UK WEB HOSTING FORUM FOR DISCUSSION ON WEB HOSTING SERVICE AND SUPPORT
LINUX HOSTING WINDOWS HOSTING PACKAGES SHOPPING CART OSCOMMERCE ZEN CART AGORA
ECOMMERCE HOSTING ASP MSSQL FRONTPAGE HOSTING PHP MYSQL HOSTING DISCUSSION FORUM
CPANEL RESELLER HOSTING DEDICATED SERVER VPS HOSTING PLESK VIRTUOZZO
Quick Search
Your forum announcement here!

  UK Web Hosting | Dedicated Server Windows and Linux VPS Forum > Technical Support > Control Panel Questions
Account Security

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 10-01-2008, 01:29
MonteJon's Avatar
Senior Member
  
Join Date: Jul 2007
Location: Cheshire/London
Posts: 101
Default Account Security
Hi all,
Following on from one of my other posts I'm a tad concerned about security on my account/domains.
I've had mod_sec disabled and wonder how vunerable my site is to hackers and others of their ilk now ?
How do I make my account CP secure and ensure no-one can pay a visit without my say so ?
Thanks for any advice,
Jon
__________________
Cowcare Forum
WYSIFA Forum
Reply With Quote
  #2 (permalink)  
Old 10-01-2008, 11:31
WelshTom's Avatar
Moderator
  
Join Date: May 2007
Location: Newport, Wales
Posts: 788
Send a message via AIM to WelshTom Send a message via MSN to WelshTom Send a message via Yahoo to WelshTom
Default
Mod_security doesn't prevent users to get into your control panel - instead, it stops scripts etc or SQL queries from being run in the URL.

If you need it for a particular piece of software to function, it is important to ensure you only disable it for that particular software, and nothing else. Make sure the software you are using is secure, and ensure to keep it up to date!

Even if it is disabled however, there is not really a cause for concern, providing the scripts you are using have been correctly coded.
__________________
Thomas Williams
Founder of TWR Web Design
http://www.twrwebdesign.co.uk/
Reply With Quote
  #3 (permalink)  
Old 10-01-2008, 15:44
MonteJon's Avatar
Senior Member
  
Join Date: Jul 2007
Location: Cheshire/London
Posts: 101
Default How do I ?
Hi Thomas,
First off I did'nt disable it, someone from your side of the fence did following a problem I had with one of my domains and I'm glad they did.
Secondly I've looked through all knowledge base articles and cannot find out how to do it for myself in future, can you either tell me how or point me in the right direction please ?
Many thanks,
Jon
__________________
Cowcare Forum
WYSIFA Forum
Reply With Quote
  #4 (permalink)  
Old 10-01-2008, 15:58
jc8654's Avatar
Moderator
  
Join Date: May 2007
Location: Manchester, United Kingdom
Posts: 1,219
Send a message via MSN to jc8654
Default
I've never had to do this myself however I think it's adding "SecFilterEngine Off" to the .htaccess folder for the thing you're running.

For example, if you're running a forum in the directory "forum" put the above into the .htaccess file inside that folder and that will disable mod_security for that folder and all folders inside it.
__________________
Jonathan Crass
Joint Partner in Checker Design

North East Website design
UK based monitoring
Cheap UK Web Hosting

Save Jodrell Bank: www.savejodrellbank.org.uk

eUKhost Forum Moderator
Reply With Quote
  #5 (permalink)  
Old 10-01-2008, 16:00
WelshTom's Avatar
Moderator
  
Join Date: May 2007
Location: Newport, Wales
Posts: 788
Send a message via AIM to WelshTom Send a message via MSN to WelshTom Send a message via Yahoo to WelshTom
Default
Hello.

You can disable mod_Security by using .htaccess.

For example, if you have a directory called /phpbb, and want to disable mod_security within that directory, create a .htaccess file within that directory, and put this inside it:

Code:
<IfModule mod_security.c>
 
    SecFilterEngine Off
 
    SecFilterScanPOST Off
 
</IfModule>
PUTTING THIS INSIDE A .HTACCESS FILE IN THE ROOT DIRECTORY WILL DISABLE MOD_SECURITY FOR *EVERYTHING* - SO PLEASE ENSURE TO ONLY PUT IT IN THE DIRECTORY FOR WHICH YOU WANT MOD_SECURITY DISABLED
__________________
Thomas Williams
Founder of TWR Web Design
http://www.twrwebdesign.co.uk/
Reply With Quote
  #6 (permalink)  
Old 10-01-2008, 16:03
flesso's Avatar
Premium Member
  
Join Date: Mar 2007
Location: 127.0.0.1
Posts: 1,195
Default
The following thread has been stuck in the PHP hosting for a while now and can be referenced to at any time if you need the mod_sec off code.

Link: mod_security Fix
__________________
Regards,
Josh Hold

eUKhost Blog: Over 1000 Computer Related Articles to Sink Your Teeth Into!

Super Moderator

I'm only a forum gremlin (moderator), and do not work for eUKhost in any way. Opinions expressed by me are mine only, and do not reflect those of either eUKhost or any company that may be listed above.
Reply With Quote
Reply

« Horde webmail : Content Encoding Error (content_encoding_error) !!! | Change permisions, where ? »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 15:18.

 

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by Web Hosting 3.1.0
Copyright © 2001-2008, eUKhost.com. All rights reserved.

Dedicated Server Hosting | VPS Hosting | Web Hosting UK | cPanel Hosting | Contact Us | UK Web Hosting | Archive
 
Site Map

knowledgebase articles

popular blog categories