File Upload Scanner
Forum
Toggle Submenu
  1. Forums
  2. Recent
  3. Tags
Add a reply View Replies (3)
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor

Resolved File Upload Scanner

  1. Anonymous User
  2. Monday, 25 December 2017
  3.  Subscribe via email
Hello,

We configured Modsecurity by custom rule set in the Plesk as below:
rule set is Atomicorp
Web application firewall mode is on
Predefined set of values is Thorough (The full HTTP request headers, the request POST data and the HTTP response body content will be analyzed.)
When we upload a malicious file through Plesk panel, it cannot detect and file upload to the customer directory. When we want to run that file (for example a php shell) then the Modsecurity prevents and return 403.
Could you please help us to make the Imunify360 working as a WAF to prevent upload malicious files?

Kind Regards,
  1. Imunify360
  2. modsecurity
Rate this post:
0
Responses (3)
  1. 25.12.2017 12:12:40
  2. # 1
Alexander Z Accepted Answer
Alexander Z
Posts: 31
Joined: 29.03.2017
0
Votes
Undo
Hello, Majid!

You could get currently active vendor by running "/usr/local/psa/admin/sbin/modsecurity_ctl -L --enabled".
In your case, I can see that "imunify360-full-apache" is already installed.
However, if you want to use Imunify360's ModSecurity rules and some other vendor is active now, you could use instructions from my previous comment.

If Imunify360's vendor is already active and upload of malicious files is still allowed, then it's unexpected behavior, please submit a ticket with our technical support at https://cloudlinux.zendesk.com (Imunify360 department) so our team can help you with the issue.

Thanks!
  1. 25.12.2017 11:12:37
  2. # 2
Majid Accepted Answer
Hello,

What is the <YOUR_CUSTOME_RULES_NAME>? We have some *.conf files in the /etc/httpd/conf/modsecurity.d/rules/custom/ directory.
Also when we run $ imunify360-agent plesk install-vendors we got the below error:
INFO [+ 3570ms] defence360agent.subsys.panels.plesk.mod_security|Skipping vendor installationdue to conflicting vendor[s]: ['imunify360-full-apache']

Please let us know how we can configure modsecurity with your rules?

Kind Regards,
  1. 25.12.2017 10:12:12
  2. # 3
Alexander Z Accepted Answer
Alexander Z
Posts: 31
Joined: 29.03.2017
0
Votes
Undo
Hello!

Imunify360 could prevent upload of malicious files when Imunify360 ModSecurity rules set is enabled. As far as you using your own custom rule set, then Imunify360 rules that checking uploaded files are disabled because you could have only 1 active ruleset in Plesk. You need to disable your custom ruleset and install Imunify360's one using:


$ /usr/local/psa/admin/sbin/modsecurity_ctl --disable-all-rules --ruleset <YOUR_CUSTOM_RULES_NAME>

$ imunify360-agent plesk install-vendors


Good luck!
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Cite your Sources with a URL link to help readers verify facts or find more details.
Add Another Link
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.

General
General
  1. 528 posts
  2. 2 subcategories
CloudLinux and Control Panels
CloudLinux and Control Panels
  1. 1109 posts
  2. 5 subcategories
KernelCare
KernelCare
  1. 67 posts
  2. 1 subcategory
Imunify360
Imunify360
  1. 200 posts
  2. 1 subcategory

Stay in touch

CloudLinux Facebook Facebook 9K+ followers CloudLinux Twitter Twitter 10K+ followers CloudLinux YouTube Channel YouTube official channel CloudLinux on LinkedIn LinkedIn Follow us

Products
Success Stories
Partners
Support
About Us
privacy shield certified
aicpa soc
pci-dss
eu gdpr compliant

© All rights reserved. CloudLinux Inc.
Terms of Use | Privacy Policy | Vulnerability Reporting | Code of Ethics | Legal 

Call Sales at +1 (800) 231-7307

Email [email protected]