various small issues

[-Anti-]

1)
Account: 213.175.201.24

Yesterday I went through the 'CFS warnings' on my first account, and got rid of the ones I wanted without any problems. Today I tried the same thing on my new, second account, and everything seemed to go ok again. However, I now get this email every hour:

/etc/cron.hourly/modsecparse.pl:

DBI connect('modsec:localhost','modsec',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) at /etc/cron.hourly/modsecparse.pl line 19
Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.

On the internet, the solution was described as looking at the password in modsecparse.pl, and copying that to the modsec user in phpmyadmin -> privileges.

I tried that, but I'm still getting the emails.

Another internet suggestion was to uninstall the modsec plugin in easyapache, and then reinstall it and rebuild apache again. This seems a bit drastic, but would that work?

Any other ideas?

2)
I have two VPS-01 accounts. Am I supposed to have access to something called 'virtuozzo power panel' on port 4643? It just times-out on both when I try.
I got the information from here:
What is Virtuozzo Power Panel? | Web Hosting UK | Dedicated Servers | VPS Hosting

3)
Today the firewall blocked my IP, and the only way back in was to ask in the chat. My IP is dynamic and changes several times a day (my wireless router loses dns every few hours and needs to be reset; the IP changes every time), so it is useless to add my IP's to the CFS 'ignore' files.

If I get blocked again, is there a way to remove my IP from the CFS/LFD deny-lists myself?

4)
On my first account ( 213.175.201.228 ), Drupal cron.php is causing 'suspicious process' emails.
In the LFD 'file ignore' config I tried adding: */cron.php
However, that hasn't stopped the emails.
Any ideas what's wrong with the syntax?
I basically want LFD to ignore every cron.php file on the server when they run.

Sorry for the odd 'hotch-potch' of issues!
Thanks.

[eUKShane]

Hello,

I am looking into your issue and will get back to you as soon as possible.

[-Anti-]

Thanks!
Just whenever you can - none of these problems are high priority.

[eUKShane]

Hello,

1) Glad to know that you have solved CSF warning issue Regarding mysql socket error, possible reasons are :

- If the mysql process has got stucked, just check running mysql processes and then kill them manually. Then restart mysql service.

ps aux | grep msyql
kill -9 <PID>
service mysql restart

- Seems like the perl module is having problems connecting to the MySQL socket. If the modsec user or the database is having any issue then we can try reinstalling mod_security.

- The password is not the issue, because if the password is wrong then you should get different error like “Access denied for user ‘modsec’@'localhost”.

So, you can try reinstalling mod_security through easyapache.

2) I have just checked and https://Ipaddress:4643/ is working fine for me.

3) Well, either you can add any trusted static IP address (belongs to your colleague or friend) in csf.allow and then login from it, to remove your IP address from the deny list Or simply generate a live chat session, we will do it for you quickly (this is recommended option).

4) I have added cron binary path in /etc/csf/csf.pignore so that it will ignore all cron processes. You cannot just add “*/cron.php” in csf.fignore because this will just ignore crons which are owned by root user. If you would like to ignore particular user cron then you have to write user:username which will ignore all processes running by this user.

[-Anti-]

1) modsecparse.pl
I uninstalled modsec on 213.175.201.24 and the warnings seem to have stopped.
I'll try reinstalling it tomorrow when I have time. Hopefully the error won't be
reintroduced.

2) vzpp timeout
You're right: 213.175.201.24:4643 works - I accessed the parallels panel
However, my other account: 213.175.201.228:4643 times-out.
I'm not sure I'd use vzpp much, so it's not that important.
If anyone knows what's wrong and can fix it in a couple of minutes, OK.
But please don't spend precious time trying to troubleshoot it.

3) CSF blocking self
If it is normal for customers to get tech support when they're blocked, that's fine.
Don't you guys get sick of it though? It must happen quite often!

4) cron.php is 'suspicious process'
Unfortunately the 'crond' line didn't work - I still got emails.
I tried this instead:

Code:

cmd:php /home/NAME/public_html/SUBDOMAIN/cron.php

If it works, I'll try a wildcard regex path that'll exempt all Drupal cronjobs on the server

Cheers!
Great service and advice as usual!

[eUKShane]

Hello,

1) modsecparse.pl :
If you wish we will reinstall mod_security module for you.

2) vzpp timeout :
Yes, https://213.175.201.228:4643 was not working. I have disabled port redirection from the hardware node and now it is working fine. You should not face the same problem again.

3) CSF blocking self :
Yeah, this is the only option. You can set CT_LIMIT as per your requirements from csf configuration file (csf.conf). This option specifies number of connection limit for all IPs.
It takes 2 mins for us to remove any ip from csf.deny list so, it is ok with us

4) cron.php is 'suspicious process' :
I think "cmd : php" option will help you because it specifies exact path of the cron. Please get back to us if it not works.

Appreciate your patience and understanding.

[-Anti-]

> If you wish we will reinstall mod_security module for you

It's simple enough I think. I come back to you if something goes wrong!


> vzpp timeout:
> I have disabled port redirection from the hardware node and now it is working fine.

Confirmed. Thanks!

> cron.php is 'suspicious process' :
> I think "cmd : php" option will help you because it specifies exact path of the cron.
> Please get back to us if it not works.

Thanks, I will!