Search found 3 matches

by masimo
09 Mar 2016, 13:28
Forum: General Discussion (csf)
Topic: LFD not permanently blocking system login failures
Replies: 2
Views: 2487

Re: LFD not permanently blocking system login failures

For example: Time: Wed Mar 9 16:28:22 2016 +0330 IP: 67.***.***.103 (CA/Canada/-) Failures: 5 (cpanel) Interval: 300 seconds Blocked: Temporary Block Log entries: [2016-03-09 16:28:20 +0330] info [cpsrvd] 67.***.***.103 - golnoor "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN cpaneld: i...
by masimo
09 Mar 2016, 10:51
Forum: General Discussion (csf)
Topic: LFD not permanently blocking system login failures
Replies: 2
Views: 2487

LFD not permanently blocking system login failures

What I experience is that LFD sends emails on login failures. When there are FTP of SMTP login failures, the IP's are also automatically blocked permanently. But on SYSTEM login failures not. We do receive the same emails from LFD on all login failures, it's just that I have to manually block all IP...
by masimo
16 Feb 2016, 09:07
Forum: General Discussion (cxs)
Topic: STICKY rules for CXS.XTRA regs.
Replies: 69
Views: 71549

Re: STICKY rules for CXS.XTRA regs.

I fount very useful Patterns for simple web malware detection. http://www.abuseat.org/findbot.pl my $scriptpat = '(Edited By GuN-Jack|die\(PHP_OS.chr\(49\).chr\(48\).chr\(43\).md5\(0987654321\)|die\(PHP_OS.chr\(49\).chr\(49\).chr\(43\).md5\(0987654321\)|social\.png|r57|c99|web shell|passthru|shell_e...