Facebook
Twitter-
Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
-
We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies! -
The BIND DNS server has already been deprecated and removed from Plesk for Windows.
If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release. -
The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
Resolved Empty ModSecurity Log File
- Thread starter othmaqsa
- Start date
A similar issue was recently reported in the Facebook group. The solution there was that no logs existed, hence none were shown. Have you checked that there are actually log entries, e.g. by checking the access_ssl_log and error_log files in the /logs directory?
Hello @Peter Debik ,
I have tried to visit https://example.com/aphpfilethatdonotexist.php?something=../../etc to trigger the error code 403, but what I don't understand is the 404 error being triggered instead of 403.. as if ModSecurity is not working.
I have tried to visit https://example.com/aphpfilethatdonotexist.php?something=../../etc to trigger the error code 403, but what I don't understand is the 404 error being triggered instead of 403.. as if ModSecurity is not working.
Attachments
ModSecurity is not responding to non-existent files. Can you reproduce the issue with a scenario where an existing file is used?
@Peter Debik
I have just checked now, and the log still empty.
Maybe the reason because I'm in detect only mode ?
It needs to be checked in detail. Have you seen this other thread with a similar issue?
talk.plesk.com
Resolved - Mod Security Log Files Empty
Hi, i have noticed that my mod security Log Files are empty. Nothing happens there. I restartet, stop & started, disabled, reenabled, changed Modus - nothing. System: Plesk Onyx 17.5.3 Debian 8.9 And via SSH it sais, that Service is running. Any Ideas? Could it be something with Cron Job?
talk.plesk.com
Hello @Peter Debik ,It needs to be checked in detail. Have you seen this other thread with a similar issue?
Resolved - Mod Security Log Files Empty
Hi, i have noticed that my mod security Log Files are empty. Nothing happens there. I restartet, stop & started, disabled, reenabled, changed Modus - nothing. System: Plesk Onyx 17.5.3 Debian 8.9 And via SSH it sais, that Service is running. Any Ideas? Could it be something with Cron Job?
I have tried this cmd:
cd /var/log/modsecurity/audit/
Output: -bash: cd: /var/log/modsecurity/audit/: No such file or directory
I am afraid that this is not leading to anywhere at the moment, but we need to come to a solution. I suggest that you open a ticket with Plesk support so that the resolution path gets more focused and an engineer can look onto your server directly to find out what is going on.
support.plesk.com
How to get support directly from Plesk?
Question How to get support directly from Plesk? Answer Lease-type Plesk licenses purchased directly from Plesk running on supported Plesk version include full free support. Perpetual-type license...
support.plesk.com
@Peter Debik , I have a good news.
Some Logs are showing currently since 2 days. So normally, the ModSec is working now.
Another question please:
In the Predefined set of values:
When I set "Fast" : Few logs is logged.
When I set "Tradeoff" : A lot of logs is logged with some error and false positive.
If I keep FAST, maybe few attacks will be blocked by ModSec, and other attacks not.
If I keep TRADEOFF, I have to sort out the rules that block plugins on Wordpress but normally the server will be more protected.
What is the best solution in your opinion?
Some Logs are showing currently since 2 days. So normally, the ModSec is working now.
Another question please:
In the Predefined set of values:
When I set "Fast" : Few logs is logged.
When I set "Tradeoff" : A lot of logs is logged with some error and false positive.
If I keep FAST, maybe few attacks will be blocked by ModSec, and other attacks not.
If I keep TRADEOFF, I have to sort out the rules that block plugins on Wordpress but normally the server will be more protected.
What is the best solution in your opinion?
For a Wordpress site I believe that "fast" will do. Instead, apply all security options from the "Security" link in WP Toolkit.
Perfect. Thank you @Peter Debik
