Possible attack detected. This action has been logged. ?

Discussion in 'General' started by ahrasis, Jan 12, 2018.

  1. ahrasis

    ahrasis Active Member

    I was half way updating my ISPConfig to 3.1.11 when I enter after saying yes to SSL. I immediately cancelled and then re-update again. This time round nginx could be restarted and I realized the created SSL files has overwritten my LetsEncrypt causing error as follows:
    I restored the LE backup and it all when smooth again. However, when I am trying to access my Control Panel, I got the following warning:
    Luckily I can access my Control Panel via other domain / IP but I still need to know what should I do to overcome / remove the above "possible attack" warning?
     
    Last edited: Jan 13, 2018
    Gwyneth Llewelyn likes this.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to set the ids anon score to a higher value in /usr/local/ispconfig/security/security_settings.ini
     
    Gwyneth Llewelyn and ahrasis like this.
  3. ahrasis

    ahrasis Active Member

    Thank you for the tip @till.

    I noted that the warning has gone this very next day without changing anything. So, I'll keep default setting as it is for now.
     
  4. Gwyneth Llewelyn

    Gwyneth Llewelyn New Member

    As always, @till , thank you so much for your answers — I was stumped with the same error and all I thought was that somehow fail2ban was acting in the background with some configuration I couldn't find. I hadn't realised that the latest versions of ISPConfig have their own, independent security 'module' (or how you wish to call it) — now I've read the article explaining why and how this was added, and the explanations on /usr/local/ispconfig/security/README.txt are also very clear and easy to follow.
    I feel a lot better now that I know that ISPConfig has an extra layer of protection, independent of all the rest, even if took getting blocked to learn about it first :)
     
    ahrasis and till like this.

Share This Page