How to resolve the Possible attack detected message in ISPConfig ?

If you are managing a web server with ISPConfig, you may encounter the warning message "Possible attack detected. This action has been logged." on the web interface, making access impossible. This alert can be triggered for various reasons, but its resolution is simple. Here's how to resolve it:

Step 1: SSH Connection

First, connect to your server via SSH:

ssh your_username@your_ip_address

Step 2: Modify the Configuration File

Once connected to your server via SSH, you'll need to modify the ISPConfig configuration file. Use the nano text editor to open the "security_settings.ini" file by entering the following command:

sudo nano /usr/local/ispconfig/security/security_settings.ini

Step 3: Search and Modify Settings

In the "security_settings.ini" file, press "Ctrl + W" to initiate a search. Look for the settings "ids_anon_enabled" and "ids_user_enabled."

For each of these settings, you will likely see the value "yes." To resolve the issue, you need to change them to "no." You can do this by modifying the corresponding lines to look like this:

ids_anon_enabled = no
ids_user_enabled = no

Step 4: Save the Changes

Once you have modified the settings, press "Ctrl + X" to exit the nano editor. You will be prompted to confirm if you want to save the changes. Press "o" (for "Yes") and press "Enter" to confirm.

Step 5: Restart ISPConfig

To apply the changes, restart ISPConfig using the following command:

sudo systemctl restart ispconfig

That's it! You have resolved the issue and should be able to access the ISPConfig web interface again.