• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Mod_Security and Mod_Unique_id Install

I

InsertCoin

Basic Pleskian
Plesk: 9.5.2
OS: Ubuntu Hardy 8.04

I have been crawling around the internet looking for a way to install mod_security, however I have been unable to come up with a guide on how to do this. Most refer to installing it with "apt-get install libapache2-mod-security" and the documentation over at modsecurity.org advises that mod_unique_id needs to be enabled.

I found it on the server in /usr/lib/apache2/modules/mod_unique_id.so and tried to enable it to no avail (assume it needs to be compiled in).

Anyone know how I can get mod_security running?
 
Doesnt help really, as thats for centos/RH installs.

Ubuntu 8.04 doesn't have mod-security available.

Very strange that Plesk are not taking a more pro-active approach to allow people to be able to secure their server.
 
What about

apt-cache search mod_security

?

As I remember it may be libapache2-mod-security on Ubuntu.
 
Yep, that was my first attempt:

root@:/# apt-cache search mod_security
root@:/#

Is all that happens.

My sources.list:

deb http://archive.ubuntu.com/ubuntu hardy main restricted universe
deb http://archive.ubuntu.com/ubuntu hardy-updates main restricted universe
deb http://archive.ubuntu.com/ubuntu hardy-security main restricted universe

## This is temporary appended by Autoinstaller for
## specify source of product's packages for APT.
deb http://autoinstall.plesk.com/ubuntu/PSA_9.5.2 hardy all
 
Further information:

The reason for wanting to install is because if I create a file on my hosting (called bad.php) with the contents:

<? $secret_file = $_GET['secret_file'];
include ( $secret_file); ?>

And then call it with:

/bad.php?secret_file=/etc/passwd

It prints the contents of /etc/passwd to the browser, which is not very secure.
 
You must log in or register to reply here.

Similar threads

NateWon
Question Composer and default PHP version
Replies
1
Views
298
Kaspar
K
K
Issue I am getting errors while installing some Extensions
Replies
2
Views
716
kemalcizoglu
K
flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
682
flederwiesel
flederwiesel
D
Resolved Looking for tutorial/information on how to install Matrix Docker container
Replies
4
Views
2K
David Borrink
D
LionKing
Question Install docker image (RocketChat), on a domain / webhotel.
2
Replies
23
Views
3K
LionKing
LionKing
Back
Top