Spork Schivago

1. Community
2. Security
3. ModSec shows security scanner scanning 127.0.0.1

Maybe something like: /usr/local/apache/logs/modsec_audit.log { rotate 15 daily missingok compress postrotate /usr/local/cpanel/scripts/restartsrv_httpd 2> /dev/null > ...

• View comment
• Spork Schivago
• June 23, 2017 02:33
• 0 votes

1. Community
2. Security
3. ModSec shows security scanner scanning 127.0.0.1

...I think the best help I can give is to describe how I analyze concerning modsec hits... This helped a lot, you sharing how you analyze the logs. I've been analyzing them incorrectly. This w...

• View comment
• Spork Schivago
• June 23, 2017 02:20
• 0 votes

1. Community
2. Security
3. ModSec shows security scanner scanning 127.0.0.1

a) The Requests from 127.0.0.1. I did not address this very well. All the logs you posted regarding the [hostname "127.0.0.1"> issue were about log events that occurred within one second of each ot...

• View comment
• Spork Schivago
• June 23, 2017 01:27
• 0 votes

1. Community
2. Security
3. ModSec shows security scanner scanning 127.0.0.1

I see some stuff in the access_log as well: 41.209.71.187 - - [21/Jun/2017:00:08:27 -0400] "GET login.cgi HTTP/1.0" 400 10084 "-" "-" 127.0.0.1 - - [21/Jun/2017:11:15:32 -0400] "GET /whm-server-s...

• View comment
• Spork Schivago
• June 21, 2017 22:11
• 0 votes

1. Community
2. Security
3. ModSec shows security scanner scanning 127.0.0.1

I should add that I do have some IP addresses whitelisted in CSF and ModSec, but they belong to ScanMyServer.... # CSF Whitelisted IP addresses # Our home IPv4 address - Thu Apr 20 22...

• View comment
• Spork Schivago
• June 21, 2017 20:21
• 0 votes

1. Community
2. Security
3. ModSec shows security scanner scanning 127.0.0.1

And here's where the hostname changes to 127.0.0.1. [Wed Jun 21 10:59:16.225079 2017] [:error] [pid 21522] [client 177.19.152.77] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [...

• View comment
• Spork Schivago
• June 21, 2017 20:04
• 0 votes

1. Community
2. Security
3. ModSec shows security scanner scanning 127.0.0.1

Hello, Do you see any corresponding entries in /usr/local/apache/logs/error_log? Thank you. Only the ModSec warnings and access denied messages. So ModSec definitely seemed to have caught every...

• View comment
• Spork Schivago
• June 21, 2017 19:47
• 0 votes

1. Community
2. Server Management
3. yum check-updates seems broken

Seems to be fixed now. Thanks!

• View comment
• Spork Schivago
• June 22, 2017 01:51
• 0 votes

1. Community
2. Server Management
3. yum check-updates seems broken

This happens to me from time to time with EPEL. I generally just skip that repo for that update and try it again later I missed this post earlier. I think we were posting at the same time. I was...

• View comment
• Spork Schivago
• June 21, 2017 20:53
• 0 votes

1. Community
2. Server Management
3. yum check-updates seems broken

Hello, That looks like an issue with the EPEL repository. I'm not seeing the same error message when running "yum check-updates" on test systems with the stock CentOS repos. Thank you. But when y...

• View comment
• Spork Schivago
• June 21, 2017 20:12
• 0 votes