Suporte técnico
O suporte técnico está disponível a partir de qualquer uma das opções abaixo. Todos os pedidos de apoio devem ser feitos em Inglês. Você deve ser conectado à nossa área de clientes para abrir um bilhete com os departamentos de suporte, faturamento e licenciamento.
A data e a hora locais atuais são Thursday - 2025-07-03 19:44 MDT.
Base de Conhecimento
Perguntas e respostas de auto-ajuda para suporte ao produto, incluindo perguntas de pré-vendas.
Documentação
Veja nossos manuais de produtos, alternar informações e documentação de suporte.
Bilhetes de suporte
Estamos aqui para ajudar, 24 horas por dia, 7 dias por semana. O suporte prioritário está disponível de segunda a sexta das 8h às 17h (horário de Brasília).
Downloads
Faça login na área do nosso cliente para acessar seus downloads de produtos.
Instruções de instalação
Saiba como instalar o produto.
Começando
Saiba como configurar o produto.
Solucionando problemas
Tendo problemas? Aprenda a diagnosticar e depurar problemas.
Base de Conhecimento
Perguntas e respostas de auto-ajuda para suporte ao produto, incluindo perguntas de pré-vendas.
How to test SpamAssassin
To test the spam filter, it is necessary to send a Gtube test spam email using the command below (Replacing emailonserver@example.com with a real email account on the server). If the Anti-spam is working correctly you will see it listed in the maillog and in Warden log under Warden -> Logs -> Message Log. While testing, note that Gtube test email gives +1000 scores to spam. So, even if a mailbox is in the whitelist, mail still be detected as spam because whitelisted email gets -100 scores.
Disable Greylisting:
If greylisting is enabled then you must disable it on the recipient domain before running these tests.
/usr/local/psa/bin/grey_listing --update-domain example.com -status off
Centos/RHEL/CloudLinux/AlmaLinux:
echo "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" | mail -S smtp=localhost -r sender@test.com -s "Spam test example" emailonserver@example.com
Debian/Ubuntu:
apt-get install s-nail
echo "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" | s-nail -S smtp=localhost -r sender@test.com -s "Spam test example" emailonserver@example.com
How to test ClamAV
To test the virus filter, it is necessary to download the eicar test virus email and send it using the command below (Replacing emailonserver@example.com with a real email account on the server). If the Anti-virus is working correctly you will see it get blocked and it will be listed in the maillog and in Warden -> Logs -> Message Log.
Disable Greylisting:
If greylisting is enabled then you must disable it on the recipient domain before running these tests.
/usr/local/psa/bin/grey_listing --update-domain example.com -status off
Centos/RHEL/CloudLinux/AlmaLinux:
wget http://www.eicar.org/download/eicar.com.txt
echo "TEST MESSAGE w/ ATTACHMENT" | mail -S smtp=localhost -r sender@test.com -s "A/V test example" -a eicar.com.txt emailonserver@example.com
Debian/Ubuntu:
apt-get install s-nail
wget http://www.eicar.org/download/eicar.com.txt
echo "TEST MESSAGE w/ ATTACHMENT" | s-nail -S smtp=localhost -r sender@test.com -s "A/V test example" -a eicar.com.txt emailonserver@example.com
Veja o artigo completo...
To get your free Maxmind license key
Signup for the free license key here: https://www.maxmind.com/en/geolite2/signup
Generate a license key here (When asked - Will this key be used for geoipupdate? Choose: no)
Navigate to your Extension -> Settings -> Panel Application -> Geolocation Settings and enter the license key under MaxMind license key. (It might take 30 minutes before MaxMind will recognize a newly created key).
Press the Update button to save your settings.
Veja o artigo completo...
In order for PHP to log what scripts are sending out from the server you must first set mail.add_x_header = On in all the php.ini files that are being used by the server.
1. Enable the mail.add_x_header in all of your PHP.ini files:
// turn on for the OS default php version if you have the base PHP packages installed
sed -i -e "s/^mail.add_x_header = Off/mail.add_x_header = On/" /etc/php.ini
// turn on for all of the Plesk PHP versions
sed -i -e "s/^mail.add_x_header = Off/mail.add_x_header = On/" /opt/plesk/php/*/etc/php.ini
// restart any PHP FPM instances
systemctl restart plesk-php73-fpm
systemctl restart plesk-php74-fpm
systemctl restart plesk-php80-fpm
2. Now you should see the X-PHP-Originating-Script header logged when clicking on the plus icon for a message entry that was sent out using PHP in the message log. It will log the UID of the user that ran the script and the script name.
