How to resolve the Possible attack detected message in ISPConfig ?
If you are managing a web server with ISPConfig, you may encounter the warning message "Possible attack detected. This action has been logged." on the web interface, making access impossible. This alert can be triggered for various reasons, but its resolution is simple. Here's how to resolve it:
Step 1: SSH Connection
First, connect to your server via SSH:
Step 2: Modify the Configuration File
Once connected to your server via SSH, you'll need to modify the ISPConfig configuration file. Use the nano text editor to open the "security_settings.ini" file by entering the following command:
sudo nano /usr/local/ispconfig/security/security_settings.ini
Step 3: Search and Modify Settings
In the "security_settings.ini" file, press "Ctrl + W" to initiate a search. Look for the settings "ids_anon_enabled" and "ids_user_enabled."
For each of these settings, you will likely see the value "yes." To resolve the issue, you need to change them to "no." You can do this by modifying the corresponding lines to look like this:
ids_anon_enabled = no ids_user_enabled = no
Step 4: Save the Changes
Once you have modified the settings, press "Ctrl + X" to exit the nano editor. You will be prompted to confirm if you want to save the changes. Press "o" (for "Yes") and press "Enter" to confirm.
Step 5: Restart ISPConfig
To apply the changes, restart ISPConfig using the following command:
sudo systemctl restart ispconfig
That's it! You have resolved the issue and should be able to access the ISPConfig web interface again.
Categories : Linux
By Guillaume - 09/12/2023 at 10:14 pm