Possible attack detected. This action has been logged. ?

Discussion in 'General' started by ahrasis, Jan 12, 2018.

  1. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I was half way updating my ISPConfig to 3.1.11 when I enter after saying yes to SSL. I immediately cancelled and then re-update again. This time round nginx could be restarted and I realized the created SSL files has overwritten my LetsEncrypt causing error as follows:
    I restored the LE backup and it all when smooth again. However, when I am trying to access my Control Panel, I got the following warning:
    Luckily I can access my Control Panel via other domain / IP but I still need to know what should I do to overcome / remove the above "possible attack" warning?
    Last edited: Jan 13, 2018
    Gwyneth Llewelyn likes this.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to set the ids anon score to a higher value in /usr/local/ispconfig/security/security_settings.ini
    Gwyneth Llewelyn and ahrasis like this.
  3. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Thank you for the tip @till.

    I noted that the warning has gone this very next day without changing anything. So, I'll keep default setting as it is for now.
  4. As always, @till , thank you so much for your answers — I was stumped with the same error and all I thought was that somehow fail2ban was acting in the background with some configuration I couldn't find. I hadn't realised that the latest versions of ISPConfig have their own, independent security 'module' (or how you wish to call it) — now I've read the article explaining why and how this was added, and the explanations on /usr/local/ispconfig/security/README.txt are also very clear and easy to follow.
    I feel a lot better now that I know that ISPConfig has an extra layer of protection, independent of all the rest, even if took getting blocked to learn about it first :)
    minimaLMind, ahrasis and till like this.

Share This Page