• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Referer spam vs mod_security

So now that you have modsecurity working, this seems to confirm Apache was configured as a proxy. Now you should see alot of those requests as "denied" in the error log and audit logs.

Apache can include many many configuration files, so it could be nested pretty deep somewhere.
 
Ok, something else I found that bugged me. it appears that goDaddy VS does not run the psa-firewall properly as per this thread

http://forum.swsoft.com/showthread.php?s=&threadid=30203

I've looked at my boot.log and it said psa-firewall: service is disabled.

I ran iptables --list to find out that I had no rules at all. So I was barenaked on the net. Scary thoughts.

Anyway, with the assistance of Jack D. from http://kicktheweb.com, I have set somes firewall rules that fit my needs. The first thing I do is to check if ip_forward is enabled if so, I disable it.

And it was enable. So I guess, Apache was really configured as a proxy.

Hopefully, these new setiings should bring me peace of mind. I will nevertheless, keep a close look at my logs and adjust everything accordingly.

One thing I tried without success was to add IP's in the /etc/hosts.deny file. It seems that it does not filter anyhting from this file. I guess it has something to do with tcpd not running. The tcpd files are there, but I dont see it anywhere in my chkconfig --list or in my processes.

I will look into it another day.

Another thing I'd like to get runnning is the APF firewall and BFD from rxfnetworks.com. So far everything I tried did not work on my fc2 with plesk 7.5.4 box. It would be easier to have this nifty utility banning ip automatically.

Once again Thanks wagnerch for all your input.
 
I use a custom iptables firewall on the machine, plus I have an upstream firewall with my ISP. So needless to say I do not use psa-firewall.

Packet-level forwarding is a different problem from a proxy server, so the two are not really related.

Apache doesn't honor the /etc/hosts.deny file, this is only honored by tcpd processes (normally running via inetd). In any case it is a poor solution to the problem, a firewall is a much better solution.
 
You must log in or register to reply here.

Similar threads

R
SpamAssassin: Server Wide Setting What does it do? Training?
Replies
3
Views
4K
JP Kelly
JP Kelly
Back
Top