Christmas Holiday

We will be closing our Store, Sales and Helpdesk from 17:30 Wednesday, 23rd December 2020 to 09:00 Monday, 4th January 2021. No orders, support requests or sales emails will be processed between those dates.

If you purchase a license or Service Package before the closing date and require installation, please be sure to leave at least 24 hours before then for the work to be done. Otherwise, any work will be scheduled for after this period.

Search found 16 matches

by consultant
22 Sep 2020, 17:55
Forum: General Discussion (csf)
Topic: Excluding Suspicious Process
Replies: 0
Views: 273

Excluding Suspicious Process

I've searched and read many posts on this topics before but I still don't find it clear what specific syntax to use in the csf.pignore file. These is the type of warning I'm trying to ignore. lfd[5333]: *Suspicious Process* PID:3792 PPID:3788 User:username Uptime:121 secs EXE:/home/virtfs/elemcms/op...
by consultant
14 Sep 2020, 18:59
Forum: General Discussion (csf)
Topic: Blocking China but with REGEX on http/https request
Replies: 0
Views: 942

Blocking China but with REGEX on http/https request

I think I already know the answer to this but I'm running a half dozen Wordpress sites and I'm tired of seeing the gobs of traffic being blocked at the Wordpress security plugin level originating from China. I would consider putting a country block on China in CSF but frankly there is a small chance...
by consultant
03 Sep 2020, 18:21
Forum: General Discussion (csf)
Topic: Report on Blocks from IPSET Blocklists?
Replies: 0
Views: 615

Report on Blocks from IPSET Blocklists?

Is there any way (looks like not through CSF - so has to be Linux/IPSET/IPTABLES command I assume?) to display blocking activity history?
by consultant
26 May 2020, 16:46
Forum: General Discussion (csf)
Topic: What to combine with CSF for Wordpress Site Protection?
Replies: 0
Views: 779

What to combine with CSF for Wordpress Site Protection?

Anyone recommend which plugins/settings to use in combination with CSF for protecting Wordpress sites. It seems many of the security plugins are going to be overlapping with CSF functionality.
by consultant
18 May 2020, 17:45
Forum: General Discussion (csf)
Topic: How to ignore PHP scripts run from Cron
Replies: 2
Views: 1341

Re: How to ignore PHP scripts run from Cron

Same issue. Banging my head against a wall. Did you ever figure it out?
by consultant
18 May 2020, 17:42
Forum: General Discussion (csf)
Topic: Help With Pignore Syntax Suspicious Process
Replies: 2
Views: 615

Re: Help With Pignore Syntax Suspicious Process

Neither one of these seem to work

pcmd:*cron.php
pcmd:^cron.php

Could it be I need to escape the period? \.
by consultant
12 May 2020, 19:23
Forum: General Discussion (csf)
Topic: Help With Pignore Syntax Suspicious Process
Replies: 2
Views: 615

Re: Help With Pignore Syntax Suspicious Process

Duh, in posting this I think I just figured out the problem. There is no forward slash leading the cron.php parameter!

Did I get it right? Still curious is ^ or * should be use to provide a wild card for the command path.
by consultant
12 May 2020, 19:22
Forum: General Discussion (csf)
Topic: Help With Pignore Syntax Suspicious Process
Replies: 2
Views: 615

Help With Pignore Syntax Suspicious Process

I'm getting these suspicious process warnings: Executable: /home/virtfs/elemcms/opt/cpanel/ea-php73/root/usr/bin/php Command Line (often faked in exploits): /opt/cpanel/ea-php73/root/usr/bin/php -f cron.php I'm not a REGEX expert and the documentation on all the different configs in the Pignore file...
by consultant
06 Oct 2019, 23:20
Forum: General Discussion (csf)
Topic: Monitoring Blocks from Blocklists
Replies: 1
Views: 818

Monitoring Blocks from Blocklists

I recentley added the Firehole Level 1 block list (4400 IPs http://iplists.firehol.org/) which is a combination of block lists. I'm surprised I'm not seeing any blocks from it in the log. Do I need to change a setting to log blocks from block lists?
by consultant
06 Oct 2019, 20:36
Forum: General Discussion (csf)
Topic: Blocking Brute Force Same Login - Different IPs
Replies: 1
Views: 820

Blocking Brute Force Same Login - Different IPs

I have a Wordpress site that uses a different admin login username. Somehow the new username got broadcast to whatever hackers get their "known" usernames for a site from as now I can see in my Wordpress logs there are frequent failed logins for this username from different IP addresses. I...