aeroweb

  • Total activity 21
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 0
  • Subscriptions 5

Activity overview

Latest activity by aeroweb

  • aeroweb commented,

    1. Community
    2. Security
    3. Google bot triggering OWASP modsecurity rule 949110

    After further review of both the mod-security logs and Apache logs it appears that the Googlebot is actually triggering rule: 942100 "sql injection attack detected via libinjection" The Google bot...

  • aeroweb commented,

    1. Community
    2. Security
    3. Google bot triggering OWASP modsecurity rule 949110

    I do not have a dnf.rpm.log file. I checked the yum.log files and its not in there. I also checked /etc/apache2/conf.d/modsec_vendor_configs/OWASP3 but it appears that the rule files here get up...

  • aeroweb commented,

    1. Community
    2. Security
    3. Google bot triggering OWASP modsecurity rule 949110

    Thanks for the info, much appreciated. The strange thing is, we've used modsecurity with the OWASP rules setup on our servers for years now. And yes, we would occasionally get false positives a...

  • aeroweb created a post,

    Google bot triggering OWASP modsecurity rule 949110

    1. Community
    2. Security

    Last few days we have been noticing that Google crawler IP's (i.e. 66.249.xxx.xxx) have stared being blocked by the OWASP modsecurity rules. This is not an isolated case, we have many servers and ...

    • aeroweb
    • 2 followers
    • 6 comments
    • 0 votes

  • aeroweb commented,

    1. Community
    2. Security
    3. CPHulk country block not working

    Thanks for providing that thread. So if I understand correctly only version 102 of WHM is being updated and the Stable version (100.0.12), and LTS version (94.0.24) are not being updated thus CPH...

  • aeroweb created a post,

    CPHulk country block not working

    1. Community
    2. Security

    We have country blocking enabled on our servers using CPHulk for countries we know our clients would never login from. Over the last several days we have seen many IMAP failed login attempts from ...

    • aeroweb
    • 2 followers
    • 3 comments
    • 0 votes

  • aeroweb created a post,

    httpd -DFOREGROUND After Easy Apache Update

    1. Community
    2. Web Servers & Applications

    Anyone else having this issue? Apache seems to be running as: /usr/sbin/httpd -DFOREGROUND Instead of the usual: /usr/sbin/httpd -k start

    • aeroweb
    • 2 followers
    • 2 comments
    • 0 votes

  • aeroweb commented,

    1. Community
    2. Email
    3. Stop brute force email logins?

    We are very familiar with brute force attacks and various distributed attacks, that was not my question. We have been using a combination of CSF and other features for years which has helped mitig...

  • aeroweb created a post,

    Stop brute force email logins?

    1. Community
    2. Email

    CPHulk is showing many failed email login attempts from local host 127.0.0.1 and country ZZ (see attached screenshot). I am assuming these are webmail login attempts? Is there a way to stop these...

    • aeroweb
    • 4 followers
    • 6 comments
    • 0 votes

  • aeroweb commented,

    1. Community
    2. Security
    3. ClamAV installed in different path

    It took an hour or more on each server but it finally completed. Looks like it is just a large DB update that takes a while to finish. ClamAV update process started at Wed Mar 6 20:30:38 2019 W...