The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

is it possible to block this

Discussion in 'Security' started by keat63, Feb 23, 2017.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    875
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Is there any way to block things like this.

    [Thu Feb 23 13:31:52 2017] [error] [client -IP] File does not exist: /usr/local/apache/htdocs/PMA
    [Thu Feb 23 13:31:52 2017] [error] [client -IP ] File does not exist: /usr/local/apache/htdocs/sql
    [Thu Feb 23 13:31:52 2017] [error] [client -IP] File does not exist: /usr/local/apache/htdocs/dbadmin

    I have csf configured to block the IP upon 60 occurances, but it would be nice to have a rule that would block them the instance they tried to access areas such as /USR.
     
  2. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    They don't have control over accessing /usr its just because they are 'scanning' for potential vulnerable applications by using your IP or server hostname which the docroot is set to /usr/local/apache/htdocs

    There is most likely mod_sec rules that catch this, but will need to research a bit.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    875
    Likes Received:
    25
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I read the above link, but it was pretty much inconclusive.
    I do have Comodo WAF installed, which has a userdata section.

    Does anyone know enough about Comodo, as again, I couldn't find anything definitive.

    There's a section named 'Blocked URL's' This list allows to block access to specified URLs on your site.
    If I were to populate this with /usr/local/apache, would this do the trick ?
     
Loading...

Share This Page