SolVPS Hosting Blog

Two-Factor Authentication Now Available for SolVPS Customers

By SolVPS | Published: January 7, 2015

We are pleased to announce that secure two-factor authentication is now available for all SolVPS customers.

With two-factor login, you can set a secondary login credential in addition to your account password. With this method you can easily prevent unauthorized access to your client account and services.

Our two-factor authentication system works by pairing with your smartphone (iOS, Android, or other) and establishing a secret key there. Upon each account login, you will be challenged to input a 4-digit code from your smartphone, which automatically changes every 30 minutes.

Two-factor authentication is optional but encouraged for maximum account security.

To enable two-factor authentication for your client account:

Log in at: https://www.solvps.com/secure/
Navigate to Account > Client Profile Settings > Security Settings

Posted in Announcements, Maintenance & Service Updates, Tech Support | Tagged customers, login, panel, security, solvps | Leave a comment

SSL Issue Resolved on www.solvps.com

By SolVPS | Published: December 18, 2014

We have resolved an issue with SSL validation on some browsers for www.solvps.com and www.solvps.com/secure. Due to mis-matched CA root keys, some systems and browsers may have displayed a warning message while connecting to the domain, over the past 5-10 days.

Although SSL was active and securing all connections throughout this time, we apologize for any inconvenience caused by the error.

Wishing you a happy holiday season!

– SolVPS Staff

Posted in Announcements, Maintenance & Service Updates | Tagged announcements, maintenance, staff, updates | Leave a comment

Windows 10 VPS: Technical Preview Available for Installation

By SolVPS | Published: December 12, 2014

We are excited to announce that Windows 10 Technical Preview is now available to install on our VPS instances.

Through preliminary testing, we have not identified any major bugs with Windows 10 VPS instances. Although performing well so far, Windows 10 VPS instances are intended for testing and preview only, while we suggest Windows Server 2012 R2 for server workloads.

Windows 10 is available to reinstall from the VPS Panel. Please contact support@solvps.com for assistance.

Posted in Announcements | Tagged announacements, news, OS, templates, windows 10, windows vps | Leave a comment

How to Change the System Timezone on your VPS (Linux/Xen/KVM)

By SolVPS | Published: December 4, 2014

Changing the timezone in your Linux VPS, or other Linux system, can be easily done via shell.

Log in to your server, or open a terminal/console on your desktop, and use the following command to setup your preferred timezone:

ln -sf /usr/share/zoneinfo/US/Central /etc/localtime

You can explore the folder to see available timezones:

ls /usr/share/zoneinfo/

This should work in almost all Linux distributions, and it is also a good way to set the timezone for KVM VPS, Xen VPS, and other Linux VPS systems.

Posted in Linux VPS, Tech Support, VPS Hosting | Tagged how-to, linux, timezone | Leave a comment

Changing the Default RDP Port on a Windows VPS (Server 2012, 2008, 2003)

By SolVPS | Published: December 3, 2014

Port 3389 is the default port for RDP on Windows systems, but you may wish to change this due to your network configuration, or for security.

After logging in to your Windows VPS with remote desktop, follow the steps below to update the RDP (remote desktop protocol) connection port:

Start Registry Editor by using Start > regedit
Navigate to the following registry subkey in the browser:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
On the Edit menu, click Modify, and then click Decimal.
Enter your desired port number. It should be a high number, not greater than 65536.
Quit Registry Editor.
Restart the VPS. You can restart from inside Windows.

After restarting, you should be able to connect to RDP on the alternate port. Enter the Server IP Address into your RDP client with the port number appended, like this: 104.104.104.104:10905

This guide applies to:

Windows Server 2012, Server 2008, Server 2003
Windows 8, 7, Vista, XP

Posted in Guides & How To's, Tech Support, VPS Hosting, Windows Server, Windows VPS | Tagged rdc, rdp, security, server2012, windows | 1 Response

How to Install & Configure Mod_Security on cPanel/WHM VPS

By SolVPS | Published: November 30, 2014

In this guide, we will show you an easy way to install mod_security on a cPanel VPS, including rules to protect from MySQL injection and web attacks.

Mod_security is a web application firewall module for Apache web server, and can provide extremely safe protection against web-based attacks, when configured properly.

This guide requires cPanel/WHM to be installed on your VPS or server already. If you need to install cPanel, please follow the link for instructions.

