Top

Archive | howto

Security Tips for SSH service

Ssh is the main tool/service used by a system administrator for doing the troubleshooting and other admin related tasks. If we have ssh root access, we can do anything on the server. So in order to keep the server secure, we need to follow some security practices related to ssh service. Since it is a […]

Continue Reading

scan FTP uploaded files on cPanel Servers with ClamAV

First we need install ClamAV, it has been now been included in cPanel/WHM. ClamAV is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. You can also install it from your […]

Continue Reading

Whitelist rule with LocationMatch

Sometimes you need disable ModSecurity rules in specific url or program, because it causes false positives. This tutorial we show how you can whitelist rule or rules with apache LocationMatch directive. LocationMatch examples WordPress admin <locationmatch “/wp-(admin|login)/”> SecRuleRemoveById 150005 SecRuleRemoveById 150006 </locationmatch> phpmyadmin <locationmatch “/phpmyadmin/”> SecRuleRemoveById 150005 SecRuleRemoveById 150006 </locationmatch> Depend your server configuration, like […]

Continue Reading

ModSecurity with RBL Database

This tutorial we showing how you can use ModSecurity with RBL database’s to block access to web server. ModSecurity RBL We can use at mod_security phase 1 to optimise these rules and reduce server load, before PHP start executing requests. Here are more information how to ModSecurity processing phases. Also you can use Local DNS […]

Continue Reading

Disable Mod_Security on Directadmin server

If you decided to use Modsecurity on your server with DirectAdmin, there is sometimes a need to disable mod_security on server. Default custombuild installation, mod_security rules installed in: /etc/modsecurity.d/ Apache load’s ModSecurity modules and configuration in: /etc/httpd/conf/extra/httpd-modsecurity.conf Disable mod_security Easiest way disable Modsecurity is disable apache to load ModSecurity module in https-modsecurity.conf file. Just add […]

Continue Reading

Ban with ModSecurity HTTP or HTTPS requests 404 Response code

This tutorial we want Ban with ModSecurity IP addresses for specific time with ModSecurity that causes multiple 404 errors on the web site. Ban with ModSecurity Depend you Apache/Nginx and PHP configuration, you may use phase:1 with rule 4000 & 4002. Also you need enable SecResponseBodyAccess On to ModSecurity configuration files. SecAction “phase:2,initcol:ip=%{REMOTE_ADDR},id:’4000′,pass,nolog” SecRule RESPONSE_STATUS […]

Continue Reading

Deploying ModSecurity Rule Set in cPanel/WHM

Malware Expert ModSecurity protection rules are now integrated ModSecurity Vendors in cPanel/WHM and can be activated from the cPanel / WHM Security Center. Copy vendor configuration URL in image. (Ex. right click, Copy Url) Malware.Expert -> My Account -> Subscriptions Sign in to your cPanel account Login to your cPanel/WHM server. Click the ‘Security Center‘ […]

Continue Reading

Multipart: Invalid boundary in C-T (characters)

You can sometimes see this error ModSecurity log file: –b2b99b07-H– Message: Multipart parsing error (init): Multipart: Invalid boundary in C-T (characters). POST Payload Typically payload looks below, which cause that error –b2b99b07-B– POST /index.php HTTP/1.0 Host: malware.expert Accept: */* Referer: http://malware.expert/ User-Agent: Mozilla/5.0 (Windows; Windows NT 5.1; en-US) Firefox/3.5.0 Content-Length: 389 Content-Type: multipart/form-data; boundary=(UploadBoundary) Problem […]

Continue Reading

Disable Password Authentication on Server

When Password-based authentication mechanism is active, meaning that your server is still exposed to brute-force attacks. We want to Disable Password Authentication on Server’s, where we use ssh access to console. Before completing the steps in this section, make sure that you either have SSH key-based authentication configured for the root account on server, or […]

Continue Reading

Configure SSH Key Authentication on a Linux Server

SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with a Linux server, chances are, you will spend most of your time in a terminal session connected to your server through SSH. SSH keys provide an easy, yet extremely secure way of logging into your server. For […]

Continue Reading