Jump to content

EMar

Members
  • Content Count

    74
  • Joined

  • Last visited

About EMar

  • Rank
    Advanced Member

Recent Profile Visitors

421 profile views
  1. Ok.. I have those config files now, I can edit them in CentOS Web Panel 7. There's no disable option for Mod Security, I uninstalled it while editing Blesta pages then installed it again. Adding SecRuleRemoveById 9667848 to all 3 files Configuration Files:Main Configuration --> /usr/local/apache/conf.d/mod_security.confRules Configuration --> /usr/local/apache/modsecurity-owasp-old/owasp.confDisabled Rules --> /usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf I don't have a custom_user.conf Contents of File: /usr/local/apache/conf.d/mod_security.conf Contents of File: /usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf Do I need to add it to /usr/local/apache/modsecurity-owasp-old/owasp.conf?
  2. [root@me /]# yum install mlocate -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centos.mirrors.tds.net * epel: mirror.steadfast.net * extras: mirrors.gigenet.com * updates: centos.mirrors.tds.net Package mlocate-0.26-6.el7.x86_64 already installed and latest version Nothing to do
  3. Thanks, I can't find /usr/local/apache/modsecurity-owasp-old/ in my Centos installation, using sftp as root.
  4. I logged into CentOS Control Panel 7 and clicked Mod Security under the Security tab. Last 20 Lines matching ModSecurity from Error log file: /usr/local/apache/logs/error_log [Tue Apr 24 01:08:09.218692 2018] [:error] [pid 255567:tid 1402356545764868i24] [client 11.110.113.232:63250] [client 11.110.113.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:@.+=\\\\s*?\\\\(\\\\s*?select)|(?:\\\\d+\\\\s*?(x?or|div|like|between|and)\\\\s*?\\\\d+\\\\s*?[\\\\-+])|(?:\\\\/\\\\w+;?\\\\s+(?:having|and|x?or|div|like|between|and|select)\\\\W)|(?:\\\\d\\\\s+group\\\\s+by.+\\\\()|(?:(?:;|#|--)\\\\s*?(?:drop|alter))|(?:(?:;|#|--)\\\\s*?(?:update|i ..." at ARGS:content. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "211"] [id "9667848"] [msg "Detects chained SQL injection attempts 1/2"] [data "Matched Data: div class=\\x22 found within ARGS:content: <div class=\\x22col-md-12\\x22>\\x0d\\x0a <div class=\\x22thanks\\x22>\\x0d\\x0a\\x0d\\x0a\\x0d\\x0a</div>\\x0d\\x0a </div>\\x0d\\x0a\\x0d\\x0a <div class=\\x22col-md-4 col-sm-6 portal-box\\x22>\\x0d\\x0a <a href=\\x22{client_url}login/\\x22>\\x0d\\x0a <div class=\\x22well\\x22>\\x0d\\x0a <i class=\\x22fa fa-cogs fa-4x\\x22></i>\\x0d\\x0a <h4>My Account</h4>\\x0d\\x0a <p>Log in here to manage your ac [hostname "clients.domain.com"] [uri "/staff/settings/company/plugins/manage/5/"] [unique_id "%^$%6DeSztztryrrtrggJxJwAAAM8"], referer: https://clients.domain.com/staff/settings/company/plugins/manage/5/
  5. I tried that command in putty, don't think it did anything.
  6. I see some files at /usr/local/apache/logs error_log, modsec_audit.log, modsec_debug.log
  7. For some reason I created two staff members, but with the same info, Each assigned to a different department, billing and support. I've ticked every box at System > Staff > Staff Groups, for both users, but still can't edit that portal module. EDIT Actually I disable mod_security in the server and was able to edit the portal module. So any idea how to fix this when mod_security is enabled?
  8. Hmm I was trying to edit the portal module text and after saving got this Forbidden You don't have permission to access /staff/settings/company/plugins/manage/5/ on this server. Would it have anything to do with mod security which I enabled the other day on CentOs Panel?
  9. EMar

    Custom Links In Client Navigation

    I keep runnin into a brick wall. I'm actually searching google for "add links to blesta menu." and "create new pages in blesta" I know you have a cms out now, but there are plenty people out there that might only want blesta, That leaves a lot to the imagination in terms of theming the whole thing, and customizing it, adding pages, and links in the nav for those pages etc etc. I think a lot of people would prefer if there was an easier way to add new pages, and links to the nav menu for those pages. I'm kind of at the stage where I want to add new pages, links, but I'd have to dive into the code to get it done, right? Just my opinion, it would make it better for everyone, and potential customers. So we have 3 options, buy that admin tools, buy the cms, or dive into the code. Wel l4 if you find a theme that has all those features included. But we can't do it from a plugin in blesta itself. Have you thought about combining the cms with blesta as one product.
  10. Not sure how to add this, there will be occasions where clients have their own domain when signing up, and others won't. If I remove the Validate Hostname, will this info be used as their username for the account or what? whatever they enter. There has to be some kind of info box there to explain to some users what they can do if they don't have a domain name.
  11. Hey, How would you add an info box below the Hostname title in the checkout form, when renting a new package, I'd like to put an info box that informs new clients that they can contact us to have an account created if they don't have their own domain name. I see the text in components/modules/centovacast/language/en_us/centovacast.php I can change the title text for Hostname to something else but it changed the text in the field also. Or how do other hosts handle this if someone doesn't have a domain of their own?
  12. EMar

    Centova Cast module - Hostname

    I really need to figure all these little details out before I allow anyone to use the module under my own domain.
  13. EMar

    Blesta Wordpress Bridge

    Well the sooner someone actually creates a bridge the sooner others can do the integration. Not every single person that wants to use blesta will know how to do their own integration. It's kind of like building 4 walls and telling someone now go live in your new home.
×