This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
CentOS 7 Problems / Re: OWASP CRS/PROTOCOL VIOLATION/IP HOST
« on: April 07, 2020, 02:54:22 AM »Are you using plain Apache or with add-ons eg. nginx/varnish?
You've masked the actual file where you are using the exclusions, so difficult to assess: presumably it's /usr/local/apache/conf/userdata/user_name/user_domain/modsec.conf
What happens when you remove those and put them in /usr/local/apache/modsecurity-owasp-latest/global_disabled_rules.conf ?
CWP GUI gives no indication that a per user configuration is being included (and would explain why your rules aren't being actioned). If the above isn't suitable and/or doesn't solve the issue, try the following:
Press "Main Configuration" at RHS
AddCode: [Select]Include /usr/local/apache/conf/userdata/*/*/modsec.conf
before the final </IfModule> line
Use at your own risk.
Hello friend of the forum, Thanks for helping ..
I'm using Nginx & Varnish & Apache
32
CentOS 7 Problems / OWASP CRS/PROTOCOL VIOLATION/IP HOST
« on: April 06, 2020, 09:14:31 PM »
Thanks to all forum volunteers
add a Rule Id920350 add my server mod Security
But the server still has strange behavior
check the apache logs
[Mon Apr 06 21:57:14.586497 2020] [:error] [pid 19905:tid 140019146647296] [client 169.197.108.38:33480] [client 169.197.108.38] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "793"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "on here IP my server"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "on here IP my server"] [uri "/"] [unique_id "XouJmgnUnhjrjhrgigvuTG4YQAAAEw"]
And I say again as I already said in several posts here in the Forum, and I did not solve the problem .. I turn off the mod Security and apache does not connect in any way.
Thanks to all forum volunteers
add a Rule Id920350 add my server mod Security
But the server still has strange behavior
check the apache logs
[Mon Apr 06 21:57:14.586497 2020] [:error] [pid 19905:tid 140019146647296] [client 169.197.108.38:33480] [client 169.197.108.38] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "793"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "on here IP my server"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "on here IP my server"] [uri "/"] [unique_id "XouJmgnUnhjrjhrgigvuTG4YQAAAEw"]
And I say again as I already said in several posts here in the Forum, and I did not solve the problem .. I turn off the mod Security and apache does not connect in any way.
Thanks to all forum volunteers
33
Apache / Re: HELP ME not start apache HELP ;-(
« on: March 15, 2020, 08:33:32 PM »uninstall mod security and install it again.
The websites works with activated Mod Security.
I have a problem I can't edit files on the site.
Enabled Mod security Error editing website?
went to "WebServers Configuration Editor" menu I backed up the original apache file "httpd.conf" and pasted the code for this "httpd.conf_backup" changed the ports
80 for #Listen 12.34.56.78:8181
Listen 8181 | #ServerName www.example.com:8181
It works apache and the "Nginx Reverse Proxy" but the sites do not.
Funcin only index.CWP
What do I do?
should i keep like this?
Do I change and do what you are telling me?
Please help me
Thank you very much to those who help me with my problem
34
Apache / HELP ME not start apache HELP ;-(
« on: March 15, 2020, 05:49:16 PM »
PLEASE, HELP ME
CentOs 7
CWPpro version: 0.9.8.951
ERRO START
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
===================//===============
don't start apache
● httpd.service - Web server Apache
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-03-15 18:53:28 CET; 11s ago
Process: 7259 ExecStop=/usr/local/apache/bin/apachectl graceful-stop (code=exited, status=1/FAILURE)
Process: 6507 ExecReload=/usr/local/apache/bin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 18569 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 6635 (code=exited, status=0/SUCCESS)
Mar 15 18:53:27 server.domain.site systemd[1]: Starting Web server Apache...
Mar 15 18:53:28 server.domain.site apachectl[18569]: AH00526: Syntax error on line 1 of /usr/local/apache/conf/userdata/luisjota/client.domain.site/modsec.conf:
Mar 15 18:53:28 server.domain.site apachectl[18569]: Invalid command 'SecRuleRemoveById', perhaps misspelled or defined by a module not included in the server configuration
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 15 18:53:28 server.domain.site systemd[1]: Failed to start Web server Apache.