How to Install Mod_Security on cPanel/WHM:

1. Log in to your server’s WHM interface and navigate to EasyApache.

2. Follow the prompts to rebuild using your last saved profile, or the default profile. Ensure Mod_Security is selected in the installation choices.

3. Wait for the rebuild to complete (20-30 minutes).

How to Install ModSec Control Plugin for WHM:

Log in to your server’s console, terminal, or access remotely via SSH. You will need root privileges. Run the following commands to download and install the ConfigServer ModSec Control (CMC) plugin for WHM:

cd /root; wget http://download.configserver.com/cmc.tgz

tar xvf cmc.tgz; cd cmc/; sh install.sh

How to Configure ModSecurity Ruleset with cPanel/WHM:

1. Refresh the WHM interface and navigate to Plugins > ModSec Control.

2. Switch the state to ‘On‘ and save to activate the web firewall.

3. Scroll down to ConfigServer ModSecurity Tools and select modsec2.user.conf to Edit.

Here, you can copy in a ruleset. Rules are directives for mod_security to use when screening web server activity, instructing mod_security what events to check for, and what actions to take.

The best mod_security rules will greatly depend on your server and the application(s) you are hosting. We have provided an example ruleset below, which defines basic directives to help protect from MySQL injection, PHP, and other web server abuse.

4. Copy the entire text below into the edit space for modsec2.user.conf, while preserving any existing lines in the file. Then Save, and check on the confirmation screen that Apache webserver has successfully reloaded. You are now protected!

SecRule ARGS {php} “severity:4,log,deny,id:6624001”
SecRule ARGS eval “severity:4,log,deny,id:6624002”
SecRule ARGS base64_decode “severity:4,log,deny,id:6624003”

SecRule REQUEST_URI|ARGS|REQUEST_BODY “base64_decode” “severity:4,log,deny,msg:’Access Denied’id:’6624009′”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “eval” “severity:4,log,deny,msg:’Access Denied’id:’6624010′”
SecRule REQUEST_URI|ARGS|REQUEST_BODY “{php}” “severity:4,log,deny,msg:’Access Denied’id:’6624011′”

SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000

SecRequestBodyAccess On
SecRule FILES_TMPNAMES “@inspectFile /etc/cxs/cxscgi.sh” \
“log,auditlog,deny,severity:2,phase:2,t:none,id:’1010101′”
SecTmpDir /tmp

# Deprecated due to security issues so it should be off: http://blog.modsecurity.org/2008/08/transformation.html
SecCacheTransformations Off

# Check Content-Length and reject all non numeric ones
SecRule REQUEST_HEADERS:Content-Length “!^\d+$” “deny,log,auditlog,msg:’Content-Length HTTP header is not numeric’, severity:’2′,id:’960016′”

# Do not accept GET or HEAD requests with bodies
SecRule REQUEST_METHOD “^(?:GET|HEAD)$” “chain,phase:2,t:none,deny,log,auditlog,status:400,msg:’GET or HEAD requests with bodies’, severity:’2′,id:’960011′,tag:’PROTOCOL_VIOLATION/EVASION'”
SecRule REQUEST_HEADERS:Content-Length “!^0?$” t:none

# Require Content-Length to be provided with every POST request.
SecRule REQUEST_METHOD “^POST$” “chain,phase:2,t:none,deny,log,auditlog,status:400,msg:’POST request must have a Content-Length header’,id:’960012′,tag:’PROTOCOL_VIOLATION/EVASION’,severity:’4′”
SecRule &REQUEST_HEADERS:Content-Length “@eq 0” t:none

# Don’t accept transfer encodings we know we don’t know how to handle
SecRule REQUEST_HEADERS:Transfer-Encoding “!^$” “phase:2,t:none,deny,log,auditlog,status:501,msg:’ModSecurity does not support transfer encodings’,id:’960013′,tag:’PROTOCOL_VIOLATION/EVASION’,severity:’3′”

# Check decodings
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer “@validateUrlEncoding” \
“chain, deny,log,auditlog,msg:’Access Denied’,id:’950107′,severity:’4′”
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer “\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})”

SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer “@validateUtf8Encoding” “deny,log,auditlog,msg:’Access Denied’,id:’950801′,severity:’4′”

