Prevent or block specific files from uploading to server

profilnet

Member
Apr 28, 2013
6
0
1
cPanel Access Level
Root Administrator
Hi,

is there any way to prevent or block specific files from being uploaded to the server ..i keep on deleting a file "bb.html" from all of my clients, which spams continuously. I have blocked more than 300+ IPs from the apache logs. So is there a way to block specific files?
 

24x7server

Well-Known Member
Apr 17, 2013
1,912
99
78
India
cPanel Access Level
Root Administrator
Twitter
I will suggest you to block "bb.html" file in your ModSecurity rules on your server. You may try now with the following steps

add following line in /usr/local/apache/conf/modsec2.user.conf

SecRule REQUEST_URI "bb.html" "id:1234123459"
And restart the httpd service on your server so that when some one try to access "bb.html" file they will get 403 Forbidden page and you will get the following logs in your error logs file


[###########] [error] [client XXX.XXX.XXX.XXX] ModSecurity: Access denied with code 403 (phase 2). Pattern match "bb.html" at REQUEST_URI. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "31"] [id "1234123459"] [hostname "XX.XXX.XX.XXX"] [uri "/bb.html"] [unique_id "UY@h5EWvGqIACBkuDFMAAAAA"]
 

profilnet

Member
Apr 28, 2013
6
0
1
cPanel Access Level
Root Administrator
I will suggest you to block "bb.html" file in your ModSecurity rules on your server. You may try now with the following steps

add following line in /usr/local/apache/conf/modsec2.user.conf



And restart the httpd service on your server so that when some one try to access "bb.html" file they will get 403 Forbidden page and you will get the following logs in your error logs file

If i want additional files to be blocked i only change the ID number right?
 

24x7server

Well-Known Member
Apr 17, 2013
1,912
99
78
India
cPanel Access Level
Root Administrator
Twitter
Yes, You are right,

You will have to change file name and ID number in /usr/local/apache/conf/modsec2.user.conf


SecRule REQUEST_URI "NEWFILENAME" "id:NEW-ID"
 

profilnet

Member
Apr 28, 2013
6
0
1
cPanel Access Level
Root Administrator
I will suggest you to block "bb.html" file in your ModSecurity rules on your server. You may try now with the following steps

add following line in /usr/local/apache/conf/modsec2.user.conf



And restart the httpd service on your server so that when some one try to access "bb.html" file they will get 403 Forbidden page and you will get the following logs in your error logs file

unfortunately the file bb.html appeared again in public_html folder :( ..what should i do?
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
profilnet, you need to take the 'stat' of the file when it appears. note the change and modify times. Then check the FTP logs (/var/log/messages) and the domains RAW access log for that time. You should be able to find how it is being uploaded. As 24x7server said, even though it's there, with the modsec rule in place it can't be accessed via Apache.