Mar 15 18:53:28 server.domain.site systemd[1]: Unit httpd.service entered failed state.
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service failed.
=====log start==== ======================//===========================
Mar 15 18:52:48 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=174.166.174.117 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=68 ID=56707 DF PROTO=TCP SPT=23922 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:52:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=116.5.21.17 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3364 PROTO=TCP SPT=31290 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:52:55 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=26540 DF PROTO=TCP SPT=58114 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 15 18:53:01 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.135.146.213 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=21564 DF PROTO=TCP SPT=59040 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:53:04 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=10820 PROTO=TCP SPT=42099 DPT=38951 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:07 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=11392 DF PROTO=TCP SPT=63236 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 15 18:53:27 server.domain.site systemd[1]: Starting Web server Apache...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Mar 15 18:53:28 server.domain.site apachectl[18569]: AH00526: Syntax error on line 1 of /usr/local/apache/conf/userdata/luis/client.jonyhost.site/modsec.conf:
Mar 15 18:53:28 server.domain.site apachectl[18569]: Invalid command 'SecRuleRemoveById', perhaps misspelled or defined by a module not included in the server configuration
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 15 18:53:28 server.domain.site systemd[1]: Failed to start Web server Apache.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Mar 15 18:53:28 server.domain.site systemd[1]: Unit httpd.service entered failed state.
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service failed.
Mar 15 18:53:38 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=2507 PROTO=TCP SPT=57564 DPT=12844 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.134.179.240 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=2681 PROTO=TCP SPT=43768 DPT=4400 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:55 server.domain.site postfix/smtpd[17349]: timeout after AUTH from unknown[92.118.38.42]
Mar 15 18:53:55 server.domain.site postfix/smtpd[17349]: disconnect from unknown[92.118.38.42] ehlo=1 auth=0/1 rset=1 commands=2/3
Mar 15 18:54:05 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=34190 PROTO=TCP SPT=42099 DPT=25100 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:54:08 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=42817 PROTO=TCP SPT=42099 DPT=10479 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:54:16 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.127.48.85 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=57 ID=50597 DF PROTO=TCP SPT=34034 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3635 of user root.
-- Subject: Unit session-3635.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3635.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3637 of user root.
-- Subject: Unit session-3637.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3637.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3636 of user root.
-- Subject: Unit session-3636.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3636.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site CROND[19200]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
Mar 15 18:55:01 server.domain.site CROND[19202]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/pop.php/>/dev/null 2>&1)
Mar 15 18:55:01 server.domain.site CROND[19201]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/cron.php)
Mar 15 18:55:12 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=154.146.186.131 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=34563 DF PROTO=TCP SPT=7740 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:55:15 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.36.81.42 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=246 ID=54321 PROTO=TCP SPT=51716 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=47546 PROTO=TCP SPT=42099 DPT=51458 WINDOW=1024 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=162.213.254.115 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54489 PROTO=TCP SPT=56013 DPT=3323 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:38 server.domain.site pure-ftpd[19772]: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Mar 15 18:57:38 server.domain.site pure-ftpd[19772]: (?@127.0.0.1) [INFO] Logout.
Mar 15 18:57:38 server.domain.site postfix/smtpd[19775]: connect from localhost[127.0.0.1]
Mar 15 18:57:38 server.domain.site postfix/smtpd[19775]: disconnect from localhost[127.0.0.1] ehlo=1 quit=1 commands=2
Mar 15 18:57:38 server.domain.site named[8420]: client @0x7fa1e003bfa0 127.0.0.1#35718 (.): query (cache) './NS/IN' denied
Mar 15 18:57:38 server.domain.site named[8420]: client @0x7fa1d8001960 127.0.0.1#52736 (.): query (cache) './NS/IN' denied
Mar 15 18:57:41 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.161.35.167 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=76 ID=2058 DF PROTO=TCP SPT=4941 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:57:43 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=38.65.250.6 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x40 TTL=246 ID=27244 PROTO=TCP SPT=56381 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:44 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.153.198.249 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=45609 PROTO=TCP SPT=44462 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.176.27.178 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=42207 PROTO=TCP SPT=42832 DPT=5570 WINDOW=1024 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.53 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=31073 PROTO=TCP SPT=42105 DPT=24526 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:01 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=174.213.242.29 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=80 ID=11110 DF PROTO=TCP SPT=16923 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3640 of user root.