# Proxy access attempt
SecRule REQUEST_URI_RAW ^\w+:/ “phase:2,t:none,deny,log,auditlog,status:400,msg:’Proxy access attempt’, severity:’2′,id:’960014′,tag:’PROTOCOL_VIOLATION/PROXY_ACCESS'”

# Restrict type of characters sent
SecRule REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer \
“@validateByteRange 1-255” \
“log,auditlog,msg:’Request Missing an Accept Header’, severity:’2′,id:’960015′,t:urlDecodeUni,phase:1”

SecRule ARGS|ARGS_NAMES “@validateByteRange 1-255” \
“deny,log,auditlog,msg:’Invalid character in request’,id:’960901′,severity:’4′,t:urlDecodeUni,phase:2”

# allow request methods
SecRule REQUEST_METHOD “!^((?:(?:POS|GE)T|OPTIONS|HEAD))$” \
“phase:2,t:none,log,auditlog,status:501,msg:’Method is not allowed by policy’, severity:’2′,id:’960032′,tag:’POLICY/METHOD_NOT_ALLOWED'”

# Restrict file extension
# removed exe so that frontpage will work

# Restricted HTTP headers
SecRule REQUEST_HEADERS_NAMES “\.(?:Lock-Token|Translate|If)$” \
“deny,log,auditlog,msg:’HTTP header is restricted by policy’,id:’960038′,severity:’4′”

SecRule HTTP_User-Agent “(?:\b(?:m(?:ozilla\/4\.0 $compatible$|etis)|webtrends security analyzer|pmafind)\b|n(?:-stealth|sauditor|essus|ikto)|b(?:lack ?widow|rutus|ilbo)|(?:jaascoi|paro)s|internet explorer|webinspect|\.nasl)” \
“deny,log,auditlog,msg:’Request Indicates a Security Scanner Scanned the Site’,id:’990002′,severity:’2′”
SecRule REQUEST_HEADERS_NAMES “\bacunetix-product\b” \
“deny,log,auditlog,msg:’Request Indicates a Security Scanner Scanned the Site’,id:’990901′,severity:’2′”
SecRule REQUEST_FILENAME “^/nessustest” \
“deny,log,auditlog,msg:’Request Indicates a Security Scanner Scanned the Site’,id:’990902′,severity:’2′”

SecRule REQUEST_HEADERS:User-Agent “(?:m(?:ozilla\/(?:4\.0 $compatible; advanced email extractor|2\.0 \(compatible; newt activex; win32$)|ailto:craftbot\@yahoo\.com)|e(?:mail(?:(?:collec|harves|magne)t|(?: extracto|reape)r|siphon|wolf)|(?:collecto|irgrabbe)r|xtractorpro|o browse)|a(?:t(?:tache|hens)|utoemailspider|dsarobot)|w(?:eb(?:emailextrac| by mail)|3mir)|f(?:astlwspider|loodgate)|p(?:cbrowser|ackrat|surf)|(?:digout4uagen|takeou)t|(?:chinacla|be)w|hhjhj@yahoo|rsync|shai|zeus)” \
“deny,log,auditlog,msg:’Rogue web site crawler’,id:’990012′,severity:’2′”

SecRule REQUEST_HEADERS:User-Agent “(?:\b(?:(?:indy librar|snoop)y|microsoft url control|lynx)\b|d(?:ownload demon|isco)|w(?:3mirror|get)|l(?:ibwww|wp)|p(?:avuk|erl)|cu(?:sto|rl)|big brother|autohttp|netants|eCatch)” \
“chain,log,auditlog,msg:’Request Indicates an automated program explored the site’,id:’990011′,severity:’5′”
SecRule REQUEST_HEADERS:User-Agent “!^apache.*perl”
# Blind SQL injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer “@pm sys.user_triggers sys.user_objects @@spid msysaces instr sys.user_views sys.tab charindex sys.user_catalog constraint_type locate select msysobjects attnotnull sys.user_tables sys.user_tab_columns sys.user_constraints waitfor mysql.user sys.all_tables msysrelationships msyscolumns msysqueries” \
“phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceComments,t:compressWhiteSpace,pass,nolog,skip:1,id:’1040401′”
SecAction phase:2,pass,nolog,skipAfter:959007,id:1040402
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer “(?:\b(?:(?:s(?:ys\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\b.{0,40}\b(?:substring|ascii|user))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql.user)|c(?:onstraint_type|harindex)|attnotnull)\b|(?:locate|instr)\W+\()|\@\@spid\b)” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,t:replaceComments,t:compressWhiteSpace,ctl:auditLogParts=+E,log,auditlog,msg:’Blind SQL Injection Attack’,id:’950007′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′,id:’9600016′”
SecRule REQUEST_FILENAME|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer “\b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|(?:dba|mb)_users|xtype\W+\bchar|rownum)\b|t(?:able_name\b|extpos\W+\())” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceComments,t:compressWhiteSpace,ctl:auditLogParts=+E,log,auditlog,msg:’Blind SQL Injection Attack’,id:’959007′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′,id:’9600116′”

