Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
CentOS 7 Problems / Re: OWASP CRS/PROTOCOL VIOLATION/IP HOST
« on: April 07, 2020, 02:54:22 AM »Are you using plain Apache or with add-ons eg. nginx/varnish?
You've masked the actual file where you are using the exclusions, so difficult to assess: presumably it's /usr/local/apache/conf/userdata/user_name/user_domain/modsec.conf
What happens when you remove those and put them in /usr/local/apache/modsecurity-owasp-latest/global_disabled_rules.conf ?
CWP GUI gives no indication that a per user configuration is being included (and would explain why your rules aren't being actioned). If the above isn't suitable and/or doesn't solve the issue, try the following:
Press "Main Configuration" at RHS
AddCode: [Select]Include /usr/local/apache/conf/userdata/*/*/modsec.confbefore the final </IfModule> line
Use at your own risk.
Hello friend of the forum, Thanks for helping ..
I'm using Nginx & Varnish & Apache
32
CentOS 7 Problems / OWASP CRS/PROTOCOL VIOLATION/IP HOST
« on: April 06, 2020, 09:14:31 PM »
Thanks to all forum volunteers
add a Rule Id920350 add my server mod Security
But the server still has strange behavior
check the apache logs
[Mon Apr 06 21:57:14.586497 2020] [:error] [pid 19905:tid 140019146647296] [client 169.197.108.38:33480] [client 169.197.108.38] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "793"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "on here IP my server"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "on here IP my server"] [uri "/"] [unique_id "XouJmgnUnhjrjhrgigvuTG4YQAAAEw"]
And I say again as I already said in several posts here in the Forum, and I did not solve the problem .. I turn off the mod Security and apache does not connect in any way.
Thanks to all forum volunteers
add a Rule Id920350 add my server mod Security
But the server still has strange behavior
check the apache logs
[Mon Apr 06 21:57:14.586497 2020] [:error] [pid 19905:tid 140019146647296] [client 169.197.108.38:33480] [client 169.197.108.38] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "793"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "on here IP my server"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "on here IP my server"] [uri "/"] [unique_id "XouJmgnUnhjrjhrgigvuTG4YQAAAEw"]
And I say again as I already said in several posts here in the Forum, and I did not solve the problem .. I turn off the mod Security and apache does not connect in any way.
Thanks to all forum volunteers
33
Apache / Re: HELP ME not start apache HELP ;-(
« on: March 15, 2020, 08:33:32 PM »uninstall mod security and install it again.
The websites works with activated Mod Security.
I have a problem I can't edit files on the site.
Enabled Mod security Error editing website?
went to "WebServers Configuration Editor" menu I backed up the original apache file "httpd.conf" and pasted the code for this "httpd.conf_backup" changed the ports
80 for #Listen 12.34.56.78:8181
Listen 8181 | #ServerName www.example.com:8181
It works apache and the "Nginx Reverse Proxy" but the sites do not.
Funcin only index.CWP
What do I do?
should i keep like this?
Do I change and do what you are telling me?
Please help me
Thank you very much to those who help me with my problem
34
Apache / HELP ME not start apache HELP ;-(
« on: March 15, 2020, 05:49:16 PM »
PLEASE, HELP ME
CentOs 7
CWPpro version: 0.9.8.951
ERRO START
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
===================//===============
don't start apache
● httpd.service - Web server Apache
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-03-15 18:53:28 CET; 11s ago
Process: 7259 ExecStop=/usr/local/apache/bin/apachectl graceful-stop (code=exited, status=1/FAILURE)
Process: 6507 ExecReload=/usr/local/apache/bin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 18569 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 6635 (code=exited, status=0/SUCCESS)
Mar 15 18:53:27 server.domain.site systemd[1]: Starting Web server Apache...
Mar 15 18:53:28 server.domain.site apachectl[18569]: AH00526: Syntax error on line 1 of /usr/local/apache/conf/userdata/luisjota/client.domain.site/modsec.conf:
Mar 15 18:53:28 server.domain.site apachectl[18569]: Invalid command 'SecRuleRemoveById', perhaps misspelled or defined by a module not included in the server configuration
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 15 18:53:28 server.domain.site systemd[1]: Failed to start Web server Apache.
Mar 15 18:53:28 server.domain.site systemd[1]: Unit httpd.service entered failed state.
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service failed.
=====log start==== ======================//===========================
Mar 15 18:52:48 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=174.166.174.117 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=68 ID=56707 DF PROTO=TCP SPT=23922 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:52:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=116.5.21.17 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3364 PROTO=TCP SPT=31290 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:52:55 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=26540 DF PROTO=TCP SPT=58114 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 15 18:53:01 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.135.146.213 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=21564 DF PROTO=TCP SPT=59040 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:53:04 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=10820 PROTO=TCP SPT=42099 DPT=38951 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:07 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=11392 DF PROTO=TCP SPT=63236 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 15 18:53:27 server.domain.site systemd[1]: Starting Web server Apache...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Mar 15 18:53:28 server.domain.site apachectl[18569]: AH00526: Syntax error on line 1 of /usr/local/apache/conf/userdata/luis/client.jonyhost.site/modsec.conf:
Mar 15 18:53:28 server.domain.site apachectl[18569]: Invalid command 'SecRuleRemoveById', perhaps misspelled or defined by a module not included in the server configuration
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 15 18:53:28 server.domain.site systemd[1]: Failed to start Web server Apache.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Mar 15 18:53:28 server.domain.site systemd[1]: Unit httpd.service entered failed state.
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service failed.
Mar 15 18:53:38 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=2507 PROTO=TCP SPT=57564 DPT=12844 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.134.179.240 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=2681 PROTO=TCP SPT=43768 DPT=4400 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:55 server.domain.site postfix/smtpd[17349]: timeout after AUTH from unknown[92.118.38.42]
Mar 15 18:53:55 server.domain.site postfix/smtpd[17349]: disconnect from unknown[92.118.38.42] ehlo=1 auth=0/1 rset=1 commands=2/3
Mar 15 18:54:05 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=34190 PROTO=TCP SPT=42099 DPT=25100 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:54:08 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=42817 PROTO=TCP SPT=42099 DPT=10479 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:54:16 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.127.48.85 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=57 ID=50597 DF PROTO=TCP SPT=34034 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3635 of user root.
-- Subject: Unit session-3635.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3635.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3637 of user root.
-- Subject: Unit session-3637.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3637.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3636 of user root.
-- Subject: Unit session-3636.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3636.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site CROND[19200]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
Mar 15 18:55:01 server.domain.site CROND[19202]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/pop.php/>/dev/null 2>&1)
Mar 15 18:55:01 server.domain.site CROND[19201]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/cron.php)
Mar 15 18:55:12 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=154.146.186.131 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=34563 DF PROTO=TCP SPT=7740 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:55:15 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.36.81.42 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=246 ID=54321 PROTO=TCP SPT=51716 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=47546 PROTO=TCP SPT=42099 DPT=51458 WINDOW=1024 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=162.213.254.115 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54489 PROTO=TCP SPT=56013 DPT=3323 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:38 server.domain.site pure-ftpd[19772]: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Mar 15 18:57:38 server.domain.site pure-ftpd[19772]: (?@127.0.0.1) [INFO] Logout.
Mar 15 18:57:38 server.domain.site postfix/smtpd[19775]: connect from localhost[127.0.0.1]
Mar 15 18:57:38 server.domain.site postfix/smtpd[19775]: disconnect from localhost[127.0.0.1] ehlo=1 quit=1 commands=2
Mar 15 18:57:38 server.domain.site named[8420]: client @0x7fa1e003bfa0 127.0.0.1#35718 (.): query (cache) './NS/IN' denied
Mar 15 18:57:38 server.domain.site named[8420]: client @0x7fa1d8001960 127.0.0.1#52736 (.): query (cache) './NS/IN' denied
Mar 15 18:57:41 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.161.35.167 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=76 ID=2058 DF PROTO=TCP SPT=4941 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:57:43 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=38.65.250.6 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x40 TTL=246 ID=27244 PROTO=TCP SPT=56381 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:44 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.153.198.249 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=45609 PROTO=TCP SPT=44462 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.176.27.178 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=42207 PROTO=TCP SPT=42832 DPT=5570 WINDOW=1024 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.53 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=31073 PROTO=TCP SPT=42105 DPT=24526 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:01 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=174.213.242.29 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=80 ID=11110 DF PROTO=TCP SPT=16923 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3640 of user root.
-- Subject: Unit session-3640.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3640.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3639 of user root.
-- Subject: Unit session-3639.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3639.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3638 of user root.
