ModSecurity: Multipart parsing error: Multipart: Failed to create file: /root/tmp/20170526-122120-WSfJYO2KhTvEz5johZF8UQAAAEw-file-9mmG15

If you are using ‘inspectFile’ of modsecurity, you may face an error in cpanel server like following

ModSecurity: Multipart parsing error: Multipart: Failed to create file: /root/tmp/20170526-122120-WSfJYO2KhTvEz5johZF8UQAAAEw-file-9mmG15

This error appears because mod_security fails to detect the tmp folder automatically. To fix the problem, all you need to add the following line in your modsec_user.conf file for cpanel servers:

SecTmpDir /tmp

This file is available under

/etc/apache2/conf.d/modsec

Alternatively, you may add the line from Cpanel >> Modsecurity Tools >> Add Rules.

What is the difference between Mangle Table & NAT Table?

You must know IPTables to understand routing properly. Once the concept & perspective of IPTables is cleared to somebody, it would become very easy to understand Linux routing and write Iptables rules to create & configure your own desired network. I will write a series of posts trying to explain and clear the confusion over Iptables basic perspective.

Continue reading “What is the difference between Mangle Table & NAT Table?”

Postrouting and IP Masquerading in Linux

IPTables is responsible to handle packet filtering in Linux system. IPTables contains several predefined and/or user-defined tables. Each table contains chains and chain contain packet rules. IPTables uses NAT table to forward packets to another node.

Continue reading “Postrouting and IP Masquerading in Linux”

How much data does Mellowhost have in their Backup?

It should be pretty known if you are a Mellowhost customer that we backup our servers on daily basis. We are currently using R1Soft CDP for each of our servers. All the backup servers are offsite, that means they are not hosted in the same server you are using with Mellowhost and not even in Softlayer network. Continue reading “How much data does Mellowhost have in their Backup?”

wp-supercache plugin for MH servers

I had written about using a cache plugin with all the wordpress blogs in order to reduce the CPU usage before. Although, some of our clients were complaining about issues with the most popular “wp-supercache” plugin with couple of our servers. We use some custom security protection which might block couple of wp-supercache commands. I here therefore, uploaded a workable version of  latest wp-supercache 0.9.9.9 that works perfectly with our servers. You can download the latest version of wp-supercache compatible with our servers here:

http://mellowhost.com/downloads/wp-supercache.tar.gz

Wp-supercache is a property of its original author. More details about this plugin is available here:
http://wordpress.org/extend/plugins/wp-super-cache/

48 restless hours!

RAID is not a backup solution, it is proved again! I was planning to write my experience of 48 hours from July 22 7:17 to July 24 7:23 GMT -5, couldn’t really manage to get some time. All the users who were in the Hemonto server should be aware about the recent issue we faced with our RAID. This post is just to elaborate how did we handle the situation.

Continue reading “48 restless hours!”

Form Spam

I have monitoring this thing for long. It is really becoming a headache now. It continuously consuming a lot of CPU and Mysql resources for no reason. Form Spam like wordpress comment spam, directory registration/submission spam, forum spam consumes around 33% of the total CPU usage of a day in one of Mellowhost’s old server according to my calculation a couple of minutes ago. This consumption is pretty huge and grows as the server grows.

For some reason due to the development of auto scripts installer like Softaculous and Fantastico, users tend to try each script and leave them unattended. This keeps leaving form exploits for the botnet attackers. A wordpress blog without akismet is potentially threatened to form spam attack. Most of the phpbb forums contains no protection at all on the initial installation. These let the auto bot spammers to post their links in unattended forums/blogs to gain backlinks from their perspective.

This is not eventually only harmful for the server in realtime but also threaten the reputation of the shared IP. I have been working to try to develop a protection server wide to stop these spammers, but every attempt seems inadequate.

In many cases, it is hard to control or check manually as resellers add users and the users add many addon domains. It grows almost everyday. It is advised for every user, not to keep unattended blog/forum/script. It is always better to add some “Captcha” in all sort of registration form. Nowadays, spammers have broken the Captchas as well. Some people have already started some solution called Random questions. But anyway, there should be something like verification in the registration and the comments shouldn’t be allowed without registration. You can also add the Akismet plugin which is available for almost all the blogs and forums. It drastically reduces the number of spam and acts pretty quickly.

Protecting form spam is not only good for the server, but also good for your sites reputation. If you are hosting an unattended blog script inside one of your main site, than it may receive a serious damage of reputation in SEO if the unattended blog is regularly spammed by malicious users. So, check now, if you have any unattended script inside a folder, you should probably double check and delete it if it is not essential or protect it from auto botnets.

How to protect your WordPress blog from web injection

I have been thinking to write this post for long time, although, couldn’t get time to write details about this major security issue. From my experience, I have seen a big percentage of users are using WordPress and a certain percentage always face some sort of Web Injections (Iframe for example) with any shared hosting provider. This post would go into deep to study why these web injections are occurring and how can you protect your wordpress blog from these sort of issues.

Continue reading “How to protect your WordPress blog from web injection”