The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ModSecurity: collections_remove_stale failed

Discussion in 'Security' started by MACscr, Jun 27, 2015.

  1. MACscr

    MACscr Well-Known Member

    Joined:
    Sep 30, 2003
    Messages:
    190
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Any suggestions for resolving this issue with mod_security and appearing in the apache error_log?

    ModSecurity: collections_remove_stale: Failed deleting collection .......

    My ip.pag is about 250MB and it appears that IP's that are supposed to be blocked are not being blocked. Getting a bit frustrating. This ip.pag file sure seems to be collecting more IP's per second than apache is saying its serving per second as well. whats up with that?
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    You can always try clearing it out yourself, simply delete ip.dir and ip.pag and restart apache. The files should recreate themselves as soon as rules are processed. Check your permissions on /tmp and /var/cpanel/secdatadir, /tmp should be 1777 and /var/cpanel/secdatadir should be 1770

    Out of curiosity do you happen to be using RUID2?
     
  3. MACscr

    MACscr Well-Known Member

    Joined:
    Sep 30, 2003
    Messages:
    190
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    No I am not, i am using suphp. I have deleted them and it does appear to have helped. Should we be using logrotate or something like that to maintain these files? If there is a logrotate conf for them, can someone share it with me?
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  6. MACscr

    MACscr Well-Known Member

    Joined:
    Sep 30, 2003
    Messages:
    190
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    nope. even set it as low as 600.
     
  7. MACscr

    MACscr Well-Known Member

    Joined:
    Sep 30, 2003
    Messages:
    190
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Still happening. Super frustrating. I dont know of anyone using any type of pruning process for theirs either. Im not sure what i could be doing differently than others.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Internal case number FB-188769 is open to determine if rotation for /var/cpanel/secdatadir/ip.pag is a viable option. You may want to utilize the following utility offered by Mod_Security in the meantime:

    https://github.com/SpiderLabs/modsec-sdbm-util

    Thank you.
     
Loading...

Share This Page