Looking up the User from the X-PHP-Originating-Script Header
The X-PHP-Originating-Script header consists of the UID of the user and the script name:
X-PHP-Originating-Script: 10000:class.phpmailer.php
To find the vhost directory from a UID (replace the UID with the user ID that was logged):
grep UID /etc/passwd
5. To find the full path to a script (replace the path with the vhost directory from the UID and the php script name with the name of the script that was logged):
find /var/www/vhosts/example.com/httpdocs -type f -name "class.phpmailer.php"
Viewing the X-PHP-Originating-Script Header from the Queue
When viewing a message in the Warden queue, the PHP tab will lookup the local user information based off the X-PHP-Originating-Script header (if it exists) and search the vhost files for any matching script files with the same name.
Veja o artigo completo...
Bad Header Destiny
The default setting under Warden -> Settings -> Content Filter-> Content Filter Settings -> Bad header destiny is set to reject.
The server wide policy option under Warden -> Settings -> Content Filter -> Policy Settings -> Receive bad header emails is set to Yes to allow bad header emails to pass to the mailbox. This means that Amavis will store a copy of the bad header emails for review but will still allow the emails to pass to the users mailbox. Warden will delete the quarantined copies of the messages automatically after 30 days.
If you would like to reject mail with bad headers you can change the server wide policy option under Warden -> Settings -> Content Filter -> Policy Settings -> Receive bad header emails is set to No. Then bad header emails will not be passed though to the users mailbox.
To disable all bad header tests
To disable all bad header tests on Centos/RHEL/CloudLinux/AlmaLinux edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and search for the @bypass_header_checks_maps option.
Change from:
@bypass_header_checks_maps = (\%bypass_header_checks, \@bypass_header_checks_acl, \$bypass_header_checks_re);
Change to:
@bypass_header_checks_maps = [1];
After making these changes restart Amavis:
// Centos/RHEL/CloudLinux/AlmaLinux
systemctl restart amavisd
// Debian/Ubuntu
systemctl restart amavis
To disable all bad header tests for a specific policy bank (outgoing email only)
Go to Warden -> Settings -> Policy Banks and set the Disable bad header filter to Yes for the policy you want to disable it on.
To disable specific bad header tests
There is an $allowed_header_tests option by which you can define what should be looked up during the bad-header checks, and the list is as follows:
other catchall for everything else - normally not used
mime Bad MIME (sub)headers or bad MIME structure
8bit Invalid non-encoded 8-bit characters in header
control Invalid control characters in header (CR or NUL)
empty Folded header field made up entirely of whitespace
long Header line longer than RFC 2822 limit of 998 characters
syntax Header field syntax error missing Missing required header field
multiple Duplicate or multiple occurrence of a header field
To disable certain tests on Centos/RHEL/CloudLinux/AlmaLinux edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and search for the $allowed_header_tests option. Setting a test to 0 will disable that test:
$allowed_header_tests{'multiple'} = 0;
$allowed_header_tests{'missing'} = 0;
After making these changes restart Amavis
// Centos/RHEL/CloudLinux/AlmaLinux
systemctl restart amavisd
// Debian/Ubuntu
systemctl restart amavis
Veja o artigo completo...
Amavis will tag the subject line of any email that it can't scan with the tag UNCHECKED.
ClamAV Problems
First check and see that the ClamAV daemon is running properly. See: How can I check the status of ClamAV and fix any problems?
Password Protected Archives
Amavis will prepend to Subject (for local recipients only) if mail could not be decoded or checked entirely, e.g. due to password-protected archives.
To Disable the UNCHECKED Header (Not recommended)
To disable this on Centos/RHEL edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and add the line (before the last line 1;):
$undecipherable_subject_tag = undef;
After making the changes restart Amavis:
// Centos/RHEL/CloudLinux/AlmaLinux
systemctl restart amavisd
// Debian/Ubuntu
systemctl restart amavis
Veja o artigo completo...
AbuseIPDB is the gold standard for abuse reporting and is used by some of the largest hosting companies worldwide.
To enable AbuseIPDB support within the extension:
Sign up for a free API key here. The free API key is good for up to 1000 checks per day.
