Search found 3 matches

by masimo
09 Mar 2016, 13:28
Forum: General Discussion (csf)
Topic: LFD not permanently blocking system login failures
Replies: 2
Views: 2143

Re: LFD not permanently blocking system login failures

For example: Time: Wed Mar 9 16:28:22 2016 +0330 IP: 67.***.***.103 (CA/Canada/-) Failures: 5 (cpanel) Interval: 300 seconds Blocked: Temporary Block Log entries: [2016-03-09 16:28:20 +0330] info [cpsrvd] 67.***.***.103 - golnoor "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: invalid cpa...
by masimo
09 Mar 2016, 10:51
Forum: General Discussion (csf)
Topic: LFD not permanently blocking system login failures
Replies: 2
Views: 2143

LFD not permanently blocking system login failures

What I experience is that LFD sends emails on login failures. When there are FTP of SMTP login failures, the IP's are also automatically blocked permanently. But on SYSTEM login failures not. We do receive the same emails from LFD on all login failures, it's just that I have to manually block all IP...
by masimo
16 Feb 2016, 09:07
Forum: General Discussion (cxs)
Topic: STICKY rules for CXS.XTRA regs.
Replies: 67
Views: 64190

Re: STICKY rules for CXS.XTRA regs.

I fount very useful Patterns for simple web malware detection. http://www.abuseat.org/findbot.pl my $scriptpat = '(Edited By GuN-Jack|die\(PHP_OS.chr\(49\).chr\(48\).chr\(43\).md5\(0987654321\)|die\(PHP_OS.chr\(49\).chr\(49\).chr\(43\).md5\(0987654321\)|social\.png|r57|c99|web shell|passthru|shell_e...