{"id":641,"date":"2018-03-05T02:24:15","date_gmt":"2018-03-05T02:24:15","guid":{"rendered":"http:\/\/orissawebhosting.in\/blog\/?p=641"},"modified":"2019-07-01T15:08:19","modified_gmt":"2019-07-01T15:08:19","slug":"how-to-check-website-attacks-in-modsecurity-whm","status":"publish","type":"post","link":"https:\/\/orissawebhosting.in\/blog\/how-to-check-website-attacks-in-modsecurity-whm\/","title":{"rendered":"How to Check Website Attacks in ModSecurity WHM"},"content":{"rendered":"

Check website attacks in ModSecurity\u00a0WHM<\/h4>\n

ModSecurity is already installed with WHM but you need to configure it before it can start working properly.<\/p>\n

Once configured login to your WHM panel.\u00a0\u00a0Click \u2018ModSecurity Configuration\u2019 with in Security Center.<\/p>\n

\n

\"\"<\/p>\n<\/div>\n

By default the\u00a0hundred of modsecurity rules are default enabled in the WHM by\u00a0ModSecurity\u2122 Vendors.<\/p>\n

If you want to know the Rules list >>\u00a0Security Center >> ModSecurity\u2122 Tools >> Rules List<\/p>\n

\n

\"\"<\/p>\n<\/div>\n

Once clicked you can see the numerous rules sets.<\/p>\n

\n

\"\"<\/p>\n<\/div>\n

Test rule and view the logs<\/strong><\/p>\n

For example – Someone perform any vulnerability scripts, plugins or themes if the modsecurity rule ID matches the strings in Rules, it will\u00a0block the web request and report to the logs.<\/p>\n

The website through error as “404 page not found” like below.<\/p>\n

\n

\"\"<\/p>\n<\/div>\n

As you can see in the image below that the attack we just simulated is logged inside WHM, just click \u2018ModSecurity Tools\u2019 under security center and you can see all the attack logs. You can see following details about the attack:<\/p>\n

    \n
  • URL For the web attack.<\/li>\n
  • How was this request handled.<\/li>\n
  • Which rule this attack matched against.<\/li>\n<\/ul>\n
    \n

    \"\"<\/p>\n<\/div>\n

    How to white list the ModSecurity rule ID<\/strong><\/p>\n

    First you have install the plugin\u00a0“ConfigServer ModSecurity Control” in WHM panel by using below steps.<\/p>\n

    Download and install cmc\u00a0“ConfigServer ModSecurity Control”<\/p>\n

    \n
    cd \/usr\/src\nrm -fv \/usr\/src\/cmc.tgz\nwget http:\/\/download.configserver.com\/cmc.tgz\ntar -xzf cmc.tgz\ncd cmc\nsh install.sh\nrm -Rfv \/usr\/src\/cmc*<\/pre>\n<\/div>\n
    Login to WHM and scroll to the bottom of the left hand menu and you should see “ConfigServer ModSecurity Control”<\/p>\n
    \n
    \"\"<\/p>\n<\/div>\n
    You can add ModSecurity rule ID numbers that you want to be globally disabled.<\/p>\n
    Alternatively, you can disable rules on a per cPanel account or per domain basis by selecting a user.<\/p>\n
    \n
    \"\"<\/p>\n<\/div>\n
    Else If you wants whitelist the rule ID for particular domain name, Follow the below Steps<\/p>\n
    Click the domain name “orissawebtesting.com” >> Modify user whitelist >> It will redirects to another page.<\/p>\n
    There enter the rule Id Which you wants to enable it >> Click “Save whitelist for all orissawebtest domains.<\/p>\n
    Once you clicked, it take some time for REBUILDING and RESTARTING the Apache.<\/p>\n
    \n
    \"\"<\/p>\n<\/div>\n
    Once Apache Restarted >> You can see the success message as above >> Now all done.<\/p>\n
    Now your website will load fine and you can perform the back-end processes.<\/p>\n
    Now that you can know the step whitelist the ModSecurity rule ID.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Check website attacks in ModSecurity\u00a0WHM ModSecurity is already installed with WHM but you need to configure it before it can start working properly. Once configured login to your WHM panel.\u00a0\u00a0Click \u2018ModSecurity Configuration\u2019 with in Security Center. By default the\u00a0hundred of modsecurity rules are default enabled in the WHM by\u00a0ModSecurity\u2122 Vendors. If you want to know the Rules list >>\u00a0Security Center >> ModSecurity\u2122 Tools >> Rules List Once clicked you can see the numerous rules sets. Test rule and view the logs For example – Someone perform any vulnerability scripts, plugins…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/641"}],"collection":[{"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/comments?post=641"}],"version-history":[{"count":9,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/641\/revisions"}],"predecessor-version":[{"id":1080,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/641\/revisions\/1080"}],"wp:attachment":[{"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/media?parent=641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/categories?post=641"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/tags?post=641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}