Generate an API key here.
Enter your API key at Settings -> Network Tools Settings -> Reputation Settings -> AbuseIPDB API key.
Check the "Block Reporting" checkbox to have the login failure daemon report failed trigger blocks back to AbuseIPDB automatically (Juggernaut Firewall extension only).
Press the update button to save your settings.
Check an IP Address
To check an IP address click on an IP address then select "Reputation".
Report an IP Address
To report an IP address select "Report" from the operation select list. Then select the abuse categories you want it.
Remove a Reported IP Address
To remove a reported a IP address select "Clear" from the operation select list (You are limited to 10 clear operations per day). See here for how to remove a reported IP address from the AbuseIPDB website.
Block Reporting
If "Block Reporting" is enabled the login failure daemon will report failed triggers back to AbuseIPDB automatically. (Juggernaut Firewall extension only)
AbuseIPDB Blocklist
Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> IP Block Lists
Click the edit icon next to the AbuseIPDB block list.
Replace YOUR_API_KEY with your API key in the source URL. Check the enabled checkbox. Then press the submit button to save the entry then press the restart button to restart the firewall and login failure daemon.
Check the Enabled checkbox and press the submit button.
Press the Restart button on the grid so that the login failure daemon will download the new blocklist.
// Default Source URL
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=YOUR_API_KEY
// Replace YOUR_API_KEY with the API key that you generate
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1f
You can see the view the login failure daemon download the block list under Logs -> LDF log
2022-01-19 01:28:53 PM 5105 IPSET: switching set new_6_ABUSEIPDB to bl_6_ABUSEIPDB
2022-01-19 01:28:53 PM 5105 IPSET: loading set new_6_ABUSEIPDB with 99 entries
2022-01-19 01:28:52 PM 5105 IPSET: switching set new_ABUSEIPDB to bl_ABUSEIPDB
2022-01-19 01:28:52 PM 5105 IPSET: loading set new_ABUSEIPDB with 46914 entries
Block list entries are stored in the /var/lib/csf/ directory. Note: CSF will optimize downloaded blocklists so if another blocklist already has the same IP address then it will not be included. To view the number of entries for a blocklist on the command line:
# wc -l /var/lib/csf/csf.block.ABUSEIPDB
74140 /var/lib/csf/csf.block.ABUSEIPDB
AbuseIPDB Free vs Paid Plans
The free plan blocklist is limited to a maximum of 10,000 IP addresses. Paid users can include more IP addresses by raising the limit option and lowering the confidenceMinimum option in the source URL. Admins should first raise the Juggernaut Firewall -> Settings -> General Settings -> Ipset maxelem option larger than your limit (e.g. 100,000 - so that you don't get ipset errors loading a large blocklist of that size).
// Paid source URL example with limit set to 100,000 IP addresses and a confidenceMinimum set to 75
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=100000&confidenceMinimum=75&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1f
AbuseIPDB has a nice graph with how many IP addresses will be included at different confidence minimums here.
Veja o artigo completo...
From the Extension Interface
Admins can remove a reported IP address by clicking on the IP address from any of the grid pages then click on the reputation tab then select the clear operation.
From the AbuseIPDB Website
Registered users have the option to remove their own reports via the Reports section of the AbuseIPDB user control panel.
Additionally there is a take down request feature on the each reported IP addresses page, usable by all registered users.
Veja o artigo completo...
You can see a breakdown of any matched rules under the Tests: line when clicking on the plus icon for a message entry in the message log. Message scan times will also be included at the end of each log entry (in milliseconds). This is useful for performance debugging.
Example:
Passed SPAMMY {AcceptedInbound}
AM.PDP-SOCK [167.89.95.154] [167.89.95.154] /AM.PDP <bounces+3190231-9d63-mel.t=example.ca@email.marketing.example.com> -> <mel.t@test.com>
(167.89.95.154)
Queue-ID: 8B6A6405AC174
Message-ID: <WVQF-ccBSEW7qvSZeUwJ6A@geopod-ismtpd-0>
mail_id: On8b6VlSO_BP
b: jilxoWz0u
Hits: 9.667
size: 17080
Subject: "Wow
you got 2 clicks – see who! (raw: Wow
you got 2 clicks =?UTF-8?B?4oCT?= see who!)"
