Search found 13 matches

by logout
12 Apr 2021, 11:56
Forum: General Discussion (cxs)
Topic: IP Reputation Poopulation
Replies: 3
Views: 2256

Re: IP Reputation Poopulation

> It would be great if a) removing a ban on csf also removed it from cxs

I've submitted a feature request for this here:
viewtopic.php?f=27&t=12156

Please add your support.
by logout
12 Apr 2021, 11:56
Forum: Suggestions (cxs)
Topic: Unblocking IP on CSF should remove it from CXS reputation list
Replies: 0
Views: 1141

Unblocking IP on CSF should remove it from CXS reputation list

A user submitting the wrong login details to the mail service or htaccess login can easily result in their IP address being added to the CXS reputation list. Their access to the server will be blocked, and access to other servers using CXS reputation list. When a user reports the problem, the first ...
by logout
27 Apr 2020, 10:36
Forum: General Discussion (csf)
Topic: IPSET and CC_DENY No Longer Working?
Replies: 4
Views: 5249

Re: IPSET and CC_DENY No Longer Working?

An update. Some of our servers had the GeoLite2-Country-Blocks-IPv4.csv file but it was an old version from December 2019, other servers didn't have the file at all. I talked to MaxMind support. Having the MaxMind account and generating a license key is not the only requirement. You also have to acc...
by logout
23 Apr 2020, 16:48
Forum: General Discussion (csf)
Topic: IPSET and CC_DENY No Longer Working?
Replies: 4
Views: 5249

Re: IPSET and CC_DENY No Longer Working?

Did you get anywhere with this? I'm seeing a similar issue where the license key is entered, but on some servers CSF cannot detect the country of IPs. It's configured in the same way you mentioned. On the servers where it works there is a file: -rw------- 1 root root 12649147 Dec 30 16:00 /var/lib/c...
by logout
17 Feb 2020, 15:33
Forum: General Discussion (csf)
Topic: False positive on LF_QUEUE_ALERT?
Replies: 1
Views: 1028

Re: False positive on LF_QUEUE_ALERT?

The alerts were coming from an old virtual machine that has accidentally been powered on. Doh!
by logout
14 Feb 2020, 10:30
Forum: General Discussion (csf)
Topic: False positive on LF_QUEUE_ALERT?
Replies: 1
Views: 1028

False positive on LF_QUEUE_ALERT?

Since last night we've been receiving hourly alerts that LF_QUEUE_ALERT is higher than 400, but every time I check the mail queue there's only 5-10 messages in it. I've checked the /var/spool/exim* directories and same thing. I've checked /var/log/messages and see no evidence of spam. I've checked W...
by logout
16 Nov 2018, 04:45
Forum: General Discussion (csf)
Topic: Custom regex not working
Replies: 4
Views: 2503

Re: Custom regex not working

Did you get this code working in the end?
May I ask the benefit of a custom rule on csf compared with widely used
mod_security rules to block wp-login brute force? Is there any advantage here or is it just another way to achieve the same goal?
by logout
16 Nov 2018, 04:41
Forum: General Discussion (csf)
Topic: Simple Regex not working for /etc/csf/csf.pignore
Replies: 1
Views: 1521

Re: Simple Regex not working for /etc/csf/csf.pignore

I was also looking for an answer to this.

Other examples in the file have the asterisk always prefixed with a dot, so possibly:

Code: Select all

pexe:/opt/cpanel/ea-php.*/root/usr/bin/php-cgi
or use parentheses like:

Code: Select all

pexe:/opt/cpanel/ea-php(56|70|71|72)/root/usr/bin/php-cgi
That's my two cents.
by logout
07 Sep 2017, 11:25
Forum: General Discussion (csf)
Topic: csf.deny comma separated ports?
Replies: 1
Views: 1403

Re: csf.deny comma separated ports?

I've determined this isn't possible, so I've put it as a feature request here:

viewtopic.php?f=5&t=10440

Hopefully it can be implemented.
by logout
07 Sep 2017, 11:24
Forum: Suggestions (csf)
Topic: feature request - csf.deny comma separated ports?
Replies: 1
Views: 1835

feature request - csf.deny comma separated ports?

I want to be able to include command separated port numbers in the csf.deny file For example I have the following: tcp|in|d=80|s=89.248.160.0/21 scannerbots googlemapsexploit QUASINETWORKS SEYCHELLES - do not delete - Tue Apr 11 14:49:02 2017 And I want to block port 443 too tcp|in|d=80,443|s=89.248...