SecRule REQUEST_FILENAME|ARGS|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer “@pm substr xtype textpos all_objects rownum sysfilegroups sysprocesses user_group sysobjects user_tables systables pg_attribute user_users user_password column_id attrelid user_tab_columns table_name pg_class user_constraints user_objects object_type dba_users sysconstraints mb_users column_name atttypid object_id substring syscat user_ind_columns sysibm syscolumns sysdba object_name” \
“phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,pass,nolog,skip:1,id:’9600118′”
SecAction phase:2,pass,nolog,skipAfter:959904,id:’9600123′
SecRule REQUEST_FILENAME|ARGS “\b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|(?:dba|mb)_users|xtype\W+\bchar|rownum)\b|t(?:able_name\b|extpos\W+\())” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:’Blind SQL Injection Attack’,id:’950904′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer “\b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|(?:dba|mb)_users|xtype\W+\bchar|rownum)\b|t(?:able_name\b|extpos\W+\())” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:’Blind SQL Injection Attack’,id:’959904′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′”

# SQL injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer “@pm insert xp_enumdsn infile openrowset nvarchar autonomous_transaction print data_type or outfile inner shutdown tbcreator @@version xp_filelist sp_prepare sql_longvarchar xp_regenumkeys xp_loginconfig xp_dirtree ifnull sp_addextendedproc xp_regaddmultistring delete sp_sqlexec and sp_oacreate sp_execute cast xp_ntsec xp_regdeletekey drop varchar xp_execresultset having utl_file xp_regenumvalues xp_terminate xp_availablemedia xp_regdeletevalue dumpfile isnull sql_variant select ‘sa’ xp_regremovemultistring xp_makecab ‘msdasql’ xp_cmdshell openquery sp_executesql ‘sqloledb’ dbms_java ‘dbo’ utl_http sp_makewebtask benchmark xp_regread xp_regwrite” \
“phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,pass,nolog,skip:1,id:’9600121′”
SecAction phase:2,pass,nolog,id:999501,skipAfter:959001,id:’9600125′
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES “(?:\b(?:(?:s(?:elect\b(?:.{1,100}?\b(?:(?:length|count|top)\b.{1,100}?\bfrom|from\b.{1,100}?\bwhere)|.*?\b(?:d(?:ump\b.*\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebtask)|ql_(?:longvarchar|variant))|xp_(?:reg(?:re(?:movemultistring|ad)|delete(?:value|key)|enum(?:value|key)s|addmultistring|write)|e(?:xecresultset|numdsn)|(?:terminat|dirtre)e|availablemedia|loginconfig|cmdshell|filelist|makecab|ntsec)|u(?:nion\b.{1,100}?\bselect|tl_(?:file|http))|group\b.*\bby\b.{1,100}?\bhaving|d(?:elete\b\W*?\bfrom|bms_java)|load\b\W*?\bdata\b.*\binfile|(?:n?varcha|tbcreato)r)\b|i(?:n(?:to\b\W*?\b(?:dump|out)file|sert\b\W*?\binto|ner\b\W*?\bjoin)\b|(?:f(?:\b\W*?\(\W*?\bbenchmark|null\b)|snull\b)\W*?\()|a(?:nd\b ?(?:\d{1,10}|[\’\”][^=]{1,10}[\’\”]) ?[=<>]+|utonomous_transaction\b)|o(?:r\b ?(?:\d{1,10}|[\’\”][^=]{1,10}[\’\”]) ?[=<>]+|pen(?:rowset|query)\b)|having\b ?(?:\d{1,10}|[\’\”][^=]{1,10}[\’\”]) ?[=<>]+|print\b\W*?\@\@|cast\b\W*?\()|(?:;\W*?\b(?:shutdown|drop)|\@\@version)\b|'(?:s(?:qloledb|a)|msdasql|dbo)’)” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:’SQL Injection Attack’,id:’950001′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer “(?:\b(?:(?:s(?:elect\b(?:.{1,100}?\b(?:(?:length|count|top)\b.{1,100}?\bfrom|from\b.{1,100}?\bwhere)|.*?\b(?:d(?:ump\b.*\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebtask)|ql_(?:longvarchar|variant))|xp_(?:reg(?:re(?:movemultistring|ad)|delete(?:value|key)|enum(?:value|key)s|addmultistring|write)|e(?:xecresultset|numdsn)|(?:terminat|dirtre)e|availablemedia|loginconfig|cmdshell|filelist|makecab|ntsec)|u(?:nion\b.