From: <membersuccess@example.com>
helo=o5.sg.marketing.example.com
Tests: [BAYES_00=-1.9,DCC_CHECK=2,DCC_REPUT_13_19=-0.1,DKIMWL_WL_HIGH=-0.687,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,KAM_BODY_URIBL_PCCC=9,KAM_FROM_URIBL_PCCC=9,RCVD_IN_MSPIKE_H2=-0.001,SPF_HELO_NONE=0.001,SPF_PASS=-0.001,TXREP=-7.638,T_SCC_BODY_TEXT_LINE=-0.01,URIBL_BLOCKED=0.001]
autolearn=no autolearn_force=no
autolearnscore=19.205
languages=en
relaycountry=US
asn=AS11377_167.89.64.0/19
dkim_i=@marketing.example.com
dkim_sd=s1:marketing.example.com
3125 ms
Rule Scoring
When looking at the Tests: line negative scores means that the rule is treating the mail as HAM (good email) while positive scoring adds to the final spam score treating the message as SPAM (bad email) if it goes over the policy spam level.
Tests: [BAYES_00=-1.9,DCC_CHECK=2,DCC_REPUT_13_19=-0.1,DKIMWL_WL_HIGH=-0.687,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,KAM_BODY_URIBL_PCCC=9,KAM_FROM_URIBL_PCCC=9,RCVD_IN_MSPIKE_H2=-0.001,SPF_HELO_NONE=0.001,SPF_PASS=-0.001,TXREP=-7.638,T_SCC_BODY_TEXT_LINE=-0.01,URIBL_BLOCKED=0.001]
Veja o artigo completo...
Instruções de instalação
Saiba como instalar o produto.
Começando
Saiba como configurar o produto.
Solucionando problemas
Tendo problemas? Aprenda a diagnosticar e depurar problemas.
Base de Conhecimento
Perguntas e respostas de auto-ajuda para suporte ao produto, incluindo perguntas de pré-vendas.
ConfigServer Security & Firewall (csf) currently supports using iptables interface so when upgrading to Debian 11, Ubuntu 20.04 LTS, or Ubuntu 22.04 LTS which uses nftables by default you must switch back to the iptables interface. Most of the newer OS support iptables-nft which provides a bridge to the nftables kernel API and infrastructure so using iptables isn't an issue.
Make sure that the iptables packages are installed:
# apt-get install iptables
There are two variants of the iptables command:
nf_tables: Often referred to as iptables-nft (recommended).
legacy: Often referred to as iptables-legacy (deprecated and not recommended).
The newer iptables-nft command provides a bridge to the nftables kernel API and infrastructure and is recommended if it is supported by your OS. You can find out which variant is in use by looking up the iptables version. For iptables-nft, the variant will be shown in parentheses after the version number, denoted as nf_tables:
# iptables -V
iptables v1.8.4 (nf_tables)
1. To view your alternatives for running iptables you can run the command: update-alternatives --config iptables
# update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).
Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/sbin/iptables-nft 20 auto mode
1 /usr/sbin/iptables-legacy 10 manual mode
2 /usr/sbin/iptables-nft 20 manual mode
Press <enter> to keep the current choice[*], or type selection number:
2. Run the following commands to re-link any symbolic links:
ln -s /etc/alternatives/iptables /sbin/iptables 2>/dev/null
ln -s /etc/alternatives/iptables-save /sbin/iptables-save 2>/dev/null
ln -s /etc/alternatives/iptables-restore /sbin/iptables-restore 2>/dev/null
ln -s /etc/alternatives/ip6tables /sbin/ip6tables 2>/dev/null
ln -s /etc/alternatives/ip6tables-save /sbin/ip6tables-save 2>/dev/null
ln -s /etc/alternatives/ip6tables-restore /sbin/ip6tables-restore 2>/dev/null
3. Go to the Juggernaut Firewall -> Settings -> Binary Settings and press the default button at the bottom of the page to apply the correct iptables binary locations.
Now everything should be switched over to iptables and CSF should function correctly.
Veja o artigo completo...
To get your free Maxmind license key
Signup for the free license key here: https://www.maxmind.com/en/geolite2/signup
Generate a license key here (When asked - Will this key be used for geoipupdate? Choose: no)
Navigate to your Extension -> Settings -> Panel Application -> Geolocation Settings and enter the license key under MaxMind license key. (It might take 30 minutes before MaxMind will recognize a newly created key).
