EhudZ

My feedback

  1. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Feature Suggestions » Extensions  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. 11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Feature Suggestions » Web  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    EhudZ supported this idea  · 
  3. 230 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    28 comments  ·  Feature Suggestions » Web / HTTP functions  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    EhudZ supported this idea  · 
  4. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Feature Suggestions » WordPress Toolkit  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    EhudZ supported this idea  · 
  5. 460 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    67 comments  ·  Feature Suggestions » Web  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    Plesk can not take years to implement the latest server services.

    EhudZ supported this idea  · 
  6. 287 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    73 comments  ·  Feature Suggestions » Web / HTTP functions  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    Using Plesk, should not restrict users to use OLD services, but keep users liberated to uses state of the art server services.

    EhudZ supported this idea  · 
  7. 17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    Very important.

    EhudZ supported this idea  · 
  8. 6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    Any news?

    EhudZ supported this idea  · 
  9. 1,114 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    open discussion  ·  226 comments  ·  Feature Suggestions » Mail  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    Hi,

    I'm a user and not of Plesk support.

    CalmAV is to the best of my understanding enabled on Plesk for Plesk hosted mail protection:
    https://www.plesk.com/blog/guides/how-to-protect-email-servers-against-spam-viruses/

    I have implemented CalmAV manually to scan uploaded files, using ModSecurity as base technology.

    inspectFile
    Description: Executes an external program for every variable in the target list. The contents of the variable is provided to the script as the first parameter on the command line. The program must be specified as the first parameter to the operator. As of version 2.5.0, if the supplied program filename is not absolute, it is treated as relative to the directory in which the configuration file resides. Also as of version 2.5.0, if the filename is determined to be a Lua script (based on its .lua extension), the script will be processed by the internal Lua engine. Internally processed scripts will often run faster (there is no process creation overhead) and have full access to the transaction context of ModSecurity.

    The @inspectFile operator was initially designed for file inspection (hence the name), but it can also be used in any situation that requires decision making using external logic.

    The OWASP ModSecurity Core Rule Set (CRS) includes a utility script in the /util directory called runav.pl ModSecurity that allows the file approval mechanism to integrate with the ClamAV virus scanner. This is especially handy to prevent viruses and exploits from entering the web server through file upload.

    #!/usr/bin/perl
    #
    # runav.pl
    # Copyright (c) 2004-2011 Trustwave
    #
    # This script is an interface between ModSecurity and its
    # ability to intercept files being uploaded through the
    # web server, and ClamAV

    $CLAMSCAN = "clamscan";

    if ($#ARGV != 0) {
    print "Usage: runav.pl <filename>\n";
    exit;
    }

    my ($FILE) = shift @ARGV;

    $cmd = "$CLAMSCAN --stdout --no-summary $FILE";
    $input = `$cmd`;
    $input =~ m/^(.+)/;
    $error_message = $1;

    $output = "0 Unable to parse clamscan output [$1]";

    if ($error_message =~ m/: Empty file\.?$/) {
    $output = "1 empty file";
    }
    elsif ($error_message =~ m/: (.+) ERROR$/) {
    $output = "0 clamscan: $1";
    }
    elsif ($error_message =~ m/: (.+) FOUND$/) {
    $output = "0 clamscan: $1";
    }
    elsif ($error_message =~ m/: OK$/) {
    $output = "1 clamscan: OK";
    }

    print "$output\n";

    Example: Using the runav.pl script:

    # Execute external program to validate uploaded files
    SecRule FILES_TMPNAMES "@inspectFile /path/to/util/runav.pl" "id:159"
    Example of using Lua script (placed in the same directory as the configuration file):

    SecRule FILES_TMPNAMES "@inspectFile inspect.lua" "id:160"
    The contents of inspect.lua:

    function main(filename)
    -- Do something to the file to verify it. In this example, we
    -- read up to 10 characters from the beginning of the file.
    local f = io.open(filename, "rb");
    local d = f:read(10);
    f:close();

    -- Return null if there is no reason to believe there is ansything
    -- wrong with the file (no match). Returning any text will be taken
    -- to mean a match should be trigerred.
    return null;
    end
    Note : Starting in version 2.9 ModSecurity will not fill the FILES_TMPNAMES variable unless SecTmpSaveUploadedFiles directive is On, or the SecUploadKeepFiles directive is set to RelevantOnly.
    Note: Use @inspectFile with caution. It may not be safe to use @inspectFile with variables other than FILES_TMPNAMES. Other variables such as "FULL_REQUEST" may contains content that force your platform to fork process out of your control, making possible to an attacker to execute code using the same permissions of your web server. For other variables you may want to look at the Lua script engine. This observation was brought to our attention by "Gryzli", on our users mailing list.
    Version: 2.x

    Supported on libModSecurity: TBI

    Reference: http://blog.spiderlabs.com/2010/10/advanced-topic-of-the-week-preventing-malicious-pdf-file-uploads.html

    file upload modsecurity protection

    I have installed ClamAV according to instruction

    I have set the script in place.

    The script is called by a new rule added via Plesk manual rules:

    SecRule FILES_TMPNAMES "@inspectFile /etc/apache2/modsecurity.d/modsec_clamav.pl" \
    "id:'99999932471', \
    phase:2, \
    t:none, \
    deny, \
    log, \
    msg:'Infected File upload detected', \
    tag:'MALICIOUS_SOFTWARE/VIRUS'"
    tested syntax and restarted Apache server

    could not test file upload as those were not IMAGE or PDF

    Script has to get execution permissions

    An error occurred while saving the comment
    EhudZ commented  · 

    It's very important.

    EhudZ supported this idea  · 
  10. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Feature Suggestions » Usability and UI  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. 31 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Feature Suggestions » DNS  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    EhudZ supported this idea  · 
  12. 130 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    The is possible:

    fail2ban-client -vvv set httpd-forbidden banip 54.214.128.0/17

    Or via:
    fail2ban-client set your-jail-name banip 192.0.2.1
    fail2ban-client set your-jail-name unbanip 192.0.2.1

    An error occurred while saving the comment
    EhudZ commented  · 

    IMHO, the Plesk FireWall is the place for such IP...

  13. 29 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 
  14. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Feature Suggestions » Usability and UI  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. 8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Feature Suggestions » Security  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    Hi,

    If you would like to get an email notification for ModSecurity, you can do so, by setting a Fail2Ban jail for ModSecurity, and then get the email notifications.

    So in Fail2Ban, what worked for me was adding second line under action =....

    to be:

    ```
    sendmail[mailcmd='/usr/sbin/sendmail -f "<sender>" "<dest>"', dest="email@recipient.com", sender="fail2ban", sendername="Fail2Ban", name="jail_name"]
    ```

    Note: You may do so for various jails.

    EhudZ supported this idea  · 
  16. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Feature Suggestions » WordPress Toolkit  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. 8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Feature Suggestions » Extensions  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    EhudZ commented  · 

    I have noted Plesk Toolkit SYNC possibly seem to damage file permission, so the need is for Plesk component, to identify what process changed file permission.

    EhudZ supported this idea  · 
  19. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Feature Suggestions » Plesk (general)  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Feature Suggestions » Usability and UI  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3

Feedback and Knowledge Base