The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security problem in most recent update

Discussion in 'Security' started by johnchan, Dec 1, 2005.

  1. johnchan

    johnchan Active Member

    Joined:
    Jun 29, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    In the most recent update (rolled out today/yesterday) mod_security has stopped working properly:

    =============================
    /etc/cron.hourly/modsecparse.pl:

    DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: NO) at /etc/cron.hourly/modsecparse.pl line 18
    =============================

    Every hour we're getting this now on 2 of our CPanel servers.

    It was working smoothly before.

    Anyone know about this or how to resolve this recent bug?
     
  2. xisn

    xisn Well-Known Member

    Joined:
    Dec 4, 2004
    Messages:
    128
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Same here..

    Seems we are getting this on several servers too...
     
  3. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    I have it now on all my boxes. I also get tar errors on /scripts/cpbackup
     
  4. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
  5. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    393
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    we have this modsec error as well.. that 'fix' didn't work (got another error in mysql)


    so now what?

    edit: just removed and re-installed it.. works fine for now..
     
    #5 PPNSteve, Dec 1, 2005
    Last edited: Dec 1, 2005
  6. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    has anyone added it to bugzilla? if not I will
     
  7. henker

    henker Well-Known Member

    Joined:
    May 1, 2003
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    I must admit I haven't, but...
    I uninstalled and reinstalled a couple of times via WHM until I noticed that the latest mod_security wasn't even in apache/libexec, so I had to manually apxs it and enable it manually in httpd.conf as cPanel set it up in the wrong order:


    Include "/usr/local/apache/conf/modsec.conf"
    AddModule mod_security.c

    instead of
    AddModule mod_security.c
    Include "/usr/local/apache/conf/modsec.conf"

    On another server, all instances of mod_security had a # at the beginning of the line,
    so basically mod_security wasn't enabled at all...

    Things like these should not go wrong.
     
  8. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    393
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    hmm.. went in fine, and correctly for my servers..

    oh well meybe there is some bug in the latest update/version.
     
  9. chae

    chae Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Auckland, New Zealand
    I uninstalled/reinstalled and pasted in my ruleset again and all is well.

    Have also noticed several tar errors with my backups.
     
  10. johnchan

    johnchan Active Member

    Joined:
    Jun 29, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    It seems like lots of people are having this problem.

    How could this slip through into the RELEASE version? We're not running EDGE or CURRENT. :mad:
     
  11. henker

    henker Well-Known Member

    Joined:
    May 1, 2003
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    STABLE in our case... But then again, modsecurity is marked "Beta"... Some of the Addon modules, eg. cpanelpro really make you think what "STABLE" means :)
     
  12. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. It is BETA and as such you can expect problems.
     
  13. johnchan

    johnchan Active Member

    Joined:
    Jun 29, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Uninstalling and reinstalling the module via the WHM interface solved this for us on our servers.
     
  14. mount

    mount Member

    Joined:
    Sep 8, 2004
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
  15. johnchan

    johnchan Active Member

    Joined:
    Jun 29, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6

    Thats a completely different problem of MySQL not running at all. Don't confuse mod_security problem... it is completely different.
     
  16. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    I agree entirely. Same issues exactly. No mod_sec in apache/libexec and # at line beginning of AddModule mod_security.c and AddModule mod_security.so.
    So no mod_security running. I wondered why nothing was appearing in the log files after repeated uninstall/reinstall from WHM.

    Beta indeed! Poor excuse for messing with server security.

    I uninstalled the cPanel Module as this can not be trusted any more and installed mod_security manually from this WemHostGear page with a few minor edits and httpd.conf tweak.

    It is now fully functional and I can sleep much better now ;).

    I also know that it will be updated correctly now and that it will not be broken by these consistently achy-breaky nightly nightmares.
    :)
     
  17. arhs

    arhs Well-Known Member

    Joined:
    Jul 4, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    #17 arhs, Dec 5, 2005
    Last edited: Dec 5, 2005
  18. neonix

    neonix Well-Known Member

    Joined:
    Oct 21, 2004
    Messages:
    124
    Likes Received:
    2
    Trophy Points:
    0
    After the last update: within WHM, mod_scurity does not show IP Date Time for every action/message. How do I fix this?


    IP Date Time Handler GET Host Mod_Security-Message
    00:00:00 (null) / HTTP/1.1 www.xyz.com Access denied with code 406.

    Mod_Security-Action
    Pattern match "SurveyBot" at HEADER. 406

    Thanks for your help!
     
  19. asterisk

    asterisk Well-Known Member

    Joined:
    Nov 11, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Has this bug been resolved? I got the exact same error messages but ever since I've upgraded it via WHM, I no longer get the error messages but just to be safe, am checking in with you guys. :)

    PS The last version I'm at is 1.9.1-5.
     
  20. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    cpanel is using mysql for mod_security?
     
Loading...

Share This Page