Press the Update button to save your settings.
Veja o artigo completo...
AbuseIPDB is the gold standard for abuse reporting and is used by some of the largest hosting companies worldwide.
To enable AbuseIPDB support within the extension:
Sign up for a free API key here. The free API key is good for up to 1000 checks per day.
Generate an API key here.
Enter your API key at Settings -> Network Tools Settings -> Reputation Settings -> AbuseIPDB API key.
Check the "Block Reporting" checkbox to have the login failure daemon report failed trigger blocks back to AbuseIPDB automatically (Juggernaut Firewall extension only).
Press the update button to save your settings.
Check an IP Address
To check an IP address click on an IP address then select "Reputation".
Report an IP Address
To report an IP address select "Report" from the operation select list. Then select the abuse categories you want it.
Remove a Reported IP Address
To remove a reported a IP address select "Clear" from the operation select list (You are limited to 10 clear operations per day). See here for how to remove a reported IP address from the AbuseIPDB website.
Block Reporting
If "Block Reporting" is enabled the login failure daemon will report failed triggers back to AbuseIPDB automatically. (Juggernaut Firewall extension only)
AbuseIPDB Blocklist
Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> IP Block Lists
Click the edit icon next to the AbuseIPDB block list.
Replace YOUR_API_KEY with your API key in the source URL. Check the enabled checkbox. Then press the submit button to save the entry then press the restart button to restart the firewall and login failure daemon.
Check the Enabled checkbox and press the submit button.
Press the Restart button on the grid so that the login failure daemon will download the new blocklist.
// Default Source URL
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=YOUR_API_KEY
// Replace YOUR_API_KEY with the API key that you generate
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=65000&confidenceMinimum=100&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1f
You can see the view the login failure daemon download the block list under Logs -> LDF log
2022-01-19 01:28:53 PM 5105 IPSET: switching set new_6_ABUSEIPDB to bl_6_ABUSEIPDB
2022-01-19 01:28:53 PM 5105 IPSET: loading set new_6_ABUSEIPDB with 99 entries
2022-01-19 01:28:52 PM 5105 IPSET: switching set new_ABUSEIPDB to bl_ABUSEIPDB
2022-01-19 01:28:52 PM 5105 IPSET: loading set new_ABUSEIPDB with 46914 entries
Block list entries are stored in the /var/lib/csf/ directory. Note: CSF will optimize downloaded blocklists so if another blocklist already has the same IP address then it will not be included. To view the number of entries for a blocklist on the command line:
# wc -l /var/lib/csf/csf.block.ABUSEIPDB
74140 /var/lib/csf/csf.block.ABUSEIPDB
AbuseIPDB Free vs Paid Plans
The free plan blocklist is limited to a maximum of 10,000 IP addresses. Paid users can include more IP addresses by raising the limit option and lowering the confidenceMinimum option in the source URL. Admins should first raise the Juggernaut Firewall -> Settings -> General Settings -> Ipset maxelem option larger than your limit (e.g. 100,000 - so that you don't get ipset errors loading a large blocklist of that size).
// Paid source URL example with limit set to 100,000 IP addresses and a confidenceMinimum set to 75
https://api.abuseipdb.com/api/v2/blacklist?plaintext&limit=100000&confidenceMinimum=75&key=db413d60408bd4cba20840285402385sdjfasjdpu09374934gsdfg99de1f
AbuseIPDB has a nice graph with how many IP addresses will be included at different confidence minimums here.
Veja o artigo completo...
From the Extension Interface
Admins can remove a reported IP address by clicking on the IP address from any of the grid pages then click on the reputation tab then select the clear operation.
From the AbuseIPDB Website
Registered users have the option to remove their own reports via the Reports section of the AbuseIPDB user control panel.
Additionally there is a take down request feature on the each reported IP addresses page, usable by all registered users.
Veja o artigo completo...
Yes we support blocking attacks like these very easily. See below for more information:
How can I enable a custom login failure trigger for an application?
https://www.danami.com/clients/knowledgebase/174/How-can-I-enable-a-custom-login-failure-trigger-for-an-application.html
Login Failure Custom Triggers
https://docs.danami.com/juggernaut/user-guide/login-failure-custom-triggers
Veja o artigo completo...