{1,100}?\bselect|tl_(?:file|http))|group\b.*\bby\b.{1,100}?\bhaving|d(?:elete\b\W*?\bfrom|bms_java)|load\b\W*?\bdata\b.*\binfile|(?:n?varcha|tbcreato)r)\b|i(?:n(?:to\b\W*?\b(?:dump|out)file|sert\b\W*?\binto|ner\b\W*?\bjoin)\b|(?:f(?:\b\W*?\(\W*?\bbenchmark|null\b)|snull\b)\W*?\()|a(?:nd\b ?(?:\d{1,10}|[\’\”][^=]{1,10}[\’\”]) ?[=<>]+|utonomous_transaction\b)|o(?:r\b ?(?:\d{1,10}|[\’\”][^=]{1,10}[\’\”]) ?[=<>]+|pen(?:rowset|query)\b)|having\b ?(?:\d{1,10}|[\’\”][^=]{1,10}[\’\”]) ?[=<>]+|print\b\W*?\@\@|cast\b\W*?\()|(?:;\W*?\b(?:shutdown|drop)|\@\@version)\b|'(?:s(?:qloledb|a)|msdasql|dbo)’)” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:’SQL Injection Attack’,id:’959001′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES “\b(\d+) ?= ?\1\b|[\’\”](\w+)[\’\”] ?= ?[\’\”]\2\b” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:’SQL Injection Attack’,id:’950901′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer “\b(\d+) ?= ?\1\b|[\’\”](\w+)[\’\”] ?= ?[\’\”]\2\b” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:’SQL Injection Attack’,id:’959901′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_FILENAME|ARGS|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer “@pm user_objects object_type substr all_objects mb_users column_name rownum atttypid substring object_id user_group user_tables pg_attribute user_users column_id user_password attrelid object_name table_name pg_class” \
“phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,pass,nolog,skip:1,id:’95990013′”
SecAction phase:2,pass,nolog,skipAfter:959906,id:’9600127′
SecRule REQUEST_FILENAME|ARGS “\b(?:user_(?:(?:object|table|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|substr(?:ing)?|table_name|mb_users|rownum)\b” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:’SQL Injection Attack’,id:’950906′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer “\b(?:user_(?:(?:object|table|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|substr(?:ing)?|table_name|mb_users|rownum)\b” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:’SQL Injection Attack’,id:’959906′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′”

SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!REQUEST_HEADERS:via “\b(?:coalesce\b|root\@)” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:’SQL Injection Attack’,id:’950908′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:via “\b(?:coalesce\b|root\@)” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:’SQL Injection Attack’,id:’959908′,tag:’WEB_ATTACK/SQL_INJECTION’,logdata:’%{TX.0}’,severity:’2′”

# file injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/* “@pm .www_acl .htpasswd .htaccess boot.ini httpd.conf /etc/ .htgroup global.asa .wwwacl” \
“phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,pass,nolog,skip:1,id:’95990015′”
SecAction phase:2,pass,nolog,skipAfter:959005,id:’9600131′
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES “(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’Access Denied’,id:’950005′,tag:’WEB_ATTACK/FILE_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_HEADERS|XML:/* “(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’Access Denied’,id:’959005′,tag:’WEB_ATTACK/FILE_INJECTION’,logdata:’%{TX.0}’,severity:’2′”

# Command access
SecRule REQUEST_FILENAME “\b(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe\b” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’System Command Access’,id:’950002′,tag:’WEB_ATTACK/FILE_INJECTION’,logdata:’%{TX.0}’,severity:’2′”

