ConfigServer Community Forum

I have enabled IPV6 in csf.conf - but a specific IPV6 address continually hitting my server - how to block it ?

I put it in the /etc/csf/csf.deny: but it is not stopping it

Please help;

This is an old question - but has come up for me today.

An IPV6 Ip address is continually hitting my server and I want to slow it down. When I try to block it, I get

deny failed: [IPV6 address] is valid IPv6 but IPV6 is not enabled in csf.conf

So what's the best way to deal with this?

I should say, the reason I ask is I had an rogue IP that DDOSed the server by hitting a site multiple times in 6 minutes and the server crashed.... I can also see that there is a "CONNLIMIT" capability. I'm assuming this be helpful in the above situation - but I've not set these parameters...

Hello If an IP starts gobbling up server resources by hitting a website multiple times, can we use CSF to rate limit them ? What I mean is, to slow the resource allocation to that IP if it is hitting the server multiple times. I currently have an Apache box with linux CentOS7 and I also use Mod Sec.

I don't think it's possible, but following in case I'm wrong.

Hi team I am using CSF and mod Security. I have implemented an automated reporting facility to AbuseIPDB. It all works well - except occasionally, it sends a report to AbuseIPDB but does not block in CSF When that happens, this is what is reported in AbuseIPDB (CT) IP 12.345.6.789 (CA/Canada/-) foun...

Most users don't have a clue about Modsec which is why they hire you. If they do understand how to use it and disable rules etc, then really why are they using cpanel ? they should probably be running their own server. I'd say leave things as they are and use the opportunity to sell your maintenance...

Came here after trying to update from inside WHM and seeing the same error. I believe here is the info from CFS team: https://blog.configserver.com/?page_id=1995 I can confirm it still works on command line: To o use this method you must be logged into root via SSH to the server and then run: curl -...

Hi there

The default refresh rate appears to be 5 seconds.

Is there a config setting somewhere to change this to e.g. 15 seconds?

Hi Sergio ! Thanks There is nothing in error log for this - that's the issue... I need to add a rule where: If too many attempts on wp-login.php e.g. 20 in 5 minutes (detected either from mod_sec log or from error_log) - then (1) ban the IP address in csf (2) block the IP in modsec So far, mod_sec d...