You can disable and enable the firewall from the command line using the following commands:
To disable the firewall:
csf -x
To re-enable the firewall:
csf -e
To get the list of all command line options:
csf --help
Veja o artigo completo...
Controlling What Gets Logged to the ModSecurity Log
The following options control what gets logged to the modsecurity audit log:
SecAuditEngine - Configures the audit logging engine. Possible values are:
On - log all transactions by default.
Off - do not log transactions by default.
RelevantOnly - by default only log transactions that have triggered a warning or an error, or have a status code that is considered to be relevant (see SecAuditLogRelevantStatus).
SecAuditLogRelevantStatus - Configures which response status code is to be considered relevant for the purpose of audit logging. The parameter is a regular expression.
SecAuditLogParts - Configures what sections to log. The default is: ABCFHZ. Available audit log parts:
A – audit log header (mandatory)
B – request headers
C – request body (present only if the request body exists and ModSecurity is configured to intercept it)
D - RESERVED for intermediary response headers, not implemented yet.
E – intermediary response body (present only if ModSecurity is configured to intercept response bodies, and if the audit log engine is configured to record it). Intermediary response body is the same as the actual response body unless ModSecurity intercepts the intermediary response body, in which case the actual response body will contain the error message (either the Apache default error message, or the ErrorDocument page).
F – final response headers (excluding the Date and Server headers, which are always added by Apache in the late stage of content delivery).
G – RESERVED for the actual response body, not implemented yet.
H - audit log trailer
I - This part is a replacement for part C. It will log the same data as C in all cases except when multipart/form-data encoding in used. In this case it will log a fake application/x-www-form-urlencoded body that contains the information about parameters but not about the files. This is handy if you don't want to have (often large) files stored in your audit logs.
J - RESERVED. This part, when implemented, will contain information about the files uploaded using multipart/form-data encoding.
Z – final boundary, signifies the end of the entry (mandatory)
Example
To only log 5XX and 4XX status codes. Go to Tools & Settings -> Web Application Firewall (ModSecurity) -> Settings -> enter the code below in the Custom directives textarea:
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4)"
SecAuditLogParts ABIFHZ
SecAuditLogType Concurrent
SecAuditLogStorageDir /var/log/modsecurity/audit
Data Retention Period
Administrators can set the number of days to keep SecAutitLog records by going to Juggernaut Firewall -> Settings -> Database Maintenance -> Maintenance Settings -> Delete modsecurity logs after
Veja o artigo completo...
To permanently disable all low level kernel messages (iptables etc) from flooding the console do the following changes (as root):
Edit the file /etc/sysctl.conf Add the following line:
kernel.printk = 4 1 1 7
The above changes will be effective at reboot or immediately using the following command:
/sbin/sysctl -p /etc/sysctl.conf
To make the changes only temporarily:
echo "4 1 1 7" > /proc/sys/kernel/printk
You can check the current setting with:
cat /proc/sys/kernel/printk
Veja o artigo completo...
Instruções de instalação
Saiba como instalar o produto.
Começando
Saiba como configurar o produto.
Solucionando problemas
Tendo problemas? Aprenda a diagnosticar e depurar problemas.
Base de Conhecimento
Perguntas e respostas de auto-ajuda para suporte ao produto, incluindo perguntas de pré-vendas.
To get your free Maxmind license key
Signup for the free license key here: https://www.maxmind.com/en/geolite2/signup
Generate a license key here (When asked - Will this key be used for geoipupdate? Choose: no)
Navigate to your Extension -> Settings -> Panel Application -> Geolocation Settings and enter the license key under MaxMind license key. (It might take 30 minutes before MaxMind will recognize a newly created key).
Press the Update button to save your settings.
Veja o artigo completo...
To run a Malware Scan
Navigate to Sentinel Anti-malware -> Scan
Select the specific domains you want to scan or choose All domains to scan all of them.
Click the Scan button to start the scan.
After the scans are complete the scan report will be listed under the Reports tab.
To View a Scan Report
Navigate to Sentinel Anti-malware -> Reports
Click on a Scan ID entry in the grid for the report you want to view.
Any detected malware will be listed under the Malware Hits section.
To Perform an Action on the Malware hits
Click on the Actions tab for the scan report.
Choose an operation to perform from the select list (Quarantine, Restore, Clean, Email).
Press the Run button to perform the selected action.
Veja o artigo completo...
