Search found 15 matches

by maknet
11 Nov 2016, 00:33
Forum: General Discussion (csf)
Topic: Where to look for blocked IPs?
Replies: 2
Views: 1831

Re: Where to look for blocked IPs?

It was "found" using the CSF search but i was wondering why the offending IP was placed there. Ie.. so i could tell my client "scan for viruses" or "your apple mobile is using port 587 to try to send and the server thinks you're port-scanning". So normally i look at the...
by maknet
10 Nov 2016, 20:14
Forum: General Discussion (csf)
Topic: Where to look for blocked IPs?
Replies: 2
Views: 1831

Where to look for blocked IPs?

I have users that are blocked from the system. When I search csf.deny the IP address isn't in there. But when I add them to csf.allow, they are able to get e-mail OK. So my question is, is there another place to look for IP addresses or is there another method that IPs get blacklisted that isn't thr...
by maknet
21 Jan 2016, 14:39
Forum: General Discussion (cxs)
Topic: scanned multiple times, ignore?
Replies: 6
Views: 4585

Re: scanned multiple times, ignore?

I'm not actually sure about the specifics, I'm just a beginner myself. :)
by maknet
20 Jan 2016, 15:26
Forum: General Discussion (cxs)
Topic: scanned multiple times, ignore?
Replies: 6
Views: 4585

Re: scanned multiple times, ignore?

Yes, i don't believe the log file can be hacked directly. And even so, that wouldn't do anything. But it does indicate a larger problem.

As i recall, it's command line like /etc/cxs/cxs.ignore.
by maknet
08 Oct 2015, 18:38
Forum: General Discussion (cxs)
Topic: Web upload script (i don't understand)
Replies: 9
Views: 5828

Re: Web upload script (i don't understand)

Thanks a lot for the response, it's much appreciated. So similar to the "false-positive, this file doesn't exist error", CXS intercepts the bad files before it even gets uploaded. If CXS wasn't there, it's possible that the patched-file would also NOT accept the file? So basically, my job ...
by maknet
28 Sep 2015, 05:11
Forum: General Discussion (cxs)
Topic: Web upload script (i don't understand)
Replies: 9
Views: 5828

Web upload script (i don't understand)

Hope someone can clarify something. I understand about the false-positives (when the file doesn't exist), but I get a lot of e-mails having to do with viruses or fingerprints referring to files like: http://domain.com/wp-admin/admin-ajax.php or http://www.domain.com/index.php?option=com_jdownloads&a...
by maknet
19 Sep 2015, 02:02
Forum: General Discussion (csf)
Topic: LF_SPI = 0 (static firewall)?
Replies: 1
Views: 1707

Re: LF_SPI = 0 (static firewall)?

As per the advice of the installed service, a reboot helped fix the IPtables and LF_SPI = 1 is now back online.
by maknet
17 Sep 2015, 14:15
Forum: General Discussion (cxs)
Topic: scanned multiple times, ignore?
Replies: 6
Views: 4585

scanned multiple times, ignore?

I'm getting a few log entries like this: Sep 15 12:40:38 www cxswatch[9665]: WARNING: '/home/user/public_html/error_log' scanned 6 times in the last 30 seconds, you might want to ignore this resource Any ideas what might cause this, or whether ignoring: hfile:/public_html/error_log is advisable for ...
by maknet
17 Sep 2015, 04:17
Forum: General Discussion (cxs)
Topic: How to ignore /tmp web upload script alerts
Replies: 3
Views: 5101

Re: How to ignore /tmp web upload script alerts

Nevermind, it's on the configserver.com forum. :)

I thought it was based on your sig in the footer..
by maknet
15 Sep 2015, 14:44
Forum: General Discussion (cxs)
Topic: How to ignore /tmp web upload script alerts
Replies: 3
Views: 5101

Re: How to ignore /tmp web upload script alerts

I was unable to find that link.