-- Subject: Unit session-3640.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3640.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3639 of user root.
-- Subject: Unit session-3639.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3639.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3638 of user root.
-- Subject: Unit session-3638.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3638.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3641 of user root.
-- Subject: Unit session-3641.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3641.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site CROND[20217]: (root) CMD (/usr/local/bin/svcMonitor-systemd)
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3642 of user root.
-- Subject: Unit session-3642.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3642.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3643 of user root.
-- Subject: Unit session-3643.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3643.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3644 of user root.
-- Subject: Unit session-3644.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3644.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site CROND[20222]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Mar 15 19:00:01 server.domain.site CROND[20221]: (root) CMD (/usr/local/bin/svcMonitor)
Mar 15 19:00:01 server.domain.site CROND[20223]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/cron.php)
Mar 15 19:00:01 server.domain.site CROND[20226]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/pop.php/>/dev/null 2>&1)
Mar 15 19:00:01 server.domain.site CROND[20224]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
Mar 15 19:00:01 server.domain.site CROND[20225]: (root) CMD (root /usr/local/bin/svcMonitor/>/dev/null 2>&1)
Mar 15 19:00:08 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=12627 DF PROTO=TCP SPT=14922 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.176.27.178 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46242 PROTO=TCP SPT=42832 DPT=5146 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=28023 PROTO=TCP SPT=57564 DPT=11157 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=31.184.215.50 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47696 PROTO=TCP SPT=42113 DPT=22068 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=91.206.15.191 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=57086 PROTO=TCP SPT=52777 DPT=58284 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:01 server.domain.site systemd[1]: Started Session 3645 of user root.
-- Subject: Unit session-3645.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3645.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:01:01 server.domain.site CROND[20521]: (root) CMD (run-parts /etc/cron.hourly)
Mar 15 19:01:01 server.domain.site run-parts(/etc/cron.hourly)[20524]: starting 0anacron
Mar 15 19:01:01 server.domain.site run-parts(/etc/cron.hourly)[20530]: finished 0anacron
Mar 15 19:01:04 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=91.206.15.191 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=11185 PROTO=TCP SPT=52777 DPT=52858 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:10 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=194.26.29.110 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=246 ID=9263 PROTO=TCP SPT=43390 DPT=59999 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:14 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=154.191.91.224 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=70 ID=18072 DF PROTO=TCP SPT=52865 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 19:01:31 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=1807 PROTO=TCP SPT=57564 DPT=11172 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.53 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=7953 PROTO=TCP SPT=42105 DPT=16262 WINDOW=1024 RES=0x00 SYN URGP=0
×
===log apache======== =========================//===========================
certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.694485 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: cpanel.chatpt.eu:443:0 server certificate does NOT include an ID which matches the server name
certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.697022 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: cpanel.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.697626 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: mail.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.698234 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: webmail.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.699452 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01906: server.domain.site:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Mar 15 17:43:03.703149 2020] [mpm_event:notice] [pid 6635:tid 140110386665344] AH00489: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips configured -- resuming normal operations
[Sun Mar 15 17:43:03.703231 2020] [core:notice] [pid 6635:tid 140110386665344] AH00094: Command line: '/usr/local/apache/bin/httpd'
[Sun Mar 15 17:43:52.547973 2020] [mpm_event:notice] [pid 6635:tid 140110386665344] AH00491: caught SIGTERM, shutting down
thanks for helping
CentOs 7
CWPpro version: 0.9.8.951
ERRO START
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
===================//===============
don't start apache
● httpd.service - Web server Apache
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-03-15 18:53:28 CET; 11s ago
Process: 7259 ExecStop=/usr/local/apache/bin/apachectl graceful-stop (code=exited, status=1/FAILURE)
Process: 6507 ExecReload=/usr/local/apache/bin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 18569 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 6635 (code=exited, status=0/SUCCESS)
Mar 15 18:53:27 server.domain.site systemd[1]: Starting Web server Apache...
