gotroot rules makes apache to eat up all memory

Status
Not open for further replies.

hostnex

Well-Known Member
May 2, 2008
77
1
58
Islamabad, Pakistan, Pakistan
cPanel Access Level
Root Administrator
we installed gotroot rules with mod security on couple of servers and apache started to eat up all memory which eventually make the servers down. if we use the default rules of cpanel then everything goes well. Anyone got any idea how we can fix it as cpanel own rules are very old and not effective and security is also on top priority.
 

hostnex

Well-Known Member
May 2, 2008
77
1
58
Islamabad, Pakistan, Pakistan
cPanel Access Level
Root Administrator
if cpanel own rules are effective then why people use gotroot or other rules. when did you update the rules last time ? We even purchased light asl rules but still they denied to help in this matter. I dont know how other people are running gotroot rules and why they are not having memory leakage issues. We have tested gotroot rules on almost 5 servers and same result is coming on all. is there anyone who could help us in this matter.
 

hostnex

Well-Known Member
May 2, 2008
77
1
58
Islamabad, Pakistan, Pakistan
cPanel Access Level
Root Administrator
the rules eat a bit memory more but i dont have issues with memory leakage.
to servers with 2 gig memory and more.
with one gig memory there are issues
We have 12 Gigs of ram on each server. Even on 16 gigs of server it eats up all memory. Suddenly a apache nobody process starts and eventually eats up all memory . We have set KeepAlive Off in apache configurations but still nobody process eats up all available memory of the server even swap file too.
 

Infopro

Well-Known Member
May 20, 2003
17,090
518
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
if cpanel own rules are effective then why people use gotroot or other rules.
For added security of course. But, you must keep a close eye on things for a bit to tweak to fit your needs, watch for problems and decide if you want to remark out a certain rule or not is up to your needs.

You can compare the latest main RuleSet from gotroot to cPanel's default rules if you like. I think you'd find them all but identical. When you add other RuleSet lists provided by GotRoot, you add more work to your day till you find which ones work for you and which ones take too much system resources, then tweak accordingly. There are special needs for a cPanel server that one might not have on some other server. GotRoot rules are not cPanel only rules.

when did you update the rules last time ? We even purchased light asl rules but still they denied to help in this matter. I dont know how other people are running gotroot rules and why they are not having memory leakage issues. We have tested gotroot rules on almost 5 servers and same result is coming on all. is there anyone who could help us in this matter.
As I mentioned, if you've got a problem with GotRoot rules, you ask GotRoot. Even more so if you've purchased their product.

If you see this problem using cPanel's default ruleset, put in a ticket to cPanel Support, they want to know about it I'm sure.
 

hostnex

Well-Known Member
May 2, 2008
77
1
58
Islamabad, Pakistan, Pakistan
cPanel Access Level
Root Administrator
If you see this problem using cPanel's default ruleset, put in a ticket to cPanel Support, they want to know about it I'm sure.
we dont have any problem with cpanel but recently when we were using cpanel rulset our one server got hacked. We installed Gotroot rules and it stopped happening but then we started to face memory leakage issue.
 

k-planethost

Well-Known Member
Sep 22, 2009
199
10
68
Athens Greece
well my frend i think you have to spend time to trigger your boxes and check which ruleset knocks apache down
i have no idea about the paid staff since i use the free staff. Rules are not php frendly you need time to trigger the boxes and monitor which rules set to be disabled and adjustments on php.ini and modsec2.user.conf
for the paid staff that you use here sergio found some things that can knock httpd down and disable them from modsec2.user.conf
http://forums.cpanel.net/f185/modsecurity-auto-updater-147745-p9.html
 

hostnex

Well-Known Member
May 2, 2008
77
1
58
Islamabad, Pakistan, Pakistan
cPanel Access Level
Root Administrator
well my frend i think you have to spend time to trigger your boxes and check which ruleset knocks apache down
i have no idea about the paid staff since i use the free staff. Rules are not php frendly you need time to trigger the boxes and monitor which rules set to be disabled and adjustments on php.ini and modsec2.user.conf
for the paid staff that you use here sergio found some things that can knock httpd down and disable them from modsec2.user.conf
http://forums.cpanel.net/f185/modsecurity-auto-updater-147745-p9.html
Now We are using gotroot free ruleset and only two of them but still problem persists.

50_asl_rootkits.conf
99_asl_jitp.conf

Is there anyone who can share their customized ASL light rules with us.
 

hostnex

Well-Known Member
May 2, 2008
77
1
58
Islamabad, Pakistan, Pakistan
cPanel Access Level
Root Administrator
after hours investigation we have noticeed this is happening due to a conflict of gotroot rules with certain websites where bots submit 1000s of comments (obviously advertisement spamming). if we disable mod security for those websites then everything seems ok but its hard to know whcich website is being attacked and when it will take the server down. if anyone knows why gotroot rules conflict with such certain websites then plz share with us.
 

mikegotroot

Well-Known Member
Verifed Vendor
Apr 29, 2008
85
1
58
You can compare the latest main ruelset from gotroot to cPanels default rules if you like. I think you'd find them all but identical.
With all due respect, thats not correct. Cpanel does not include the gotroot rules and the cpanel rules are not identical to the gotroot rules.

Did you mean the OWASP rules are identical to the cpanel rules?
 
Last edited:

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
I'm going to close this thread. This discussion needs to take place at the proper location, which is gotroot's forum:

atomicorp.com forum

Please feel free to PM each other if you have questions about rules that aren't cPanel's rules.
 
Status
Not open for further replies.