-- Subject: Unit session-3638.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3638.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3641 of user root.
-- Subject: Unit session-3641.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3641.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site CROND[20217]: (root) CMD (/usr/local/bin/svcMonitor-systemd)
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3642 of user root.
-- Subject: Unit session-3642.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3642.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3643 of user root.
-- Subject: Unit session-3643.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3643.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3644 of user root.
-- Subject: Unit session-3644.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3644.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site CROND[20222]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Mar 15 19:00:01 server.domain.site CROND[20221]: (root) CMD (/usr/local/bin/svcMonitor)
Mar 15 19:00:01 server.domain.site CROND[20223]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/cron.php)
Mar 15 19:00:01 server.domain.site CROND[20226]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/pop.php/>/dev/null 2>&1)
Mar 15 19:00:01 server.domain.site CROND[20224]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
Mar 15 19:00:01 server.domain.site CROND[20225]: (root) CMD (root /usr/local/bin/svcMonitor/>/dev/null 2>&1)
Mar 15 19:00:08 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=12627 DF PROTO=TCP SPT=14922 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.176.27.178 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46242 PROTO=TCP SPT=42832 DPT=5146 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=28023 PROTO=TCP SPT=57564 DPT=11157 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=31.184.215.50 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47696 PROTO=TCP SPT=42113 DPT=22068 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=91.206.15.191 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=57086 PROTO=TCP SPT=52777 DPT=58284 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:01 server.domain.site systemd[1]: Started Session 3645 of user root.
-- Subject: Unit session-3645.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3645.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:01:01 server.domain.site CROND[20521]: (root) CMD (run-parts /etc/cron.hourly)
Mar 15 19:01:01 server.domain.site run-parts(/etc/cron.hourly)[20524]: starting 0anacron
Mar 15 19:01:01 server.domain.site run-parts(/etc/cron.hourly)[20530]: finished 0anacron
Mar 15 19:01:04 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=91.206.15.191 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=11185 PROTO=TCP SPT=52777 DPT=52858 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:10 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=194.26.29.110 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=246 ID=9263 PROTO=TCP SPT=43390 DPT=59999 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:14 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=154.191.91.224 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=70 ID=18072 DF PROTO=TCP SPT=52865 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 19:01:31 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=1807 PROTO=TCP SPT=57564 DPT=11172 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.53 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=7953 PROTO=TCP SPT=42105 DPT=16262 WINDOW=1024 RES=0x00 SYN URGP=0
×
===log apache======== =========================//===========================
certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.694485 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: cpanel.chatpt.eu:443:0 server certificate does NOT include an ID which matches the server name
certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.697022 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: cpanel.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.697626 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: mail.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.698234 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: webmail.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.699452 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01906: server.domain.site:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Mar 15 17:43:03.703149 2020] [mpm_event:notice] [pid 6635:tid 140110386665344] AH00489: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips configured -- resuming normal operations
[Sun Mar 15 17:43:03.703231 2020] [core:notice] [pid 6635:tid 140110386665344] AH00094: Command line: '/usr/local/apache/bin/httpd'
[Sun Mar 15 17:43:52.547973 2020] [mpm_event:notice] [pid 6635:tid 140110386665344] AH00491: caught SIGTERM, shutting down
thanks for helping
CentOs 7
CWPpro version: 0.9.8.951
ERRO START
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
===================//===============
don't start apache
● httpd.service - Web server Apache
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-03-15 18:53:28 CET; 11s ago
Process: 7259 ExecStop=/usr/local/apache/bin/apachectl graceful-stop (code=exited, status=1/FAILURE)
Process: 6507 ExecReload=/usr/local/apache/bin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 18569 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 6635 (code=exited, status=0/SUCCESS)
Mar 15 18:53:27 server.domain.site systemd[1]: Starting Web server Apache...
Mar 15 18:53:28 server.domain.site apachectl[18569]: AH00526: Syntax error on line 1 of /usr/local/apache/conf/userdata/luisjota/client.domain.site/modsec.conf:
Mar 15 18:53:28 server.domain.site apachectl[18569]: Invalid command 'SecRuleRemoveById', perhaps misspelled or defined by a module not included in the server configuration
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 15 18:53:28 server.domain.site systemd[1]: Failed to start Web server Apache.
Mar 15 18:53:28 server.domain.site systemd[1]: Unit httpd.service entered failed state.
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service failed.
=====log start==== ======================//===========================
Mar 15 18:52:48 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=174.166.174.117 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=68 ID=56707 DF PROTO=TCP SPT=23922 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:52:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=116.5.21.17 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3364 PROTO=TCP SPT=31290 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:52:55 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=26540 DF PROTO=TCP SPT=58114 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 15 18:53:01 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.135.146.213 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=21564 DF PROTO=TCP SPT=59040 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:53:04 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=10820 PROTO=TCP SPT=42099 DPT=38951 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:07 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=11392 DF PROTO=TCP SPT=63236 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 15 18:53:27 server.domain.site systemd[1]: Starting Web server Apache...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Mar 15 18:53:28 server.domain.site apachectl[18569]: AH00526: Syntax error on line 1 of /usr/local/apache/conf/userdata/luis/client.jonyhost.site/modsec.conf:
Mar 15 18:53:28 server.domain.site apachectl[18569]: Invalid command 'SecRuleRemoveById', perhaps misspelled or defined by a module not included in the server configuration
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 15 18:53:28 server.domain.site systemd[1]: Failed to start Web server Apache.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Mar 15 18:53:28 server.domain.site systemd[1]: Unit httpd.service entered failed state.
Mar 15 18:53:28 server.domain.site systemd[1]: httpd.service failed.
Mar 15 18:53:38 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=2507 PROTO=TCP SPT=57564 DPT=12844 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.134.179.240 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=2681 PROTO=TCP SPT=43768 DPT=4400 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:53:55 server.domain.site postfix/smtpd[17349]: timeout after AUTH from unknown[92.118.38.42]
Mar 15 18:53:55 server.domain.site postfix/smtpd[17349]: disconnect from unknown[92.118.38.42] ehlo=1 auth=0/1 rset=1 commands=2/3
Mar 15 18:54:05 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=34190 PROTO=TCP SPT=42099 DPT=25100 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:54:08 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=42817 PROTO=TCP SPT=42099 DPT=10479 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:54:16 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.127.48.85 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=57 ID=50597 DF PROTO=TCP SPT=34034 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3635 of user root.
-- Subject: Unit session-3635.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3635.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3637 of user root.
-- Subject: Unit session-3637.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3637.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site systemd[1]: Started Session 3636 of user root.
-- Subject: Unit session-3636.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3636.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 18:55:01 server.domain.site CROND[19200]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
Mar 15 18:55:01 server.domain.site CROND[19202]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/pop.php/>/dev/null 2>&1)
Mar 15 18:55:01 server.domain.site CROND[19201]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/cron.php)
Mar 15 18:55:12 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=154.146.186.131 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=34563 DF PROTO=TCP SPT=7740 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:55:15 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.36.81.42 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=246 ID=54321 PROTO=TCP SPT=51716 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.55 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=47546 PROTO=TCP SPT=42099 DPT=51458 WINDOW=1024 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=162.213.254.115 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54489 PROTO=TCP SPT=56013 DPT=3323 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:38 server.domain.site pure-ftpd[19772]: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Mar 15 18:57:38 server.domain.site pure-ftpd[19772]: (?@127.0.0.1) [INFO] Logout.
Mar 15 18:57:38 server.domain.site postfix/smtpd[19775]: connect from localhost[127.0.0.1]
Mar 15 18:57:38 server.domain.site postfix/smtpd[19775]: disconnect from localhost[127.0.0.1] ehlo=1 quit=1 commands=2
Mar 15 18:57:38 server.domain.site named[8420]: client @0x7fa1e003bfa0 127.0.0.1#35718 (.): query (cache) './NS/IN' denied
Mar 15 18:57:38 server.domain.site named[8420]: client @0x7fa1d8001960 127.0.0.1#52736 (.): query (cache) './NS/IN' denied
Mar 15 18:57:41 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=37.161.35.167 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=76 ID=2058 DF PROTO=TCP SPT=4941 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 18:57:43 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=38.65.250.6 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x40 TTL=246 ID=27244 PROTO=TCP SPT=56381 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:44 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.153.198.249 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=45609 PROTO=TCP SPT=44462 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 18:57:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.176.27.178 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=42207 PROTO=TCP SPT=42832 DPT=5570 WINDOW=1024 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.53 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=31073 PROTO=TCP SPT=42105 DPT=24526 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:01 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=174.213.242.29 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=80 ID=11110 DF PROTO=TCP SPT=16923 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3640 of user root.
-- Subject: Unit session-3640.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3640.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3639 of user root.
-- Subject: Unit session-3639.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3639.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3638 of user root.
-- Subject: Unit session-3638.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3638.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3641 of user root.
-- Subject: Unit session-3641.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3641.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site CROND[20217]: (root) CMD (/usr/local/bin/svcMonitor-systemd)
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3642 of user root.
-- Subject: Unit session-3642.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3642.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3643 of user root.
-- Subject: Unit session-3643.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3643.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site systemd[1]: Started Session 3644 of user root.
-- Subject: Unit session-3644.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3644.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:00:01 server.domain.site CROND[20222]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Mar 15 19:00:01 server.domain.site CROND[20221]: (root) CMD (/usr/local/bin/svcMonitor)
Mar 15 19:00:01 server.domain.site CROND[20223]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/cron.php)
Mar 15 19:00:01 server.domain.site CROND[20226]: (root) CMD (/usr/bin/php -q /home/luis/public_html/client.domain.eu/crons/pop.php/>/dev/null 2>&1)
Mar 15 19:00:01 server.domain.site CROND[20224]: (root) CMD (/usr/local/maldetect/maldet --mkpubpaths >> /dev/null 2>&1)
Mar 15 19:00:01 server.domain.site CROND[20225]: (root) CMD (root /usr/local/bin/svcMonitor/>/dev/null 2>&1)
Mar 15 19:00:08 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=207.180.195.165 DST=207.180.203.17 LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=12627 DF PROTO=TCP SPT=14922 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0
MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=185.176.27.178 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46242 PROTO=TCP SPT=42832 DPT=5146 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=28023 PROTO=TCP SPT=57564 DPT=11157 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:50 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=31.184.215.50 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47696 PROTO=TCP SPT=42113 DPT=22068 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:00:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=91.206.15.191 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=57086 PROTO=TCP SPT=52777 DPT=58284 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:01 server.domain.site systemd[1]: Started Session 3645 of user root.
-- Subject: Unit session-3645.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-3645.scope has finished starting up.
--
-- The start-up result is done.
Mar 15 19:01:01 server.domain.site CROND[20521]: (root) CMD (run-parts /etc/cron.hourly)
Mar 15 19:01:01 server.domain.site run-parts(/etc/cron.hourly)[20524]: starting 0anacron
Mar 15 19:01:01 server.domain.site run-parts(/etc/cron.hourly)[20530]: finished 0anacron
Mar 15 19:01:04 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=91.206.15.191 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=11185 PROTO=TCP SPT=52777 DPT=52858 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:10 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=194.26.29.110 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=246 ID=9263 PROTO=TCP SPT=43390 DPT=59999 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:14 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:23:91:08:00 SRC=154.191.91.224 DST=207.180.203.17 LEN=40 TOS=0x08 PREC=0x20 TTL=70 ID=18072 DF PROTO=TCP SPT=52865 DPT=3306 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 15 19:01:31 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=45.136.110.227 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=1807 PROTO=TCP SPT=57564 DPT=11172 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 15 19:01:52 server.domain.site kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:3e:bc:73:28:99:3a:4d:30:af:08:00 SRC=92.118.37.53 DST=207.180.203.17 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=7953 PROTO=TCP SPT=42105 DPT=16262 WINDOW=1024 RES=0x00 SYN URGP=0
×
===log apache======== =========================//===========================
certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.694485 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: cpanel.chatpt.eu:443:0 server certificate does NOT include an ID which matches the server name
certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.697022 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: cpanel.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.697626 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: mail.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.698234 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01909: webmail.afymarketing.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 15 17:43:03.699452 2020] [ssl:warn] [pid 6635:tid 140110386665344] AH01906: server.domain.site:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Mar 15 17:43:03.703149 2020] [mpm_event:notice] [pid 6635:tid 140110386665344] AH00489: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips configured -- resuming normal operations
[Sun Mar 15 17:43:03.703231 2020] [core:notice] [pid 6635:tid 140110386665344] AH00094: Command line: '/usr/local/apache/bin/httpd'
[Sun Mar 15 17:43:52.547973 2020] [mpm_event:notice] [pid 6635:tid 140110386665344] AH00491: caught SIGTERM, shutting down
thanks for helping
35
CentOS 7 Problems / Attention Serious Fault. DataBase Account connects to another DataBase of diff
« on: March 13, 2020, 12:13:44 AM »
Attention Serious Failure DataBase Account..
I swapped my WHMCS 7.9.1 from one Account Dominio.site to Another Account Dominio.eu. I was surprised to realize that WHMCS has always been working with a database from the first domain, I forgot to change.
Finding out a while later when deleting databases on the first domain ... strange, never gave a domain error on whmcs 7.9.1.
I swapped my WHMCS 7.9.1 from one Account Dominio.site to Another Account Dominio.eu. I was surprised to realize that WHMCS has always been working with a database from the first domain, I forgot to change.
Finding out a while later when deleting databases on the first domain ... strange, never gave a domain error on whmcs 7.9.1.
36
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 12, 2020, 03:32:35 AM »SOLVED AS CODE--> />/dev/null 2>&1
*/5 * * * */usr/bin/php -q /home/jony/public_html/client.domain.com/crons/pop.php/>/dev/null 2>&1
Thanks to Forum members
37
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 12, 2020, 03:28:06 AM »its service monitoring if you don't want to send email kindly disable it through cwp-admin >> service config >> service monitoring and leave the email box form empty.
Thanks
My preference on
38
CentOS 7 Problems / Re: I turned off Mod security and turned off Apache.
« on: March 11, 2020, 12:22:41 PM »this is the id you need to add it to disable rule
id "920350"
or use comodo waf (pro required)
already added
thanks my friend
39
CentOS 7 Problems / Re: I turned off Mod security and turned off Apache.
« on: March 10, 2020, 11:40:07 AM »
apache log
[Tue Mar 10 12:18:02.743975 2020] [:error] [pid 2012:tid 140672501729024] [client 184.105.247.196:2804] [client 184.105.247.196] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "793"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "207.000.678.17"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "207.000.203.17"] [uri "/"] [unique_id "Xmd3atQFYVZZqmfmXnX5DAAAAFc"]
[Tue Mar 10 12:18:02.743975 2020] [:error] [pid 2012:tid 140672501729024] [client 184.105.247.196:2804] [client 184.105.247.196] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "793"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "207.000.678.17"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "207.000.203.17"] [uri "/"] [unique_id "Xmd3atQFYVZZqmfmXnX5DAAAAFc"]
40
CentOS 7 Problems / I turned off Mod security and turned off Apache.
« on: March 09, 2020, 10:44:23 PM »
I turned off Mod security and off Apache.
and does not start
Why did you have this behavior?
I thank everyone who helps me in the answer.
and does not start
Why did you have this behavior?
I thank everyone who helps me in the answer.
41
Apache / Re: Can' start Apache
« on: March 09, 2020, 10:32:20 PM »
This is what we have in a help forum ... babababababa..
and we learn the same
and we learn the same
42
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 06, 2020, 06:15:34 PM »
The problem I described in this Posts is solved ..
But I have another problem with this Cron Job
Spam full emails
*/15 * * * * root /usr/local/bin/svcMonitor
What should I do?
thanks to Friends of the forum
But I have another problem with this Cron Job
Spam full emails
*/15 * * * * root /usr/local/bin/svcMonitor
What should I do?
thanks to Friends of the forum
43
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 06, 2020, 03:31:33 PM »
excuse me
the domain is not this I will fix and see
thank you very much guys friend
What is the command to restart cron job?
the domain is not this I will fix and see
thank you very much guys friend
What is the command to restart cron job?
44
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 06, 2020, 03:27:46 PM »..Are you spamming with a php script???Code: [Select]*/5 * * * */usr/bin/php -q /home/jony/public_html/client.domain.com/crons/pop.php/>/dev/null 2>&1Looks like a spammer, to me.
thank you very much guys friend
45
E-Mail / Re: I get spam email 2000 thousand in 24H
« on: March 06, 2020, 02:55:09 PM »1) Why? Are you spamming with a php script???
2) Cron Redirect "> /dev/null 2>&1" at end of cron line
Sorry I'm slow to understand ..
Like this?
->>>> 1) */5 * * * */usr/bin/php -q /home/jony/public_html/client.domain.com/crons/pop.php/dev/null 2>&1"
or
->>>> 2) */5 * * * */usr/bin/php -q /home/jony/public_html/client.domain.com/crons/pop.php/>/dev/null 2>&1
Thank you my friend