Mar 15 18:53:28 server.domain.site apachectl[18569]: AH00526: Syntax error on line 1 of /usr/local/apache/conf/userdata/luisjota/client.domain.site/modsec.conf:
Mar 15 18:53:28 server.domain.site apachectl[18569]: Invalid command 'SecRuleRemoveById', perhaps misspelled or defined by a module not included in the server configuration
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 15 18:53:28 server.domain.site systemd[1]: Failed to start Web server Apache.
Mar 15 18:53:28 server.domain.site systemd[1]: Unit httpd.service entered failed state.
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service failed.
=====log start==== ======================//===========================
Mar 15 18:52:48 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=174.166.174.117 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=68 ID=56707 DF PROTO=TCP SPT=23922 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:52:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=116.5.21.17 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3364 PROTO=TCP SPT=31290 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:52:55 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=26540 DF PROTO=TCP SPT=58114 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 15 18:53:01 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.135.146.213 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=21564 DF PROTO=TCP SPT=59040 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:53:04 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=10820 PROTO=TCP SPT=42099 DPT=38951 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:07 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=11392 DF PROTO=TCP SPT=63236 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 15 18:53:27 server.domain.site systemd[1]: Starting Web server Apache...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Mar 15 18:53:28 server.domain.site apachectl[18569]: AH00526: Syntax error on line 1 of /usr/local/apache/conf/userdata/luis/client.jonyhost.site/modsec.conf:
Mar 15 18:53:28 server.domain.site apachectl[18569]: Invalid command 'SecRuleRemoveById', perhaps misspelled or defined by a module not included in the server configuration
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 15 18:53:28 server.domain.site systemd[1]: Failed to start Web server Apache.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Mar 15 18:53:28 server.domain.site systemd[1]: Unit httpd.service entered failed state.
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service failed.
Mar 15 18:53:38 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=2507 PROTO=TCP SPT=57564 DPT=12844 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.134.179.240 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=2681 PROTO=TCP SPT=43768 DPT=4400 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:55 server.domain.site postfix/smtpd[17349]: timeout after AUTH from unknown[92.118.38.42]
Mar 15 18:53:55 server.domain.site postfix/smtpd[17349]: disconnect from unknown[92.118.38.42] ehlo=1 auth=0/1 rset=1 commands=2/3
Mar 15 18:54:05 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=34190 PROTO=TCP SPT=42099 DPT=25100 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:54:08 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=42817 PROTO=TCP SPT=42099 DPT=10479 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:54:16 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.127.48.85 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=57 ID=50597 DF PROTO=TCP SPT=34034 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3635 of user root.
-- Subject: Unit session-3635.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3635.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3637 of user root.
-- Subject: Unit session-3637.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3637.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3636 of user root.
-- Subject: Unit session-3636.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3636.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site CROND[19200]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
Mar 15 18:55:01 server.domain.site CROND[19202]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/pop.php/>/dev/null 2>&1)
Mar 15 18:55:01 server.domain.site CROND[19201]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/cron.php)
Mar 15 18:55:12 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=154.146.186.131 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=34563 DF PROTO=TCP SPT=7740 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:55:15 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.36.81.42 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=246 ID=54321 PROTO=TCP SPT=51716 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=47546 PROTO=TCP SPT=42099 DPT=51458 WINDOW=1024 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=162.213.254.115 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54489 PROTO=TCP SPT=56013 DPT=3323 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:38 server.domain.site pure-ftpd[19772]: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Mar 15 18:57:38 server.domain.site pure-ftpd[19772]: (?@127.0.0.1) [INFO] Logout.
Mar 15 18:57:38 server.domain.site postfix/smtpd[19775]: connect from localhost[127.0.0.1]
Mar 15 18:57:38 server.domain.site postfix/smtpd[19775]: disconnect from localhost[127.0.0.1] ehlo=1 quit=1 commands=2
Mar 15 18:57:38 server.domain.site named[8420]: client @0x7fa1e003bfa0 127.0.0.1#35718 (.): query (cache) './NS/IN' denied
Mar 15 18:57:38 server.domain.site named[8420]: client @0x7fa1d8001960 127.0.0.1#52736 (.): query (cache) './NS/IN' denied
Mar 15 18:57:41 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.161.35.167 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=76 ID=2058 DF PROTO=TCP SPT=4941 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:57:43 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=38.65.250.6 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x40 TTL=246 ID=27244 PROTO=TCP SPT=56381 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:44 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.153.198.249 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=45609 PROTO=TCP SPT=44462 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.176.27.178 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=42207 PROTO=TCP SPT=42832 DPT=5570 WINDOW=1024 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.53 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=31073 PROTO=TCP SPT=42105 DPT=24526 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:01 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=174.213.242.29 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=80 ID=11110 DF PROTO=TCP SPT=16923 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3640 of user root.
-- Subject: Unit session-3640.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3640.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3639 of user root.
-- Subject: Unit session-3639.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3639.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3638 of user root.
-- Subject: Unit session-3638.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3638.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3641 of user root.
-- Subject: Unit session-3641.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3641.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site CROND[20217]: (root) CMD (/usr/local/bin/svcMonitor-systemd)
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3642 of user root.
-- Subject: Unit session-3642.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3642.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3643 of user root.
-- Subject: Unit session-3643.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3643.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3644 of user root.
-- Subject: Unit session-3644.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3644.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site CROND[20222]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Mar 15 19:00:01 server.domain.site CROND[20221]: (root) CMD (/usr/local/bin/svcMonitor)
Mar 15 19:00:01 server.domain.site CROND[20223]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/cron.php)
Mar 15 19:00:01 server.domain.site CROND[20226]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/pop.php/>/dev/null 2>&1)
Mar 15 19:00:01 server.domain.site CROND[20224]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
Mar 15 19:00:01 server.domain.site CROND[20225]: (root) CMD (root /usr/local/bin/svcMonitor/>/dev/null 2>&1)
Mar 15 19:00:08 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=12627 DF PROTO=TCP SPT=14922 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.176.27.178 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46242 PROTO=TCP SPT=42832 DPT=5146 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=28023 PROTO=TCP SPT=57564 DPT=11157 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=31.184.215.50 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47696 PROTO=TCP SPT=42113 DPT=22068 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=91.206.15.191 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=57086 PROTO=TCP SPT=52777 DPT=58284 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:01 server.domain.site systemd[1]: Started Session 3645 of user root.
-- Subject: Unit session-3645.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3645.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:01:01 server.domain.site CROND[20521]: (root) CMD (run-parts /etc/cron.hourly)
Mar 15 19:01:01 server.domain.site run-parts(/etc/cron.hourly)[20524]: starting 0anacron
Mar 15 19:01:01 server.domain.site run-parts(/etc/cron.hourly)[20530]: finished 0anacron
Mar 15 19:01:04 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=91.206.15.191 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=11185 PROTO=TCP SPT=52777 DPT=52858 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:10 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=194.26.29.110 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=246 ID=9263 PROTO=TCP SPT=43390 DPT=59999 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:14 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=154.191.91.224 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=70 ID=18072 DF PROTO=TCP SPT=52865 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 19:01:31 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=1807 PROTO=TCP SPT=57564 DPT=11172 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.53 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=7953 PROTO=TCP SPT=42105 DPT=16262 WINDOW=1024 RES=0x00 SYN URGP=0
×
===log apache======== =========================//===========================
certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.694485 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: cpanel.chatpt.eu:443:0 server certificate does NOT include an ID which matches the server name
certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.697022 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: cpanel.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.697626 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: mail.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.698234 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: webmail.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.699452 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01906: server.domain.site:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Mar 15 17:43:03.703149 2020] [mpm_event:notice] [pid 6635:tid 140110386665344] AH00489: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips configured -- resuming normal operations
[Sun Mar 15 17:43:03.703231 2020] [core:notice] [pid 6635:tid 140110386665344] AH00094: Command line: '/usr/local/apache/bin/httpd'
[Sun Mar 15 17:43:52.547973 2020] [mpm_event:notice] [pid 6635:tid 140110386665344] AH00491: caught SIGTERM, shutting down
thanks for helping
35
CentOS 7 Problems / Attention Serious Fault. DataBase Account connects to another DataBase of diff
« on: March 13, 2020, 12:13:44 AM »
Attention Serious Failure DataBase Account..
