Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security problem in most recent update

Discussion in 'Security' started by johnchan, Dec 1, 2005.

  1. johnchan

    johnchan Active Member

    Joined:
    Jun 29, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    156
    In the most recent update (rolled out today/yesterday) mod_security has stopped working properly:

    =============================
    /etc/cron.hourly/modsecparse.pl:

    DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: NO) at /etc/cron.hourly/modsecparse.pl line 18
    =============================

    Every hour we're getting this now on 2 of our CPanel servers.

    It was working smoothly before.

    Anyone know about this or how to resolve this recent bug?
     
  2. xisn

    xisn Well-Known Member

    Joined:
    Dec 4, 2004
    Messages:
    136
    Likes Received:
    5
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Same here..

    Seems we are getting this on several servers too...
     
  3. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    7
    Trophy Points:
    318
    Location:
    back woods of NC, USA
    I have it now on all my boxes. I also get tar errors on /scripts/cpbackup
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    769
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    /dev/null
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    404
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    we have this modsec error as well.. that 'fix' didn't work (got another error in mysql)


    so now what?

    edit: just removed and re-installed it.. works fine for now..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 PPNSteve, Dec 1, 2005
    Last edited: Dec 1, 2005
  6. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    769
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    /dev/null
    has anyone added it to bugzilla? if not I will
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. henker

    henker Well-Known Member

    Joined:
    May 1, 2003
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    231
    Location:
    Ireland
    cPanel Access Level:
    Root Administrator
    I must admit I haven't, but...
    I uninstalled and reinstalled a couple of times via WHM until I noticed that the latest mod_security wasn't even in apache/libexec, so I had to manually apxs it and enable it manually in httpd.conf as cPanel set it up in the wrong order:


    Include "/usr/local/apache/conf/modsec.conf"
    AddModule mod_security.c

    instead of
    AddModule mod_security.c
    Include "/usr/local/apache/conf/modsec.conf"

    On another server, all instances of mod_security had a # at the beginning of the line,
    so basically mod_security wasn't enabled at all...

    Things like these should not go wrong.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    404
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    hmm.. went in fine, and correctly for my servers..

    oh well meybe there is some bug in the latest update/version.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. chae

    chae Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Auckland, New Zealand
    I uninstalled/reinstalled and pasted in my ruleset again and all is well.

    Have also noticed several tar errors with my backups.
     
  10. johnchan

    johnchan Active Member

    Joined:
    Jun 29, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    156
    It seems like lots of people are having this problem.

    How could this slip through into the RELEASE version? We're not running EDGE or CURRENT. :mad:
     
  11. henker

    henker Well-Known Member

    Joined:
    May 1, 2003
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    231
    Location:
    Ireland
    cPanel Access Level:
    Root Administrator
    STABLE in our case... But then again, modsecurity is marked "Beta"... Some of the Addon modules, eg. cpanelpro really make you think what "STABLE" means :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Indeed. It is BETA and as such you can expect problems.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. johnchan

    johnchan Active Member

    Joined:
    Jun 29, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    156
    Uninstalling and reinstalling the module via the WHM interface solved this for us on our servers.
     
  14. mount

    mount Member

    Joined:
    Sep 8, 2004
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    151
  15. johnchan

    johnchan Active Member

    Joined:
    Jun 29, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    156

    Thats a completely different problem of MySQL not running at all. Don't confuse mod_security problem... it is completely different.
     
  16. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    166
    I agree entirely. Same issues exactly. No mod_sec in apache/libexec and # at line beginning of AddModule mod_security.c and AddModule mod_security.so.
    So no mod_security running. I wondered why nothing was appearing in the log files after repeated uninstall/reinstall from WHM.

    Beta indeed! Poor excuse for messing with server security.

    I uninstalled the cPanel Module as this can not be trusted any more and installed mod_security manually from this WemHostGear page with a few minor edits and httpd.conf tweak.

    It is now fully functional and I can sleep much better now ;).

    I also know that it will be updated correctly now and that it will not be broken by these consistently achy-breaky nightly nightmares.
    :)
     
  17. arhs

    arhs Well-Known Member

    Joined:
    Jul 4, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    166
    #17 arhs, Dec 5, 2005
    Last edited: Dec 5, 2005
  18. neonix

    neonix Well-Known Member

    Joined:
    Oct 21, 2004
    Messages:
    124
    Likes Received:
    2
    Trophy Points:
    168
    After the last update: within WHM, mod_scurity does not show IP Date Time for every action/message. How do I fix this?


    IP Date Time Handler GET Host Mod_Security-Message
    00:00:00 (null) / HTTP/1.1 www.xyz.com Access denied with code 406.

    Mod_Security-Action
    Pattern match "SurveyBot" at HEADER. 406

    Thanks for your help!
     
  19. asterisk

    asterisk Well-Known Member

    Joined:
    Nov 11, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    156
    Has this bug been resolved? I got the exact same error messages but ever since I've upgraded it via WHM, I no longer get the error messages but just to be safe, am checking in with you guys. :)

    PS The last version I'm at is 1.9.1-5.
     
  20. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    189
    Likes Received:
    0
    Trophy Points:
    166
    cpanel is using mysql for mod_security?
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice