modsecurity

I've installed mod_security2 and read the cPanel docs: https://blog.cpanel.com/how-to-install-and-configure-modsecurity-in-cpanel/ but I have a few other questions. 1. Should I install OWASP? What does it do? 2. I see under "Configuration" that I can provide a link to a MaxMind database...

Hi, the last few days i've been battling with one specific website (out of many on the same server) which wont render correctly. When inspecting, the site loads as plain HTML and the console shows a load of 403 or 404 errors for every image, CSS file or JS script. I have finally got it narrowed...

HI, I am wondering what are this hit from 127.0.0.1 from modsecurity. I have a lot of triggering event about 920340: Request Containing Content, but Missing Content-Type header 933150: PHP Injection Attack: High-Risk PHP Function Name Found 930130: Restricted File Access Attempt 920170: GET or...

Is there a way to make ModSecurity send alert emails for every rule triger?

For about a week or so, httpd has been crashing about once a day. In the "Log Messages" section of the cpanel service failure notification email, it lists a bunch of modsecurity hits in red. Nothing stands out about them, just the run of the mill malicious bots. Maybe only the quantity...

Hello. I hope everyone is safe and healthy and taking care of themselves and their loved ones. In my /var/log/apache/error_log file as of today the beginning entry is May 18, 2021. When I search for information about trimming this file (if it's okay to do so) I see reports that there should...

Lately, a lot of our customers' websites has been crawled by a lot of bots. Yesterday, a single website was crawled by 4 different bots at the same time. All of the bots were bad bots. We want to block these bots but I'm wondering which method is the best performance wise or if it really doesn't...

Hello! A customer needed to disable ModSecurity. We found that in one server, none of our customers have ModSecurity™ Domain Manager icon in their cPanel. Looks installed and enabled in Feature Manager. I tried to reinstall and the problem persist. Any tip? Regards,

Hello Everyone, I have a strange one here, I have setup a new WordPress site/Directory and all of a sudden I am getting 404 errors on css and image file loading on this particular website. So, I can only think either ModSec is blocking this file types (they are not being triggered in the main...

Hello. In my attempt to track down a malicious IP address attacking the server I've been looking at logs. Not only cannot I not find the malicious IP address in any logs which I know was attacking because a different service has logged it in it's application and it shows in that database -...

Hi, My server runs the following ModSecurity Rules: Imunify360 LiteSpeed Rule Set (Minimized ModSec Ruleset) COMODO ModSecurity LiteSpeed Rule Set I had to disable the following rule set because it was causing a LOT off false positives within our WordPress websites, to the extent that we...

Good morning, I need to serve something on my default vhost (the vhost who serves /var/www/html). How to disable ModSecurity in this area? .htaccess disabling not working ( SecFilterEngine Off)

We have Mod Security enabled, and using mod sec rules developed and provided by our data center. It has worked out very well, but there are some things we like about the OWASP Core Rule Set (CRS) that cPanel is making available to us. I'm investigating enabling these rules, either in...

Hi all, this may be nothing but I wanted to post my experience this morning with our website suddenly refusing PUT requests. This morning I visited the WHM interface and got an upgrade popup saying that new ModSecurity rules would be installed (my memory is not perfect but it definitely...

Hello, I have version 92.0.4 and I see something strange. When I go to an account in cPanel and then SECURITY> ModSecurity says: But I'm sure the modsecurity is enabled on the server. I test it and blocks successful rules in domains, server etc. It's something wrong with this info inside...

Hello, I have added exclude rule to ModSecurity in /etc/apache2/conf.d/modsec/modsec2.user.conf to whitelisting Googlebot from being blocked, but it doesn't work. Googlebot will still blocked if accessing to robots.txt. SecRule REMOTE_ADDR "^66\.249\.xxx\.xxx$"...

Hello, Is there a way to show ModSecurity Hit List to customers in cPanel (not in WHM)? And also, is there any plugin to allow customers edit their own ModSecurity rules (disable some of them on specific URL, just like ConfigServer ModSec Control but at the cPanel side) ?

cPanel & WHM Version 92 to RELEASE! We are happy to announce that cPanel, L.L.C. has released cPanel & WHM Version 92 to the RELEASE tier! Some highlights of this release can be found below, but please check the Release Site for more information. Experimental ImageMagick for CentOS 8 For CentOS...

EasyApache 4 November 23 Release We are happy to announce that cPanel, L.L.C. has released an update for EasyApache 4! Take a look at some highlights below, and then join us on Discord or Reddit to talk about this update and much more. 2020-11-23 mod_security2 ZC-7925: Install...

Hello, I have an issue with ModSecurity. Request body and file temporary file on /tmp isn't completely cleared, so I have to clean up very regularly /tmp to avoid it filling up all my disks. Would you know why it have this strange comportment? On the apache log, I found only this as relevant...