quizknows

  • Total activity 1328
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 0
  • Subscriptions 501

Activity overview

Latest activity by quizknows
  • quizknows created a post,

    A Guide to ModSecurity in 2018, for administrators

    I have worked in web hosting for nearly 10 years. If you know me, please, now is not the time :) I have found some good community works which help for monitoring ModSec attacks in a live and manag...

  • quizknows commented,

    That would work to block either/or, but I believe the whole point here was to drop requests that had both of those in the same query string. Your proposed rule would block any request containing ei...

  • quizknows commented,

    There is a mistake in my previous post, I cannot seem to edit. Modsec uses the command "chain" as an "AND", not "OR". It is used so a request must match both lines of a chained rule (or every line...

  • quizknows commented,

    For what it's worth you should be able to do it quickly and easily with modsecurity. This helps a lot especially if you use CSF/LFD. Modsec's AND operator (basically) is "chain". I would personal...

  • quizknows commented,

    Last script just looks to lock the passwords for those unused users (or perhaps used, but should never be logged into directly), likely for security reasons. -l, --lock Lock the...

  • quizknows commented,

    With it being a normal user ID running the process, I wouldn't worry too much about root at least yet. These things though are hard to find when they're not ongoing. I would thoroughly examine the...

  • quizknows commented,

    The public_html directory should be 750 and is not intended to be changed. Setting 555 would make your public_html directories readable across account, which is a nightmare security wise especially...

  • quizknows commented,

    Have you considered using ModSecurity's connections engine? you can limit simultaneous read/write connection states per IP. Reference Manual " SpiderLabs/ModSecurity Wiki " GitHub Reference Manua...

  • quizknows commented,

    If the settings are in your systcl config files themselves, "sysctl -p $file" should commit them. if that is failing or is not persistent across reboots, try moving the settings to /etc/sysctl.conf...

  • quizknows commented,

    Ok, Good :) In that case you may need to wait for cpanel staff or open a ticket. With that said, If you don't get errors committing those sysctl parameters your server is probably OK.