# Command injection
SecRule ARGS “@pm uname wguest.exe /perl /nasm rcmd.exe nc tclsh /xterm finger tftp chown /echo nmap.exe ping /passwd /chsh ps /uname telnet.exe /ftp ls tclsh8 lsof /ping echo cmd.exe /kill python traceroute /ps perl passwd wsh.exe /rm /cpp chgrp /telnet localgroup kill /chgrp /finger nasm /ls nc.exe id /chmod /nc /g++ /id /chown cmd /nmap chsh /gcc net.exe /python /lsof ftp.exe ftp xterm mail /mail tracert nmap rm cd chmod cpp telnet cmd32.exe gcc g++” \
“phase:2,t:none,t:htmlEntityDecode,t:lowercase,pass,nolog,skip:1,id:’95990017′”
SecAction phase:2,pass,nolog,skipAfter:950006,id:’9600133′
SecRule ARGS “(?:\b(?:(?:n(?:et(?:\b\W+?\blocalgroup|\.exe)|(?:map|c)\.exe)|t(?:racer(?:oute|t)|elnet\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\.exe|echo\b\W*?\by+)\b|c(?:md(?:(?:32)?\.exe\b|\b\W*?\/c)|d(?:\b\W*?[\\\/]|\W*?\.\.)|hmod.{0,40}?\+.{0,3}x))|[\;\|\`]\W*?\b(?:(?:c(?:h(?:grp|mod|own|sh)|md|pp)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)\b|g(?:\+\+|cc\b))|\/(?:c(?:h(?:grp|mod|own|sh)|pp)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|g(?:\+\+|cc)|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)(?:[\’\”\|\;\`\-\s]|$))” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’System Command Injection’,id:’950006′,tag:’WEB_ATTACK/COMMAND_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:’/^(Cookie|Referer|X-OS-Prefs)$/’|REQUEST_COOKIES|REQUEST_COOKIES_NAMES \
“@pm uname wguest.exe /perl /nasm rcmd.exe nc tclsh /xterm finger tftp chown /echo nmap.exe ping /passwd /chsh ps /uname telnet.exe /ftp ls tclsh8 lsof /ping echo cmd.exe /kill python traceroute /ps perl passwd wsh.exe /rm /cpp chgrp /telnet localgroup kill /chgrp /finger nasm /ls nc.exe id /chmod /nc /g++ /id /chown cmd /nmap chsh /gcc net.exe /python /lsof ftp.exe ftp xterm mail /mail tracert nmap rm cd chmod cpp telnet cmd32.exe gcc g++” \
“phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,pass,nolog,skip:1,id:’95990019′”
SecAction pass,nolog,skipAfter:959006,id:’9600135′
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:’/^(Cookie|Referer|X-OS-Prefs)$/’|REQUEST_COOKIES|REQUEST_COOKIES_NAMES \
“(?:\b(?:(?:n(?:et(?:\b\W+?\blocalgroup|\.exe)|(?:map|c)\.exe)|t(?:racer(?:oute|t)|elnet\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\.exe|echo\b\W*?\by+)\b|c(?:md(?:(?:32)?\.exe\b|\b\W*?\/c)|d(?:\b\W*?[\\\/]|\W*?\.\.)|hmod.{0,40}?\+.{0,3}x))|[\;\|\`]\W*?\b(?:(?:c(?:h(?:grp|mod|own|sh)|md|pp)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)\b|g(?:\+\+|cc\b))|\/(?:c(?:h(?:grp|mod|own|sh)|pp)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|g(?:\+\+|cc)|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)(?:[\’\”\|\;\`\-\s]|$))” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’System Command Injection’,id:’959006′,tag:’WEB_ATTACK/COMMAND_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule ARGS \
“(?:(?:[\;\|\`]\W*?\bcc|\bwget)\b|\/cc(?:[\’\”\|\;\`\-\s]|$))” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’System Command Injection’,id:’950907′,tag:’WEB_ATTACK/COMMAND_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule “REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:’/^(Cookie|Referer|X-OS-Prefs|User-Agent)$/’|REQUEST_COOKIES|REQUEST_COOKIES_NAMES” \
“(?:(?:[\;\|\`]\W*?\bcc|\bwget)\b|\/cc(?:[\’\”\|\;\`\-\s]|$))” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’System Command Injection’,id:’959907′,tag:’WEB_ATTACK/COMMAND_INJECTION’,logdata:’%{TX.0}’,severity:’2′”

