still problem persists.

    50_asl_rootkits.conf
    99_asl_jitp.conf

    Is there anyone who can share their customized ASL light rules with us.
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    @k-planethost I've removed your post as it was not helpful here at all.
     
  12. hostnex

    hostnex Well-Known Member

    Joined:
    May 2, 2008
    Messages:
    77
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Islamabad, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    after hours investigation we have noticeed this is happening due to a conflict of gotroot rules with certain websites where bots submit 1000s of comments (obviously advertisement spamming). if we disable mod security for those websites then everything seems ok but its hard to know whcich website is being attacked and when it will take the server down. if anyone knows why gotroot rules conflict with such certain websites then plz share with us.
     
  13. hostnex

    hostnex Well-Known Member

    Joined:
    May 2, 2008
    Messages:
    77
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Islamabad, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    We will really appreciate if someone could help in this matter.
     
  14. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Try here, gotroot forums: atomicorp.com • Index page
     
  15. mikegotroot

    mikegotroot Well-Known Member

    Joined:
    Apr 29, 2008
    Messages:
    85
    Likes Received:
    1
    Trophy Points:
    8
    With all due respect, thats not correct. Cpanel does not include the gotroot rules and the cpanel rules are not identical to the gotroot rules.

    Did you mean the OWASP rules are identical to the cpanel rules?
     
    #15 mikegotroot, Aug 24, 2011
    Last edited: Aug 24, 2011
  16. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I'm going to close this thread. This discussion needs to take place at the proper location, which is gotroot's forum:

    atomicorp.com forum

    Please feel free to PM each other if you have questions about rules that aren't cPanel's rules.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page