Mod_Security & Rules Recommendation

debug

Member
Apr 19, 2003
23
0
151
Hello,

I am on a managed VPS. I am alone on my VPS and hosting only my own websites. I sell nothing, so no need SSL.

My config:
CENTOS 5.10 i686 virtuozzo – 32 bits
WHM 11.40.1
Apache 2.2.26
php 5.3.28
CSF/LFD 6.39, Mod_security enabled via Easy_Apache v3.22.25.

- SSH disabled via WHM, I never use it.
- WHM/Pure FTPD disabled (I re-install it via WHM/FTP Server Selection only when I need it).
- WHM Host Access Control assigned to my home IP only.
- SSH 22 port renamed but removed in CSF Firewall Configuration/Incoming/outcoming TCP ports list

I don't want upgrade/update my server right now to keep the compatibility with my old scripts. Mod_security is installed only with the basics rules. In fact, these rules stop almost nothing. The elementary transversal path http://www.domain/ it not stopping.


I am not familiar with Mod_Security & rules. I don't know if my server is secure right now. But I think I need a set of effectives rules for Mod_Security.


My options are after much reading:


1) Buy the ASL Rules (only the rules package) at $99/year and install it by myself with no automatic update.

2) Buy the ASL + Rules at $199/year with an automatic install & update.

3) Buy the $125 Service Package at ConfigServer with the free ASL rules installed but if it require updated rules in the future, I will need to pay ASL for them.

4) Downgrade to Apache 1.4 & PHP 5.2.17 custom Cpanel product. Mod_securiy 1.95 work fine in this config with a lot of customs rules. Unfortunately, it is not possible to use ModSecurity 1.95 with PHP 5.3.28.

Correct me if I am wrong in my understanding. I need some guidance.


Another question:
If I buy a package and I secure my own VPS. Is this another VPS, non-secure without effective rules on the same host server may compromise my VPS?

The best solution in this case would be a dedicated server?

Other alternatives ?


Regards
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

I just wanted to point out that downgrading Apache and PHP should not be an option here. It's not supported, and the older versions of Apache/PHP are scheduled for removal from EasyApache in the near future. You will likely receive some user feedback on the other options you presented here.

Thank you.
 

nootkan

Well-Known Member
Oct 25, 2006
134
5
168
Personally I went with options 1 and 3. I found someone who is an affiliate of Atomicorp and they installed the updater as part of the rules package (if interested, pm me for details). As for the Service Package at Config Server you cannot go wrong with this as I feel it is probably the best package out there for security. If you feel capable you can install the components of the package for free by yourself. The staff at Config Server do a great job with the installation and give you a week of support after installation. Well worth the price in my opinion.
 
Last edited:

debug

Member
Apr 19, 2003
23
0
151
Last edited:

debug

Member
Apr 19, 2003
23
0
151
Maybe I'm wrong but I just read on the wiki that paid ASL rules are not compatible with products ConfigServer. Is that correct? Do I have to uninstall CSF & CMC ?

https://www.atomicorp.com/wiki/index.php/ASL_FAQ#Is_ASL_compatible_with_ConfigServer

Edit: I think it's only with the overall ASL (firewall + Rules). With the paid rules only, it should work with CSF/CMC but I have not tested it.

In any case, I'm tired with this problem. I hope that cPanel offers as soon as possible a set of effective rules in their package.

Regards
 
Last edited:

NixTree

Well-Known Member
Aug 19, 2010
413
5
143
Gods Own Country
cPanel Access Level
Root Administrator
Twitter
Yes, you may try Comodo WAF. We have been testing it and it's working fine till latest release. With new release we get a lot of Seg fault errors. Seems like they need to work a bit more to make it mature. Once it is stable, should be a worth to use it.
 

chrismfz

Well-Known Member
Jul 4, 2007
125
1
68
Greece
cPanel Access Level
DataCenter Provider
You can set a cronjob to rsync rules, extract Atomicorp's rules, replace them and graceful restart Apache after that.
You said you are unfamiliar with SSH-never used it. You can hire someone to do it it's easy enough. Set it 'n forget it.


We use those rules for years with great results (you can't imagine what I see in logs).

I can't say anything about Comodo's rules. I wish somebody could make an audit / penetration testing
on various platforms and apps and post the results of a ASL vs Comodo but still nothing :D
 

jsnape

Well-Known Member
Mar 11, 2002
174
0
316
No need to buy the rules. I'd support these guys (Comodo), and encourage them to keep the rules updated.
 
Last edited by a moderator: