Page 1 of 5 1234 ... LastLast
Results 1 to 40 of 178
  1. New FREE Mod_Sec from Comodo

    Not sure if it was posted, but Comodo CEO released free mod_sec rules. Anyone tried them?

    http://www.melih.com/2013/12/28/free...ecurity-rules/
    Hostabulous | cPanel (Linux) & Plesk (Windows) Hosting KVM VPS R1Soft backups | Proudly Canadian
    Cloudflare LiteSpeed Cloudlinux Remote backups Anti-Spam Web App Firewall Canada/US/Germany

  2. #2
    Join Date
    Oct 2009
    Location
    Canada
    Posts
    482
    Interesting timing... I remember getting an email from cPanel a week or so ago asking about Mod_Sec and one of the questions asked was "how much would you be willing to pay" if they offered it as a service. I guess this will make them think a little harder on that.
    Owner Media-Hosts.com AS14442 Canadian Web Hosts Since 2002
    █ 24/7 365 Support, 100% Network Up-time Guarantee
    █ Web Development Specialists (E-Commerce, Inventory, Design)
    OpenVZ.ca Reliable, Affordable VPS Servers and Web Hosting. IPv6 Available

  3. #3
    Was just about to post this. Has anyone installed it yet? Do I need to remove mod security rules that were installed via easy apache and ConfigServer ModSecurity Control (cmc)?
    WordPress Hosting
    Shared / White Label Reseller WHM | SSD Cloud | CloudLinux

    www.LarisMedia.com Wordpress & Magento Website Design

  4. #4
    When I use the rules I get the follow error.

    Rebuilding and restarting Apache:
    Initial configuration generation failed with the following message:

    Configuration problem detected on line 1 of file /waf/bl_domains: Invalid command '.katiechaophoto.com/', perhaps misspelled or defined by a module not included in the server configuration

    --- /waf/bl_domains ---
    1 ===> .katiechaophoto.com/ <===
    2.turuzzonatale.it/
    3.100nests.com/
    4.12vorteil.de/
    5.14-jitrenka.eu/
    6.1dumb.com/
    7.2u264.com/
    --- /waf/bl_domains ---


    Rebuilding configuration without any local modifications.

    Failed to generate a syntactically correct Apache configuration.
    Bad configuration file located at /usr/local/apache/conf/httpd.conf.work.FN92G3TFEXp90K2L
    Error:
    Configuration problem detected on line 1 of file /waf/bl_domains: Invalid command '.katiechaophoto.com/', perhaps misspelled or defined by a module not included in the server configuration

    --- /waf/bl_domains ---
    1 ===> .katiechaophoto.com/ <===
    2.turuzzonatale.it/
    3.100nests.com/
    4.12vorteil.de/
    5.14-jitrenka.eu/
    6.1dumb.com/
    7.2u264.com/
    --- /waf/bl_domains ---



    AH00526: Syntax error on line 1 of /comodo/waf/bl_domains:
    Invalid command '.katiechaophoto.com/', perhaps misspelled or defined by a module not included in the server configuration
    WordPress Hosting
    Shared / White Label Reseller WHM | SSD Cloud | CloudLinux

    www.LarisMedia.com Wordpress & Magento Website Design

  5. #5
    Edit above, had a config issues. I have the rules working with http://configserver.com/cp/cmc.html. I had an issue once before when I installed atomic security suite so I was not sure how these rules worked.
    WordPress Hosting
    Shared / White Label Reseller WHM | SSD Cloud | CloudLinux

    www.LarisMedia.com Wordpress & Magento Website Design

  6. #6
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    We are currently testing these.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  7. #7
    Join Date
    Dec 2011
    Location
    Surrey, BC
    Posts
    445
    Quote Originally Posted by Steven View Post
    We are currently testing these.
    Let us know your findings Very interested in seeing how these compare to Atomicorp's rule sets.

  8. #8
    Anyone else getting
    Code:
    Execution error - PCRE limits exceeded (-8): (null)
    for every WHMCS admin page they visit?

    I already have
    Code:
    SecPcreMatchLimit 150000
    SecPcreMatchLimitRecursion 150000
    in my modsec2.user.conf file, and never had those with the Atomicorp Realtime rules.
    Fusioned - http://www.fusioned.net
    Enterprise Hosting | CloudLinux, cPanel, LiteSpeed, R1Soft | PHP 5.2, 5.3, 5.4 & 5.5 | Softaculous | CloudFlare
    SSD KVM VPS in Netherlands | SolusVM | Intel E3-1230v2 | LSI RAID-10 SSD | 1Gbps | IPv6 ready

  9. #9
    Quote Originally Posted by George_Fusioned View Post
    Anyone else getting
    Code:
    Execution error - PCRE limits exceeded (-8): (null)
    for every WHMCS admin page they visit?

    I already have
    Code:
    SecPcreMatchLimit 150000
    SecPcreMatchLimitRecursion 150000
    in my modsec2.user.conf file, and never had those with the Atomicorp Realtime rules.
    Yeah, I got them with whmcs as well. I just whitelisted for now until I have time to research the reason.
    WordPress Hosting
    Shared / White Label Reseller WHM | SSD Cloud | CloudLinux

    www.LarisMedia.com Wordpress & Magento Website Design

  10. #10
    Since ASL-Lite is no longer supported, Comodo's cPanel plugin which comes with an auto-updater sounded like a nice addition.

    Unfortunately it's a very premature release and needs a lot of code editing in order to get it to work.
    Perl shebang lines had to be changed here and there, additional Perl modules where required in order to even get the installer working, and finally a custom path had to be added to @INC.
    Also, there is no AppConfig configuration file in order to get it registered, so one has to write one of his own.

    In the end, the updater would overwrite my v0.30 rules with the v0.25 rules when I would use the "Update Rules" button

    Has potential but still very buggy.
    Fusioned - http://www.fusioned.net
    Enterprise Hosting | CloudLinux, cPanel, LiteSpeed, R1Soft | PHP 5.2, 5.3, 5.4 & 5.5 | Softaculous | CloudFlare
    SSD KVM VPS in Netherlands | SolusVM | Intel E3-1230v2 | LSI RAID-10 SSD | 1Gbps | IPv6 ready

  11. Quote Originally Posted by George_Fusioned View Post
    Since ASL-Lite is no longer supported, Comodo's cPanel plugin which comes with an auto-updater sounded like a nice addition.

    Unfortunately it's a very premature release and needs a lot of code editing in order to get it to work.
    Perl shebang lines had to be changed here and there, additional Perl modules where required in order to even get the installer working, and finally a custom path had to be added to @INC.
    Also, there is no AppConfig configuration file in order to get it registered, so one has to write one of his own.

    In the end, the updater would overwrite my v0.30 rules with the v0.25 rules when I would use the "Update Rules" button

    Has potential but still very buggy.
    Not sure about your config, but we installed in on 2 servers. We had to install JSON/XS, and 1 server somehow needed a symlink to perl install dir, but everything else is working as intended.
    Hostabulous | cPanel (Linux) & Plesk (Windows) Hosting KVM VPS R1Soft backups | Proudly Canadian
    Cloudflare LiteSpeed Cloudlinux Remote backups Anti-Spam Web App Firewall Canada/US/Germany

  12. #12
    Quote Originally Posted by [email protected] View Post
    Not sure about your config, but we installed in on 2 servers. We had to install JSON/XS, and 1 server somehow needed a symlink to perl install dir, but everything else is working as intended.
    Just a fresh cPanel installation.

    So you didn't even need to manually register it with AppConfig?

    The Updater worked out of the box? (I had to change the Perl shebang line first).

    Does the updater indeed update your rules? For me it just randomly downloads rule packages, sometimes v0.16, sometimes v0.25 etc and overwrites the newer rules (v0.30). Additionally after using the updater there's an ownership issue with /var/cpanel/cwaf/rules (folder + files), it's owner by 1011:user

    In the "Configuration" tab, try moving the Debug slider to the right, say to "6". Then Save settings. Then go to WHM Home and back to the Comodo WAF plugin. Is the "Debug log" value gone?

    Does the Exclude rule functionality work for you?
    Fusioned - http://www.fusioned.net
    Enterprise Hosting | CloudLinux, cPanel, LiteSpeed, R1Soft | PHP 5.2, 5.3, 5.4 & 5.5 | Softaculous | CloudFlare
    SSD KVM VPS in Netherlands | SolusVM | Intel E3-1230v2 | LSI RAID-10 SSD | 1Gbps | IPv6 ready

  13. Didnt had to register with AppConfig.

    Updater worked out of the box, minus the problems i posted earlier.

    The updater did update the rules properly but yes we do have the files owner issue.

    Exlude doesnt work for us. Just tried to change debug lvl, and it looks like its working. Im unable to properly change the log file name tho.

    Thanks for sharing
    Hostabulous | cPanel (Linux) & Plesk (Windows) Hosting KVM VPS R1Soft backups | Proudly Canadian
    Cloudflare LiteSpeed Cloudlinux Remote backups Anti-Spam Web App Firewall Canada/US/Germany

  14. #14
    Thanks for letting me know.

    I have posted a more complete list of the issues/bugs I encountered at the Comodo forums: http://forums.comodo.com/general-dis...9274#msg729274
    Fusioned - http://www.fusioned.net
    Enterprise Hosting | CloudLinux, cPanel, LiteSpeed, R1Soft | PHP 5.2, 5.3, 5.4 & 5.5 | Softaculous | CloudFlare
    SSD KVM VPS in Netherlands | SolusVM | Intel E3-1230v2 | LSI RAID-10 SSD | 1Gbps | IPv6 ready

  15. #15
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Quote Originally Posted by George_Fusioned View Post
    Thanks for letting me know.

    I have posted a more complete list of the issues/bugs I encountered at the Comodo forums: http://forums.comodo.com/general-dis...9274#msg729274
    Thanks for that!

    Nothing makes me crankier than developers WHO DON'T TEST THEIR OWN SOFTWARE.... argh.

    Whoever wrote that installation script needs to be slapped upside the head.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  16. #16
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    It seriously is a joke.

    #!/bin/sh
    eval 'if [ -x /usr/bin/local/cpanel/3rdparty/bin/perl ]; then exec /usr/local/cpanel/3party/bin/local -x --$0
    ${1+"$@"}; else exex /usr/bin/perl -x $0 ${1+"$@"}; fi;'
    if 0;
    #!/usr/bin/perl
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  17. #17
    Join Date
    Oct 2012
    Location
    Europe and USA
    Posts
    922
    Indeed, the cPanel installer and plugin had so many issues, that we finally decided to use it without the plugin and install and configure the rule files manually.

    The rules appear to be working fine though, Apache logs (/usr/local/apache/logs/error_log) have already recorded some blocked attacks (against WordPress and Joomla sites mainly).
    Network Panda :: Web Hosting SSD Powered :: Reseller Hosting
    Instant activation, fast servers, SSD disks, cPanel, Softaculous 1-click apps installer, daily backups, SSL certificates
    Multiple hosting locations: USA, Canada, France, UK, Germany, Italy, Spain, Poland, Finland

  18. #18
    Hey guys,

    we are here to help. we truly would welcome the feedback. The more feedback, the better the product becomes. We are here and willing to make the investment.

    Any problems/wishes pls let us know so that we can start the process. We want to give you the best possible modsecurity rules!

    thanks

    Melih

  19. #19
    Join Date
    May 2013
    Location
    India
    Posts
    748
    perl -MCPAN -e'install Template'
    perl -MCPAN -e'install Net::LibIDN'
    perl -MCPAN -e'install XML:imple'
    perl -MCPAN -e'install IO:calar'
    perl -MCPAN -e'install YAML:yck'
    Had to install above to recover various errors to get the front-end working...now getting following error

    Can't locate Comodo/CWAF/Cpanel.pm in @INC (@INC contains: /usr/local/cpanel /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/local/cpanel/whostmgr/docroot/cgi/addon_cwaf.cgi line 23.
    BEGIN failed--compilation aborted at /usr/local/cpanel/whostmgr/docroot/cgi/addon_cwaf.cgi line 23.


    It is good to resolve all the perl dependensies along with the install script. Also it'll be nice if the script can be registered with AppConfig.

  20. #20
    Join Date
    May 2013
    Location
    India
    Posts
    748
    Was able to fix it after following

    perl -MCPAN -e'install Comodo::CWAF::Cpanel'
    cp -pvr /usr/local/lib/perl5/site_perl/5.8.8/Comodo /usr/local/lib64/perl5/

    Definitely needs proper scripting to correct these issues. Otherwise people will be little afraid to use the buggy scripts...

  21. #21
    Join Date
    May 2013
    Location
    India
    Posts
    748
    Syntax error on line 349 of /var/cpanel/cwaf/rules/cwaf_05.conf:
    Invalid command 'SecRule"setvarESSION.TIMEOUT=3600,', perhaps misspelled or defined by a module not included in the server configuration

  22. #22
    Join Date
    Jun 2005
    Posts
    3,448
    Last time I tried Mod Security it caused a very decent increase in CPU load and latency to websites.

    Im not sure if its wise to have this on every web server unless you have a centralized one that process it for all servers like a proxy, you are putting an extra load on Apache and a very huge one unless you want to use it with just a few rules, and then its not really doing what it should.

    Loaded with tons of rules its a resource pig as it needs to process them on every request. It also causes more problems than benefits unless you know exactly what each rule does. I know Mod Security is very popular but im not a big fan of it.

    It also tends to cause more problems with websites and apps for the benefits it brings. Still its very popular.

    I just don΄t like how it performs in terms of speeds and resources. I noticed a huge drop in load when it was turned off vs on on some cPanel servers.

    Just my 2 cents.
    Last edited by nibb; 12-30-2013 at 05:44 AM.

  23. #23
    Join Date
    Apr 2005
    Posts
    1,711
    @nixtree: check that you have LoadModule before your modsec includes in httpd.conf, and that Apache was built with it enabled

    @nibb: This will depend on what features you enable.. SecResponseBodyAccess, SecUploadScript etc, bad regex filtering, things that use SecCollection, SecRule with non-lua exec calls.

    On a side note, I use owasp-modsecurity-crs currently, but might check this out on a dev instance.

  24. #24
    Join Date
    May 2013
    Location
    India
    Posts
    748
    Quote Originally Posted by zacharooni View Post
    @nixtree: check that you have LoadModule before your modsec includes in httpd.conf, and that Apache was built with it enabled
    Checked already and its properly configured..also the rest of the rule sets are working fine. owasp rules are good as well and we used it on many production systems

  25. #25

    Post

    Quote Originally Posted by nixtree View Post
    Syntax error on line 349 of /var/cpanel/cwaf/rules/cwaf_05.conf:
    Invalid command 'SecRule"setvarESSION.TIMEOUT=3600,', perhaps misspelled or defined by a module not included in the server configuration
    Which version of rules are you using?

  26. #26
    Join Date
    May 2013
    Location
    India
    Posts
    748
    I tested .30

  27. #27
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by nixtree View Post
    perl -MCPAN -e'install Template'
    perl -MCPAN -e'install Net::LibIDN'
    perl -MCPAN -e'install XML:imple'
    perl -MCPAN -e'install IO:calar'
    perl -MCPAN -e'install YAML:yck'
    Had to install above to recover various errors to get the front-end working...now getting following error

    Can't locate Comodo/CWAF/Cpanel.pm in @INC (@INC contains: /usr/local/cpanel /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/local/cpanel/whostmgr/docroot/cgi/addon_cwaf.cgi line 23.
    BEGIN failed--compilation aborted at /usr/local/cpanel/whostmgr/docroot/cgi/addon_cwaf.cgi line 23.


    It is good to resolve all the perl dependensies along with the install script. Also it'll be nice if the script can be registered with AppConfig.
    If you use cpanels perl none of that is required. That is pretty hackish.
    Cpanel stopped installing all of those by default on the system perl since they now package their own perl.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  28. #28
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by nixtree View Post
    I tested .30
    Are you using the latest version of mod_security provided by easyapache?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  29. #29
    Join Date
    May 2013
    Location
    India
    Posts
    748
    Quote Originally Posted by Steven View Post
    If you use cpanels perl none of that is required. That is pretty hackish.
    Thats something the script provider should consider...anyway thanks for the suggestion and I will check with cPanel perl..hopefully they will make it AppConfig compatible as well

    Yes, I am using the latest provided by EA3

  30. #30
    Quote Originally Posted by nixtree View Post
    I tested .30
    Please, send me your cwaf_05.conf in PM.
    That string shouldn't be on line 349.

  31. #31
    Join Date
    May 2013
    Location
    India
    Posts
    748
    Unfortunately I removed it and did a fresh install. that issues isn't persists in new installation.

  32. #32
    Quote Originally Posted by nixtree View Post
    Unfortunately I removed it and did a fresh install. that issues isn't persists in new installation.
    Fine that issue had gone. Thanx for feedback.

  33. #33
    as an FYI, we are doing a new release next week hopefully should fix the problems reported.

    thank you for your patience guys!

    Melih

  34. Nice waiting for it as it really needs an update , right now just using rules, looks good so far.
    Hostabulous | cPanel (Linux) & Plesk (Windows) Hosting KVM VPS R1Soft backups | Proudly Canadian
    Cloudflare LiteSpeed Cloudlinux Remote backups Anti-Spam Web App Firewall Canada/US/Germany

  35. #35
    Quote Originally Posted by [email protected] View Post
    Nice waiting for it as it really needs an update , right now just using rules, looks good so far.
    oh great..yup the rules are pretty powerful and efficient in terms of resource usage. Of course we will continue to make these more efficient as we go along (have some nice ideas )...in the meanwhile we are fixing the cpanel plugin so that these rules can be used easily.

    thanks

    Melih

  36. #36
    Join Date
    Aug 2009
    Location
    Metro Detroit Area
    Posts
    1,619
    Quote Originally Posted by Melih View Post
    oh great..yup the rules are pretty powerful and efficient in terms of resource usage. Of course we will continue to make these more efficient as we go along (have some nice ideas )...in the meanwhile we are fixing the cpanel plugin so that these rules can be used easily.

    thanks

    Melih
    I think if this can be fixed so it is easy enough to install by your average user, it will be a great product.
    HostMantis Affordable Web Hosting
    Shared • Reseller • VPS • 24/7/365 Support • Instant Activation
    CloudLinux • CloudFlare • Softaculous Premium • Multi PHP • cPanel
    Also offering Windows Hosting with Plesk 12 • Multi PHP • MSSQL • ASP.NET

  37. #37
    Quote Originally Posted by HostMantis View Post
    I think if this can be fixed so it is easy enough to install by your average user, it will be a great product.
    no If...it will be fixed

    next week..expect a new release.

    we want a lot of feedback though please..we are eager to make this the best product that it can be for modsecurity.

    thanks

    Melih

  38. Quote Originally Posted by Melih View Post
    no If...it will be fixed

    next week..expect a new release.

    we want a lot of feedback though please..we are eager to make this the best product that it can be for modsecurity.

    thanks

    Melih
    Right now we are using your rules in conjunction with Config Server Modsec plugin for cPanel.
    The ability of this plugin, to whitelist or disable any rule, per account or per directory is really nice. Maybe you could do something like this.
    Hostabulous | cPanel (Linux) & Plesk (Windows) Hosting KVM VPS R1Soft backups | Proudly Canadian
    Cloudflare LiteSpeed Cloudlinux Remote backups Anti-Spam Web App Firewall Canada/US/Germany

  39. #39
    Quote Originally Posted by [email protected] View Post
    Right now we are using your rules in conjunction with Config Server Modsec plugin for cPanel.
    The ability of this plugin, to whitelist or disable any rule, per account or per directory is really nice. Maybe you could do something like this.
    we will most definitely put that as a requirement to our dev team.

    please keep the requests coming in....we are building this for you guys...the more request for new features the better for everyone..keep our devs busy

  40. #40
    Join Date
    Mar 2012
    Location
    Cape Town
    Posts
    448

Page 1 of 5 1234 ... LastLast

Similar Threads

  1. Replies: 1
    Last Post: 09-27-2010, 12:09 PM
  2. Help with mod_sec
    By TheMatrix in forum Hosting Security and Technology
    Replies: 1
    Last Post: 06-18-2007, 09:37 AM
  3. Seeking Comodo Resellers. Offering Comodo Reseller Accounts (SSL, Security Products)
    By jacksony in forum Other Web Hosting Related Offers
    Replies: 0
    Last Post: 01-19-2007, 01:20 PM
  4. QUestion to COmodo resellers: Which Comodo certificate do you most recommend?
    By albatroz in forum Ecommerce Hosting & Discussion
    Replies: 0
    Last Post: 06-12-2005, 10:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •