shacker23

1. Community
2. Security
3. ModSecurity is logging but not blocking (integration with ConfigServer)

OK, several things to report: - cPanel support *rocks* - thanks Brian and Peter for the assist in getting this all working. - After waiting 24 hours so I could see what the impact on overall traf...

• View comment
• shacker23
• October 31, 2014 15:41
• 0 votes

1. Community
2. Security
3. ModSecurity is logging but not blocking (integration with ConfigServer)

Many thanks for the information Brian - very useful. Yes, ticket 5636595 is open, and a tech has done some work on this. I'll follow up with him on that ticket and post the results here when we g...

• View comment
• shacker23
• October 30, 2014 15:45
• 0 votes

1. Community
2. Security
3. ModSecurity is logging but not blocking (integration with ConfigServer)

It does. Though, oddly, "On" is not in quotes like it is in the other directives there. Should I quote "On"? # WHM-managed ModSecurity configuration directives SecAuditEngine "On" SecRuleEngine O...

• View comment
• shacker23
• October 28, 2014 18:06
• 0 votes

1. Community
2. Security
3. ModSecurity is logging but not blocking (integration with ConfigServer)

Thanks quizknows. My modsec2.conf does say SecDefaultAction "phase:2,deny,log,status:406" but I do not see ModSecurity hits in the apache error_log. If I grep -i security /usr/local/apache/err...

• View comment
• shacker23
• October 28, 2014 17:08
• 0 votes

1. Community
2. Web Servers & Applications
3. Unknown robot (identified by 'bot*')

OK, so cpanel's modsecurity logs to /usr/local/apache/logs/modsec_audit.log . In CSF configuration, I set MODSEC_LOG to that path and restarted CSF. So then I tail -f /var/log/lfd.log . I see CSF...

• View comment
• shacker23
• October 26, 2014 16:34
• 0 votes

1. Community
2. Web Servers & Applications
3. Unknown robot (identified by 'bot*')

Oh! Surely there must be a way to configure ConfigServer to work *with* ModSecurity rather than against it? Any idea how?

• View comment
• shacker23
• October 26, 2014 16:02
• 0 votes

1. Community
2. Web Servers & Applications
3. Unknown robot (identified by 'bot*')

OK, I misspoke on the traffic reduction - looks like awstats hadn't completed its run when I wrote earlier. I am seeing the massive numbers of log entries in ModSecurity, but I am NOT seeing a huge...

• View comment
• shacker23
• October 25, 2014 16:41
• 0 votes

1. Community
2. Web Servers & Applications
3. Unknown robot (identified by 'bot*')

I didn't write the rule - it's directly out of the spiderlabs modsec rules manual on github. But yeah - I'm seeing overall traffic cut down on most large customer sites by 50% overnight. No false p...

• View comment
• shacker23
• October 25, 2014 06:19
• 0 votes

1. Community
2. Web Servers & Applications
3. Unknown robot (identified by 'bot*')

cPanel's new ModSecurity module landed a few days ago and I've been giving it a workout. I added and activated a single custom rule, which culls bad bot activity by cross referencing a bots RBL fro...

• View comment
• shacker23
• October 24, 2014 15:16
• 0 votes

1. Community
2. Email
3. [Case 111565] Mailman and add-on domains

Aha! So Servint couldn't solve it, they filed a ticket with cPanel, and it was discovered that the bug is actually in the Paper Lantern theme. Switching to X3 fixes the problem. They have filed a t...

• View comment
• shacker23
• August 12, 2014 21:55
• 0 votes