SOLVED just got an email reported modifications: new account [saslauthd] has been created - mins after installing mod_evasive?

Spirogg · May 12, 2022

ok so I wanted to install mod_evasive -

So I head over to ea4 and installed it.

couple mins later i get email showing

Reported modification
New account [saslauthd] has been created with uid:[982] gid:[76] login:[/run/saslauthd] shell:[/sbin/nologin]

so was this from mod_evasive getting installed?

cause I did not see any pre-requisite when i clicked on mod_evasive.

just making sure this is part of that update or what else could be the cause if this

thanks

just weird that i got email notification right after installing the mod evasive

Spirogg · May 12, 2022

ok I tried it on my dev install and yes I missed that part that all these files are getting installed..
sorry Si i am assuming its part of the pkg

Please review the following list of packages you are about to install by provisioning this profile.

apr-devel
apr-util-devel
cyrus-sasl
cyrus-sasl-devel
devel
libdb-devel
mod_evasive
openldap-devel

thanks and sorry for the post

Spiro

Spirogg · May 12, 2022

PS on Ubuntu when selecting mod_evasive
these are the extras it installs

Please review the following list of packages you are about to install by provisioning this profile.

apr-devel
apr-util-devel
devel
libdb5.3-dev
libldap2-dev
mod-evasive

no saslauthd

Spirogg · May 12, 2022

to test it from root#
mkdir test
cd /test
nano test.pl
copy and paste this below

Code:

#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO::Socket;
use strict;

for(0..100) {
  my($response);
  my($SOCKET) = new IO::Socket::INET( Proto   => "tcp",
                                      PeerAddr=> "127.0.0.1:80");
  if (! defined $SOCKET) { die $!; }
  print $SOCKET "GET /?$_ HTTP/1.0\n\n";
  $response = <$SOCKET>;
  print $response;
  close($SOCKET);
}

then ctrl + x
then select Y foy yes then click enter and enter again (saved!)

then run from root#
/usr/bin/perl test.pl
output should be

Code:

[email protected]:~/test# /usr/bin/perl test.pl
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request

this means its working
read this for more info

Apache Module: Evasive | cPanel & WHM Documentation

This module provides DoS, DDoS, and brute force attack protection.

docs.cpanel.net

thanks for the great docs in cPanel

cPRex · May 12, 2022

I'm glad you were able to confirm that wasn't a security issue!

Thread starter	Similar threads	Forum	Replies	Date
	SOLVED Just got email from csf that httpd got deleted ?	Installation & Updates	3	Apr 20, 2022
N	SSL instalation got an error. Any help?	Installation & Updates	1	Dec 10, 2021
D	What were the three options screen you got when updated to 11.34 again?	Installation & Updates	1	Dec 7, 2012
S	After doing upcp, got an internal server error when access /cpanel or /wh	Installation & Updates	1	Aug 6, 2012
S	i got this error	Installation & Updates	2	May 8, 2011

Search

Search

SOLVED just got an email reported modifications: new account [saslauthd] has been created - mins after installing mod_evasive?

Spirogg

Well-Known Member

Spirogg

Well-Known Member

Spirogg

Well-Known Member

Spirogg

Well-Known Member

Apache Module: Evasive | cPanel & WHM Documentation

cPRex

Jurassic Moderator