mod_security

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • AndrewT
    Administrator
    • Mar 2004
    • 3655
    #1

    mod_security

    Due to the recent issue with insecure PHP mail forms being flooded with mail injections (http://forums.dathorn.com/showthread.php?t=1986) we've gone ahead and have installed mod_security on cpanel04, cpanel05, and cpanel08. Right now it is simply setup to filter out basic mail injections and nothing more. If you notice any problems please submit a trouble ticket to let us know.

    If no real problems arise, mod_security will be installed on the remaining servers as well. At some point we will also begin adding more rules to prevent other common PHP script exploits.

    Up to this point I've been fairly reluctant in running mod_security but now there aren't many other options remaining and I do realize that this is probably long overdue. If this works out, it will be of great assistance to us all.
    Last edited by AndrewT; 11-18-2005, 12:12 PM.
    Tags: None
    • AndrewT
      Administrator
      • Mar 2004
      • 3655
      #2
      Shortly I will begin installing mod_security on all of the remaining servers as it has done a good job thus far in preventing these mail injections. I've also added more rules to cpanel04, cpanel05, and cpanel08 that filter out other common exploits. If you are having any problems with these filters please submit a trouble ticket. Also, FYI, if you trigger the mod_security filters it will give you a 406 error.

        Comment

        • AndrewT
          Administrator
          • Mar 2004
          • 3655
          #3
          mod_security has now been installed on all servers. To do so we had to upgrade cPanel on cpanel10, cpanel26, and cpanel29.

          cpanel04, cpanel05, and cpanel08 all have a list of filters that protects from a lot of common PHP script exploits in addition to the mail injection filters. Once these filters have proven to be okay we will place them on the other servers.

          All other servers right now only have the mail injection filters in place.

          If you run into any problems at all please submit a trouble ticket right away. And once again, you will receive a 406 error if you have triggered a mod_security filter.

            Comment

            • AndrewT
              Administrator
              • Mar 2004
              • 3655
              #4
              The rules that were previously only on cpanel04, cpanel05, and cpanel08 are now installed on all servers.

                Comment

                • AndrewT
                  Administrator
                  • Mar 2004
                  • 3655
                  #5
                  The mod_security filters have been modified to only include a more basic and less restrictive set of rules. These will sync to all servers early tomorrow morning and replace the existing rules. This should take care of some of the problems a few people were experiencing.

                  However, this may be changed in the future, with this previous set of rules we had absolutely no reports of accounts being exploited through insecure scripts nor did we find any. Hopefully these modifications will not change this and allow for a bit more flexibility.

                    Comment

                    • AndrewT
                      Administrator
                      • Mar 2004
                      • 3655
                      #6
                      The mod_security rules have been updated once again to fix an issue that was preventing SMF forums from working properly. These will sync with all servers early tomorrow morning.

                        Comment

                        Previous template Next
                        Working...