The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Prevent or block specific files from uploading to server

Discussion in 'Security' started by profilnet, May 12, 2013.

  1. profilnet

    profilnet Member

    Joined:
    Apr 28, 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    is there any way to prevent or block specific files from being uploaded to the server ..i keep on deleting a file "bb.html" from all of my clients, which spams continuously. I have blocked more than 300+ IPs from the apache logs. So is there a way to block specific files?
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    I will suggest you to block "bb.html" file in your ModSecurity rules on your server. You may try now with the following steps

    add following line in /usr/local/apache/conf/modsec2.user.conf

    And restart the httpd service on your server so that when some one try to access "bb.html" file they will get 403 Forbidden page and you will get the following logs in your error logs file


     
  3. profilnet

    profilnet Member

    Joined:
    Apr 28, 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks a lot! I'll try it and ill inform you
     
  4. profilnet

    profilnet Member

    Joined:
    Apr 28, 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator

    If i want additional files to be blocked i only change the ID number right?
     
  5. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Yes, You are right,

    You will have to change file name and ID number in /usr/local/apache/conf/modsec2.user.conf


     
  6. profilnet

    profilnet Member

    Joined:
    Apr 28, 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator

    unfortunately the file bb.html appeared again in public_html folder :( ..what should i do?
     
  7. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    With the above mod_sec rules no one can access " bb.html " file through your web server and you will have to remove "bb.html" files from your all account
     
  8. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    profilnet, you need to take the 'stat' of the file when it appears. note the change and modify times. Then check the FTP logs (/var/log/messages) and the domains RAW access log for that time. You should be able to find how it is being uploaded. As 24x7server said, even though it's there, with the modsec rule in place it can't be accessed via Apache.
     
Loading...

Share This Page