ConfigServer Community Forum

How can I change what goes into the deny lines in the csf.deny

Example:
#.#.#.# # lfd: (mod_security)
#.#.#.# # lfd: (smtpauth) Failed SMTP AUTH login from

To:
#.#.#.# # Security filter triggered
#.#.#.# # Failed SMTP Logins

Flipping it back to v1 did the trick for me.

and then there is this as well... --mregen MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration. This will also gracefully restart httpd csf --mregen csf - MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration: Sep 16 20:16:48 serverlfd[52333]: *MESSENGERV2*: Unable to generate ...

1 out of 10 servers updated the messenger index.recaptcha.html file. I have restarted csf, lfd, apache (v2 used), cleared caches, tried different browsers, different domain names but and yet it is still showing the default files when any host is hit at port 8888. This has been an ongoing issue since...

This has been an ongoing issue for a while now. I still encounter it from time to time even after restarting lfd and using a new private window in FireFox and a new domain name on the server.

I am seeing quite a few new files in the messenger directory along with an index.php which references invalid files. I understand what the .text file is for, can we get an up to date breakdown on what files are used for what now?

Thank you.

If these are all blocked ports, why would it matter?

As clearly indicated, these ports in the emails are ephemeral, and not the port SSH is on. Why is that? Hope this clarifies what I tried to wrote. The only one who knows the SSH port is you, so, hackers have to guess what port to attack. They use exploit scripts that tries to guess the SSH port and ...

This does not answer my question and seems to be missing several underlying key points. Why is this showing up in an ephemeral port range in the first place? SSH is not on a standard port as indicated and can only be hit there. It appears to be more of a case of false positives. It is because the ha...

The latest version of configserver firewall. This one is driving me a little bonkers. We are all aware of the increase in SSH attacks lately. We run SSH on a non-standard port pretty high up but we are still seeing a MASSIVE influx of distributed SSH blocks on ports not related to our SSH port which...