Search found 63 matches
- Sat Nov 24, 2012 8:58 am
- Forum: General Help and Development Discussion
- Topic: modsecurity_crs_10_config.conf missing
- Replies: 6
- Views: 8740
Re: modsecurity_crs_10_config.conf missing
hi, thanks for the exaustive and quick reply ;) yeah this is an old centos5 box without ASL subscription... mod security was working ok with the delayed rules but stopped working a few mod_security updates ago due to missing tortix* file. didn't spend much time on it, just using the sample tortix* f...
- Fri Nov 23, 2012 11:56 pm
- Forum: General Help and Development Discussion
- Topic: modsecurity_crs_10_config.conf missing
- Replies: 6
- Views: 8740
Re: modsecurity_crs_10_config.conf missing
nowhere?
looks like that if you are an ASL customer it does not get enabled by default?
even the delayed rulesets does not include a standard modsecurity config:
http://updates.atomicorp.com/channels/rules/delayed/
looks like that if you are an ASL customer it does not get enabled by default?
even the delayed rulesets does not include a standard modsecurity config:
http://updates.atomicorp.com/channels/rules/delayed/
- Sat Mar 03, 2012 7:53 pm
- Forum: General Help and Development Discussion
- Topic: Proftpd exploit with plesk
- Replies: 16
- Views: 20211
Re: Proftpd exploit with plesk
On the machines i was asked to inspect there were traces from everywhere.... Lot from the us.
Yeah a lot of things could have been done..... Even doing a rpm -e psa could have helped us all...
We need proper explanations from whose has access to the sources of agent. Php.....
Yeah a lot of things could have been done..... Even doing a rpm -e psa could have helped us all...
We need proper explanations from whose has access to the sources of agent. Php.....
- Sat Mar 03, 2012 2:11 pm
- Forum: General Help and Development Discussion
- Topic: Proftpd exploit with plesk
- Replies: 16
- Views: 20211
Re: Proftpd exploit with plesk
How can we be sure that agent.php can't modify/upload files and was just able to "leak" infos? I couldnt have said that better. Forensics always comes down to "How do you know?" Yeah, you are fully right. But I think it's in Parallels best interests to let us know what can be do...
- Fri Mar 02, 2012 1:16 pm
- Forum: General Help and Development Discussion
- Topic: Proftpd exploit with plesk
- Replies: 16
- Views: 20211
Re: Proftpd exploit with plesk
so: I do not see uploads via ftp, I do not see accesso file manager (or any other file in plesk admin interface), I do not see ssh access... can we suppose it was just an information leak withou modifications/uploads? As for now I saw only agent.php references that were not standard... no uploads vi...
- Fri Mar 02, 2012 10:45 am
- Forum: General Help and Development Discussion
- Topic: Proftpd exploit with plesk
- Replies: 16
- Views: 20211
Re: Proftpd exploit with plesk
add: searching around I see agent.php only mentioned about data leaks...
to upload the file they need to access to .../file-manager/create-file/ or via ftp...
Am I wrong?
to upload the file they need to access to .../file-manager/create-file/ or via ftp...
Am I wrong?
- Fri Mar 02, 2012 10:28 am
- Forum: General Help and Development Discussion
- Topic: Proftpd exploit with plesk
- Replies: 16
- Views: 20211
Re: Proftpd exploit with plesk
I'm inspecting a couple machines... and I see POST requests to agent.php samples: ./httpsd_access_log.processed:109.206.185.155 XX.XX.XX.XX:8443 - [26/Feb/2012:12:57:51 +0100] "POST /enterprise/control/agent.php HTTP/1.1" 200 1744 "-" " -" ./httpsd_access_log.processed:...
- Fri Mar 02, 2012 8:44 am
- Forum: General Help and Development Discussion
- Topic: Proftpd exploit with plesk
- Replies: 16
- Views: 20211
Re: Proftpd exploit with plesk
So it's confirmed that agent.php could be used to upload files and not just to leak data?scott wrote:3) Attack uses the vulnerable agent.php injection to upload bot code via the file manager. Note, this is unauthenticated.
- Thu Nov 18, 2010 7:41 pm
- Forum: Control Panel Support Help
- Topic: psa-proftpd conflicts - plesk won't update
- Replies: 14
- Views: 17685
Re: psa-proftpd conflicts - plesk won't update
same here on 9.5.2
- Tue Nov 16, 2010 7:13 am
- Forum: Control Panel Support Help
- Topic: psa-proftpd conflicts - plesk won't update
- Replies: 14
- Views: 17685
Re: psa-proftpd conflicts - plesk won't update
having the same problem on all my boxes...
In the newer base package only proftpd got updated?
http://www.parallels.com/it/products/plesk/ProFTPD/
In the newer base package only proftpd got updated?
http://www.parallels.com/it/products/plesk/ProFTPD/
- Sun Oct 12, 2008 7:01 pm
- Forum: Anti-Spam Help and Discussion
- Topic: --quarantine-reject: reply with an smtp error to spam
- Replies: 5
- Views: 6534
- Sun Oct 12, 2008 4:46 pm
- Forum: Anti-Spam Help and Discussion
- Topic: --quarantine-reject: reply with an smtp error to spam
- Replies: 5
- Views: 6534
- Sun Oct 12, 2008 3:59 pm
- Forum: Anti-Spam Help and Discussion
- Topic: --quarantine-reject: reply with an smtp error to spam
- Replies: 5
- Views: 6534
I thought
would have done the trick, but It's not working as expected
shouldn't that result in the same behaviour?
PS: spamassassin in your repos is not configured to start at 345 runlevels?
Code: Select all
SA_REJECT="yes"
shouldn't that result in the same behaviour?
PS: spamassassin in your repos is not configured to start at 345 runlevels?
- Sat Oct 11, 2008 8:41 pm
- Forum: Anti-Spam Help and Discussion
- Topic: --quarantine-reject: reply with an smtp error to spam
- Replies: 5
- Views: 6534
--quarantine-reject: reply with an smtp error to spam
i was looking around qmail-scanner.ini but didn't saw anything that refer to the : --quarantine-reject switch... Defaults to "no". Whether to trigger a SMTP error response to quarantine events (inc. SPAM). Qmail installed with the "custom error patch" will get a nice little text ...
- Mon Oct 06, 2008 4:17 pm
- Forum: Anti-Spam Help and Discussion
- Topic: plesk 8.6 - qmail-scanner error
- Replies: 4
- Views: 5772