howto Archives

Whitelist rule with LocationMatch

January 4, 2018January 4, 2018 by admin

Sometimes you need disable ModSecurity rules in specific url or program, because it causes false positives. This tutorial we show how you can whitelist rule or rules with apache LocationMatch directive. LocationMatch examples WordPress admin <locationmatch “/wp-(admin|login)/”> SecRuleRemoveById 150005 SecRuleRemoveById 150006 </locationmatch> phpmyadmin <locationmatch “/phpmyadmin/”> SecRuleRemoveById 150005 SecRuleRemoveById 150006 </locationmatch> Depend your server configuration, like … Read more

ModSecurity with RBL Database

October 26, 2017 by admin

This tutorial we showing how you can use ModSecurity with RBL database’s to block access to web server. ModSecurity RBL We can use at mod_security phase 1 to optimise these rules and reduce server load, before PHP start executing requests. Here are more information how to ModSecurity processing phases. Also you can use Local DNS … Read more

Disable Mod_Security on Directadmin server

October 26, 2017October 3, 2017 by admin

If you decided to use Modsecurity on your server with DirectAdmin, there is sometimes a need to disable mod_security on server. Default custombuild installation, mod_security rules installed in: /etc/modsecurity.d/ Apache load’s ModSecurity modules and configuration in: /etc/httpd/conf/extra/httpd-modsecurity.conf Disable mod_security Easiest way disable Modsecurity is disable apache to load ModSecurity module in https-modsecurity.conf file. Just add … Read more

Ban with ModSecurity HTTP or HTTPS requests 404 Response code

September 10, 2023September 19, 2017 by admin

This tutorial we want Ban with ModSecurity IP addresses for specific time with ModSecurity that causes multiple 404 errors on the web site. Ban with ModSecurity Depend you Apache/Nginx and PHP configuration, you may use phase:1 with rule 4000 & 4002. Also you need enable SecResponseBodyAccess On to ModSecurity configuration files. SecAction “phase:2,initcol:ip=%{REMOTE_ADDR},id:’4000′,pass,nolog” SecRule RESPONSE_STATUS … Read more

Deploying ModSecurity Rule Set in cPanel/WHM

August 2, 2018July 22, 2017 by admin

Malware Expert ModSecurity protection rules are now integrated ModSecurity Vendors in cPanel/WHM and can be activated from the cPanel / WHM Security Center. Copy vendor configuration URL in image. (Ex. right click, Copy Url) Malware.Expert -> My Account -> Subscriptions Sign in to your cPanel account Login to your cPanel/WHM server. Click the ‘Security Center‘ … Read more

Multipart: Invalid boundary in C-T (characters)

June 29, 2017June 29, 2017 by admin

You can sometimes see this error ModSecurity log file: –b2b99b07-H– Message: Multipart parsing error (init): Multipart: Invalid boundary in C-T (characters). POST Payload Typically payload looks below, which cause that error –b2b99b07-B– POST /index.php HTTP/1.0 Host: malware.expert Accept: */* Referer: http://malware.expert/ User-Agent: Mozilla/5.0 (Windows; Windows NT 5.1; en-US) Firefox/3.5.0 Content-Length: 389 Content-Type: multipart/form-data; boundary=(UploadBoundary) Problem … Read more

Disable Password Authentication on Server

June 22, 2017 by admin

When Password-based authentication mechanism is active, meaning that your server is still exposed to brute-force attacks. We want to Disable Password Authentication on Server’s, where we use ssh access to console. Before completing the steps in this section, make sure that you either have SSH key-based authentication configured for the root account on server, or … Read more

Configure SSH Key Authentication on a Linux Server

June 16, 2017June 16, 2017 by admin

SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with a Linux server, chances are, you will spend most of your time in a terminal session connected to your server through SSH. SSH keys provide an easy, yet extremely secure way of logging into your server. For … Read more

Find and disable ModSecurity rule with SecRuleRemoveById

October 23, 2018June 2, 2017 by admin

In this article we show how to find and disable ModSecurity rule that might be causing 406 errors on your websites on either your VPS (Virtual Private Server) or dedicated server. The rules that ModSecurity uses can help block potential attack attempts from malicious users, but sometimes it can also block legitimate requests, and knowing … Read more

Delegate subdomain cloudflare to other DNS servers

May 21, 2017 by admin

There are many examples where you may need to have a specific subdomain’s DNS be managed by a different nameserver. The example we want delegate rbl.malware.expert another Bind DNS server for RBL database queries. First we need Primary Domain (malware.expert) add new NS Records rbl.malware.expert: Then we need also A-Record rbl2.malware.expert to point BIND-DNS server … Read more