• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Referer spam vs mod_security

So now that you have modsecurity working, this seems to confirm Apache was configured as a proxy. Now you should see alot of those requests as "denied" in the error log and audit logs.

Apache can include many many configuration files, so it could be nested pretty deep somewhere.
 
Ok, something else I found that bugged me. it appears that goDaddy VS does not run the psa-firewall properly as per this thread

http://forum.swsoft.com/showthread.php?s=&threadid=30203

I've looked at my boot.log and it said psa-firewall: service is disabled.

I ran iptables --list to find out that I had no rules at all. So I was barenaked on the net. Scary thoughts.

Anyway, with the assistance of Jack D. from http://kicktheweb.com, I have set somes firewall rules that fit my needs. The first thing I do is to check if ip_forward is enabled if so, I disable it.

And it was enable. So I guess, Apache was really configured as a proxy.

Hopefully, these new setiings should bring me peace of mind. I will nevertheless, keep a close look at my logs and adjust everything accordingly.

One thing I tried without success was to add IP's in the /etc/hosts.deny file. It seems that it does not filter anyhting from this file. I guess it has something to do with tcpd not running. The tcpd files are there, but I dont see it anywhere in my chkconfig --list or in my processes.

I will look into it another day.

Another thing I'd like to get runnning is the APF firewall and BFD from rxfnetworks.com. So far everything I tried did not work on my fc2 with plesk 7.5.4 box. It would be easier to have this nifty utility banning ip automatically.

Once again Thanks wagnerch for all your input.
 
I use a custom iptables firewall on the machine, plus I have an upstream firewall with my ISP. So needless to say I do not use psa-firewall.

Packet-level forwarding is a different problem from a proxy server, so the two are not really related.

Apache doesn't honor the /etc/hosts.deny file, this is only honored by tcpd processes (normally running via inetd). In any case it is a poor solution to the problem, a firewall is a much better solution.
 
Back
Top