Search found 14 matches

by logout
29 Jul 2021, 11:38
Forum: General Discussion (cmc)
Topic: ModSec userdata not copied during server migration?
Replies: 0
Views: 7259

ModSec userdata not copied during server migration?

We migrated clients to a new server using the WHM wizard. Should the standard migration wizard copy the modsec rule files created by CMC or is there something we should manually do? The two user files I'm referring to: /etc/apache2/conf.d/userdata/std/2_4/<username>/modsec.conf /etc/apache2/conf.d/u...
by logout
12 Apr 2021, 11:56
Forum: General Discussion (cxs)
Topic: IP Reputation Poopulation
Replies: 3
Views: 6174

Re: IP Reputation Poopulation

> It would be great if a) removing a ban on csf also removed it from cxs

I've submitted a feature request for this here:
viewtopic.php?f=27&t=12156

Please add your support.
by logout
12 Apr 2021, 11:56
Forum: Suggestions (cxs)
Topic: Unblocking IP on CSF should remove it from CXS reputation list
Replies: 1
Views: 8491

Unblocking IP on CSF should remove it from CXS reputation list

A user submitting the wrong login details to the mail service or htaccess login can easily result in their IP address being added to the CXS reputation list. Their access to the server will be blocked, and access to other servers using CXS reputation list. When a user reports the problem, the first ...
by logout
27 Apr 2020, 10:36
Forum: General Discussion (csf)
Topic: IPSET and CC_DENY No Longer Working?
Replies: 1
Views: 7515

Re: IPSET and CC_DENY No Longer Working?

An update. Some of our servers had the GeoLite2-Country-Blocks-IPv4.csv file but it was an old version from December 2019, other servers didn't have the file at all. I talked to MaxMind support. Having the MaxMind account and generating a license key is not the only requirement. You also have to acc...
by logout
23 Apr 2020, 16:48
Forum: General Discussion (csf)
Topic: IPSET and CC_DENY No Longer Working?
Replies: 1
Views: 7515

Re: IPSET and CC_DENY No Longer Working?

Did you get anywhere with this? I'm seeing a similar issue where the license key is entered, but on some servers CSF cannot detect the country of IPs. It's configured in the same way you mentioned. On the servers where it works there is a file: -rw------- 1 root root 12649147 Dec 30 16:00 /var/lib/c...
by logout
17 Feb 2020, 15:33
Forum: General Discussion (csf)
Topic: False positive on LF_QUEUE_ALERT?
Replies: 1
Views: 2042

Re: False positive on LF_QUEUE_ALERT?

The alerts were coming from an old virtual machine that has accidentally been powered on. Doh!
by logout
14 Feb 2020, 10:30
Forum: General Discussion (csf)
Topic: False positive on LF_QUEUE_ALERT?
Replies: 1
Views: 2042

False positive on LF_QUEUE_ALERT?

Since last night we've been receiving hourly alerts that LF_QUEUE_ALERT is higher than 400, but every time I check the mail queue there's only 5-10 messages in it. I've checked the /var/spool/exim* directories and same thing. I've checked /var/log/messages and see no evidence of spam. I've checked W...
by logout
16 Nov 2018, 04:45
Forum: General Discussion (csf)
Topic: Custom regex not working
Replies: 4
Views: 4255

Re: Custom regex not working

Did you get this code working in the end?
May I ask the benefit of a custom rule on csf compared with widely used
mod_security rules to block wp-login brute force? Is there any advantage here or is it just another way to achieve the same goal?
by logout
16 Nov 2018, 04:41
Forum: General Discussion (csf)
Topic: Simple Regex not working for /etc/csf/csf.pignore
Replies: 1
Views: 2380

Re: Simple Regex not working for /etc/csf/csf.pignore

I was also looking for an answer to this.

Other examples in the file have the asterisk always prefixed with a dot, so possibly:

Code: Select all

pexe:/opt/cpanel/ea-php.*/root/usr/bin/php-cgi
or use parentheses like:

Code: Select all

pexe:/opt/cpanel/ea-php(56|70|71|72)/root/usr/bin/php-cgi
That's my two cents.
by logout
07 Sep 2017, 11:25
Forum: General Discussion (csf)
Topic: csf.deny comma separated ports?
Replies: 1
Views: 2268

Re: csf.deny comma separated ports?

I've determined this isn't possible, so I've put it as a feature request here:

viewtopic.php?f=5&t=10440

Hopefully it can be implemented.