The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Main IP doing attacks on websites

Discussion in 'Security' started by mili, Jul 4, 2015.

  1. mili

    mili Registered

    Joined:
    Jul 4, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Reseller Owner
    Hi,

    The mod-sec is detecting attacks on the websites from the main ip of the server and :

    SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" "phase:logging, id:'981205', t:none, log,noauditlog, pass, tag:'event-correlation', msg:'Outbound Anomaly Score Exceeded (score %{TX.OUTBOUND_ANOMALY_SCORE}): %{tx.msg}'"

    Help is appreciated
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    You may want to check the modsec audit log, (/usr/local/apache/logs/modsec_audit.log) as this may be a false positive. Anomaly based rules can be tricky.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Were you able to review the /usr/local/apache/logs/modsec_audit.log file for additional information?

    Thank you.
     
Loading...

Share This Page