The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logging POST Data with Dump_IO

Discussion in 'General Discussion' started by NetShapersInc, Jul 31, 2013.

  1. NetShapersInc

    NetShapersInc Member

    Joined:
    Apr 13, 2012
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I cannot seem to get our machine to dump the POST data to the error logs. We are doing this due to a heavy amount of most likely (99% sure) malicious attacks against one of our user's website. They are constantly up to 5 times a second sending POST requests to the website. This is a non-stop thing. An example:

    151.75.212.143 - - [31/Jul/2013:16:25:38 -0500] "POST / HTTP/1.1" 200 30757 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

    We've tried doing this, using these lines in our HTTPD.conf:

    DumpIOInput On
    DumpIOLogLevel debug
    DumpIOOutput On

    And by default, the error log line is set to -> ErrorLog "logs/error_log".

    We've checked in that log file, numerous times, while attacks are going on, and it doesn't log anything to it. Am I missing something here or is there an issue with Dump_IO and cPanel? We've made sure that easyApache installed the dumpio_module.

    Any help would be very much appreciated! Thanks!

    Software specs/versions:
    WHM 11.38.1 (build 15) VPS Optimized
    root@[*] [/usr/local/apache/conf]# uname -a
    Linux [*].[*].com 2.6.32-220.7.1.el6.i686 #1 SMP Tue Mar 6 21:21:22 GMT 2012 i686 i686 i386 GNU/Linux

    Server version: Apache/2.2.25 (Unix)
    Server built: Jul 30 2013 16:48:44
    Cpanel::Easy::Apache v3.20.6 rev9999

    PHP 5.3.27 (cli) (built: Jul 30 2013 16:56:53)
    Copyright (c) 1997-2013 The PHP Group
    Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies
    with Zend Guard Loader v3.3, Copyright (c) 1998-2010, by Zend Technologies

    root@[*] [/usr/local/apache/conf]# apachectl -t -D DUMP_MODULES
    Loaded Modules:
    core_module (static)
    authn_file_module (static)
    authn_default_module (static)
    authz_host_module (static)
    authz_groupfile_module (static)
    authz_user_module (static)
    authz_default_module (static)
    auth_basic_module (static)
    dumpio_module (static)
    include_module (static)
    filter_module (static)
    log_config_module (static)
    logio_module (static)
    env_module (static)
    expires_module (static)
    headers_module (static)
    unique_id_module (static)
    setenvif_module (static)
    version_module (static)
    proxy_module (static)
    proxy_connect_module (static)
    proxy_ftp_module (static)
    proxy_http_module (static)
    proxy_scgi_module (static)
    proxy_ajp_module (static)
    proxy_balancer_module (static)
    ssl_module (static)
    mpm_prefork_module (static)
    http_module (static)
    mime_module (static)
    status_module (static)
    autoindex_module (static)
    asis_module (static)
    info_module (static)
    suexec_module (static)
    cgi_module (static)
    negotiation_module (static)
    dir_module (static)
    actions_module (static)
    userdir_module (static)
    alias_module (static)
    rewrite_module (static)
    so_module (static)
    bwlimited_module (shared)
    php5_module (shared)
    security2_module (shared)
    Syntax OK
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,667
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    What method are you using to edit your Apache configuration file? Also, do you have any "LogLevel" entries in your Apache configuration file? You may want to try disabling any such entries and restart Apache to see if that makes a difference.

    Thank you.
     
  3. NetShapersInc

    NetShapersInc Member

    Joined:
    Apr 13, 2012
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Michael,

    Thanks, that did it for the most part. However, we still cannot see exactly what they are sending in... It's continually jumbled and un-readable.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,667
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I believe that's the intention of the debug mode associated with that module. Have you considered installing a software or hardware firewall to mitigate the attack itself?

    Thank you.
     
Loading...

Share This Page