# SSI injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES “<!–\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd)” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’SSI injection Attack’,id:’950011′,tag:’WEB_ATTACK/SSI_INJECTION’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_HEADERS|XML:/* “<!–\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd)” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’SSI injection Attack’,id:’959011′,tag:’WEB_ATTACK/SSI_INJECTION’,logdata:’%{TX.0}’,severity:’2′”

# PHP injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/* “@pm <?fgets move_uploaded_file $_session readfile ftp_put ftp_fget gzencode ftp_nb_put bzopen readdir $_post fopen gzread ftp_nb_fput ftp_nb_fget ftp_get $_get scandir fscanf readgzfile fread proc_open fgetc fgetss ftp_fput ftp_nb_get session_start fwrite gzwrite gzopen gzcompress” \
“phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,pass,nolog,skip:1,id:’95990026′”
SecAction pass,nolog,skipAfter:959013,id:’9600137′
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES “(?:(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\$_(?:(?:pos|ge)t|session))\b|<\?(?!xml))” \
“phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’PHP Injection Attack’,id:’950013′,tag:’WEB_ATTACK/PHP_INJECTION’,tag:’WEB_ATTACK/HTTP_RESPONSSE_SPLITTING’,logdata:’%{TX.0}’,severity:’2′”
SecRule REQUEST_HEADERS|XML:/* “(?:(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\$_(?:(?:pos|ge)t|session))\b|<\?(?!xml))” \
“phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:’PHP Injection Attack’,id:’959013′,tag:’WEB_ATTACK/PHP_INJECTION’,tag:’WEB_ATTACK/HTTP_RESPONSSE_SPLITTING’,logdata:’%{TX.0}’,severity:’2′”

This guide applies to:

CentOS 6.x (All versions)

Posted in cPanel/WHM, Featured Guides, Guides & How To's, Linux VPS, Tech Support, VPS Hosting | Tagged apache, cpanel, featured, how-to, mod_security, modsecurity, security | Leave a comment

New Stock Promo – 2X SSD for all Servers!

By SolVPS | Published: October 29, 2014

Greetings,

For the next week we are offering a limited promotion for all new VPS hosting accounts. Get the following FREE:

10% Permanent Discount (Includes Upgrades and Add-ons)
2X (DOUBLE) SSD Storage

Use the coupon below at Checkout to receive the discount, and contact support to receive the disk upgrade. Or maybe bonus CPU, or unmetered bandwidth would work better for you? Talk to us!

Code: 2xSSD2014

Valid for all of our web hosting services including Windows VPS hosting with RDP, Linux VPS hosting, and Managed VPS hosting.

Windows Server 2012 R2 Remote Desktop (RDP)

Posted in Announcements, Offers & VPS Deals, VPS Coupons | Tagged promotion, vps coupon, vps deal, vps offer | Leave a comment

How to Install WebSitePanel on Windows VPS or Windows Server (Free)

By SolVPS | Published: October 24, 2014

This guide explains how to install WebSitePanel, a free web server management panel for Windows Server.

The software requires a Windows VPS (virtual private server) or another Windows Server system for installation. We suggest:

Windows Server 2012 R2 (Recommended)
Windows Server 2008 R2

First, configure the pre-requisites required on a Windows Server 2008 R2 installation for WebSitePanel installation. Download the following ‘Web Platform Installer’ to assist with component installation:

http://www.microsoft.com/web/downloads/platform.aspx

Once installed, open the Platform Installer. In the search box on the top right hand corner find “Web Deployment” and select the Web Deployment Tool 3.0 without bundled SQL Support option item to install the MS Deploy library. This library is required in order for WebsitePanel to integrate with the Microsoft Web App Gallery module.

Click back from Search option.

Click on the Products link and choose the Server Category. Select the following components for installation:

IIS 7 Recommended Configuration
IIS:HTTP Redirection
URL Rewrite 2.0
IIS:CGI
IIS:FTP Publishing Service 7.5 (unless you plan to use one of the other supported FTP servers)
IIS:Basic Authentication
IIS:Windows Authentication

Choose the Frameworks Category and select the following components for installation:

ASP.NET MVC 3
PHP 5.x
.NET Framework 3.5 SP1
.NET Framework 4 (plus updates)

Choose the Database Category and select the following components for installation, the items marked in BLUE should only be installed on your intended (separate) database hosting server, it is not recommended to install them on the web server.