Sentinel Anti-malware can automatically quarantine viruses and malware the moment they are detected. Important: We recommend that you first run a full scan of all domains without the automatic quarantine enabled so that you can work out any false positives.
Navigate to Sentinel Anti-malware -> Settings -> Quarantine Settings.
Check the Quarantine hits checkbox.
Click the Update button to save your settings.
Click the Restart button to restart the real-time monitoring.
Veja o artigo completo...
You can change the interface language under Settings -> Application Settings -> Locale
We are looking for volunteers to fix any errors with the machine translations in our Plesk extensions for the following languages:
Español (Spain)
Français (France)
Português (Brazil)
Magyar (Hungary)
Русский (Russia)
Türkçe (Turkey)
Svenska (Sweden)
中文 (China)
中文 (Taiwan/Hong Kong)
日本語 (Japan)
Volunteers will get a free license for every Plesk extension that they help translate. The translator must be a native speaker of the language they are translating. The license will remain free as long as they want to remain the translator for that language. Open a support ticket though our client area if you are interested.
Veja o artigo completo...
Sentinel supports enabling third party anti-virus signatures to improve the detection rate. Full documentation can be found below:
https://docs.danami.com/sentinel/settings/antivirus/signature-providers
Navigate to Sentinel Anti-malware -> Settings -> Anti-virus Settings -> Signature Providers
Enable the Interserver signature provider.
Press the update button on the page then the restart button to restart the Anti-virus signature service. You can view the signature download logs under Sentinel Anti-malware -> Logs -> Signature log.
Once the new signatures have been downloaded to the /var/lib/clamav/ directory they will be loaded into ClamAV within the hour. You can press the Signature reload button on the dashboard or issue the command clamdscan --reload if you want to load them earlier.
Important: Remember to disable automatic quarantine under Quarantine Settings -> Quarantine hits when first enabling any third party signatures so that you can work out any false positives.
Veja o artigo completo...
If you have a virus or malware that is not detected by ClamAV, please fill out:
https://www.clamav.net/reports/malware
The ClamAV Detection Content Team will review your submission and update the virus database. If approved ClamAV will publish a new signature so that your virus or malware will be detected. This way everyone can benefit from your report!
Note: We highly recommend that users enable the third party signatures for both Warden Anti-spam and Virus Protection and Sentinel Anti-malware to improve the ClamAV detection rate.
See here for how to enable third party signatures for Warden Anti-spam and Virus Protection.
See here for how to enable third party signatures for Sentinel Anti-malware.
Veja o artigo completo...
Testing Sentinel Anti-malware Detection
Download the eicar test malware into the httpdocs directory of one of your domains.
Change the ownership from root:root to the owner of the domain. (By default Sentinel will ignore files owned by root).
Run a scan on the domain with the sample malware. See: https://www.danami.com/clients/knowledgebase/168/How-do-I-run-a-malware-scan-using-Sentinel-Anti-malware.html
Testing Sentinel Anti-malware Automatic Quarantine
Make sure that automatic quarantine is enabled. See: https://www.danami.com/clients/knowledgebase/165/How-can-I-enable-automatic-qurantine-using-Sentinal-Anti-malware.html
Download the eicar test malware into the httpdocs directory of one of your domains.
Change the ownership from root:root to the owner of the domain. (By default Sentinel will ignore files owned by root).
If real-time monitoring is enabled then the file should be automatically moved to the quarantine area. If the real-time monitoring is disabled you can run manually run a scan on the domain with the sample malware. See: https://www.danami.com/clients/knowledgebase/168/How-do-I-run-a-malware-scan-using-Sentinel-Anti-malware.html
To Download the Eicar Test Malware Sample
// change to a domain hosted on your server
cd /var/www/vhosts/example.com/httpdocs/
// download the test malware
wget http://www.eicar.org/download/eicar.com.txt
// change the ownership to the domain owner user
chown example:psacln eicar.com.txt
Veja o artigo completo...
Administrators can optimize MariaDB using the Performance Booster found under Tools and Settings -> General Settings -> Performance Booster.
Important: The Performance Booster is being rolled out gradually so there is a probability that the feature is not enabled on your installation yet. You can enable it using the KB article here.
Click on the Serverwide tab -> Database Server then click on show values to be optimized.
Review the changes then click Apply if you want to optimize them.
Veja o artigo completo...