I swapped my WHMCS 7.9.1 from one Account Dominio.site to Another Account Dominio.eu. I was surprised to realize that WHMCS has always been working with a database from the first domain, I forgot to change.
Finding out a while later when deleting databases on the first domain ... strange, never gave a domain error on whmcs 7.9.1.
I swapped my WHMCS 7.9.1 from one Account Dominio.site to Another Account Dominio.eu. I was surprised to realize that WHMCS has always been working with a database from the first domain, I forgot to change.
Finding out a while later when deleting databases on the first domain ... strange, never gave a domain error on whmcs 7.9.1.
36
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 12, 2020, 03:32:35 AM »SOLVED AS CODE--> />/dev/null 2>&1
*/5 * * * */usr/bin/php -q /home/jony/public_html/client.domain.com/crons/pop.php/>/dev/null 2>&1
Thanks to Forum members
37
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 12, 2020, 03:28:06 AM »its service monitoring if you don't want to send email kindly disable it through cwp-admin >> service config >> service monitoring and leave the email box form empty.
Thanks
My preference on
38
CentOS 7 Problems / Re: I turned off Mod security and turned off Apache.
« on: March 11, 2020, 12:22:41 PM »this is the id you need to add it to disable rule
id "920350"
or use comodo waf (pro required)
already added
thanks my friend
39
CentOS 7 Problems / Re: I turned off Mod security and turned off Apache.
« on: March 10, 2020, 11:40:07 AM »
apache log
[Tue Mar 10 12:18:02.743975 2020] [:error] [pid 2012:tid 140672501729024] [client 184.105.247.196:2804] [client 184.105.247.196] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "793"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "207.000.678.17"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "207.000.203.17"] [uri "/"] [unique_id "Xmd3atQFYVZZqmfmXnX5DAAAAFc"]
[Tue Mar 10 12:18:02.743975 2020] [:error] [pid 2012:tid 140672501729024] [client 184.105.247.196:2804] [client 184.105.247.196] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "793"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "207.000.678.17"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "207.000.203.17"] [uri "/"] [unique_id "Xmd3atQFYVZZqmfmXnX5DAAAAFc"]
40
CentOS 7 Problems / I turned off Mod security and turned off Apache.
« on: March 09, 2020, 10:44:23 PM »
I turned off Mod security and off Apache.
and does not start
Why did you have this behavior?
I thank everyone who helps me in the answer.
and does not start
Why did you have this behavior?
I thank everyone who helps me in the answer.
41
Apache / Re: Can' start Apache
« on: March 09, 2020, 10:32:20 PM »
This is what we have in a help forum ... babababababa..
and we learn the same
and we learn the same
42
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 06, 2020, 06:15:34 PM »
The problem I described in this Posts is solved ..
But I have another problem with this Cron Job
Spam full emails
*/15 * * * * root /usr/local/bin/svcMonitor
What should I do?
thanks to Friends of the forum
But I have another problem with this Cron Job
Spam full emails
*/15 * * * * root /usr/local/bin/svcMonitor
What should I do?
thanks to Friends of the forum
43
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 06, 2020, 03:31:33 PM »
excuse me
the domain is not this I will fix and see
thank you very much guys friend
What is the command to restart cron job?
the domain is not this I will fix and see
thank you very much guys friend
What is the command to restart cron job?
44
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 06, 2020, 03:27:46 PM »..Are you spamming with a php script???Code: [Select]*/5 * * * */usr/bin/php -q /home/jony/public_html/client.domain.com/crons/pop.php/>/dev/null 2>&1
Looks like a spammer, to me.
thank you very much guys friend
45
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 06, 2020, 02:55:09 PM »1) Why? Are you spamming with a php script???
2) Cron Redirect "> /dev/null 2>&1" at end of cron line
Sorry I'm slow to understand ..
Like this?
->>>> 1) */5 * * * */usr/bin/php -q /home/jony/public_html/client.domain.com/crons/pop.php/dev/null 2>&1"
or
->>>> 2) */5 * * * */usr/bin/php -q /home/jony/public_html/client.domain.com/crons/pop.php/>/dev/null 2>&1
Thank you my friend