SQL Server Express 2012 R2
SQL Server 2012 Shared Management Objects
Microsoft Drivers 3.0 for PHP v5.3 for SQL Server in IIS (don’t install the express version)
SQL Server 2012 R2 Management Studio Express

Click Install to start the installation process for the selected components. Before SQL Server 2008 is installed, you will be asked about its security mode. SelectMixed Mode Authentication and then specify a password for the sa account.

Once the installation has completed, the server should be rebooted. WebSitePanel is now installed and accessible via the web interface.

Posted in Guides & How To's, VPS Hosting, Windows Server, Windows VPS | Tagged control panels, websitepanel, windows | Comments closed

New Stock Available – High-performance Virtual Servers

By SolVPS | Published: October 13, 2014

We are pleased to announce that we have added additional capacity in our New York and London data centers. With the expanded capacity we have added additional high-performance VPS hypervisors, hosting both our Windows and Linux virtual servers.

+ Windows VPS with Remote Desktop (RDP), a complete, fully licensed remote Windows server system running on our 100% pure SSD VPS platform. Perfect for remote desktop and Windows Server platform requirements.

Windows Server 2012 R2
Windows Server 2008 R2
Windows Server 2003 R2
Windows 8 / 7 / XP

+ Xen-powered Linux VPS, virtual servers based on Xen hypervisor providing superior performance, stability, and security when compared to other VM hosting platforms. Available with latest releases from all major Linux distributions, including:

Ubuntu
CentOS
Debian
Arch Linux
FreeBSD, or
your choice of custom ISO media.

Both Linux and Windows virtual servers are hosted seamlessly on our high-performance VM platform, supporting migrations, backups, and easy upgrades. We have built an optimized platform using RAID10 SSD block storage, Intel® powered compute nodes, and direct uplinks to worldwide data networks, each guaranteed by our 100% Resource Availability SLA.

In addition to high-performance hardware, all servers may access unlimited premium bandwidth to deliver best connectivity for all users. Windows VPS and Linux virtual servers are available in our New York, USA and London, UK data centers.

We are a Microsoft Certified Partner, as well as Parallels and cPanel partners. Your service can be delivered with your choice of software, and your choice of service level:

cPanel
Plesk
Microsoft Office
Microsoft RDS

Host anything with us!

Find us on live chat or send a message to the Sales/Support team to see how we can help with your project.

Sincerely,

SolVPS Management

Posted in Announcements, Company News, Offers & VPS Deals, VPS Coupons | Tagged cpanel, london vps, ssd, stock, uk vps, usa vps, windows | Leave a comment

[How to] Upgrade .NET Framework on Windows Server 2008/2012 R2 VPS

By SolVPS | Published: August 20, 2014

If you are using a Windows Server 2008 R2 system, or an earlier OS, you might find that you need to upgrade .NET Framework to the latest version.

Fortunately, the process is simple. Follow this link from your Windows VPS / Windows server to download the .NET Framework 4.5 update package directly from Microsoft: http://www.microsoft.com/en-us/download/details.aspx?id=30653

The updater will install the .NET Framework update on your system, or warn you if there are any missing requirements.

If you are using Windows Server 2012 R2, the system should already have the latest .NET Framework installed.

This process applies to:

Windows Server 2008 R2
Windows Server 2012 R2

Posted in Guides & How To's, Tech Support, Windows Server, Windows VPS | Tagged .NET, .NET 4.5, microsoft, windows server | Comments closed

RSS Links
- All posts
Meta
- Log in

Cloud Hosting

Web Hosting

Software

Overview

Customer Service

SSL Issue Resolved on www.solvps.com

Windows 10 VPS: Technical Preview Available for Installation

How to Change the System Timezone on your VPS (Linux/Xen/KVM)

Changing the Default RDP Port on a Windows VPS (Server 2012, 2008, 2003)

How to Install & Configure Mod_Security on cPanel/WHM VPS

New Stock Promo – 2X SSD for all Servers!

How to Install WebSitePanel on Windows VPS or Windows Server (Free)

New Stock Available – High-performance Virtual Servers

[How to] Upgrade .NET Framework on Windows Server 2008/2012 R2 VPS

Search

Pages

Categories

Archives

RSS Links

Meta