How can I change what goes into the deny lines in the csf.deny
Example:
#.#.#.# # lfd: (mod_security)
#.#.#.# # lfd: (smtpauth) Failed SMTP AUTH login from
To:
#.#.#.# # Security filter triggered
#.#.#.# # Failed SMTP Logins
Search found 22 matches
- 06 Oct 2020, 00:53
- Forum: General Discussion (csf)
- Topic: Cleaner Deny Descriptions
- Replies: 0
- Views: 710
- 17 Sep 2020, 04:26
- Forum: General Discussion (csf)
- Topic: Messenger Not Updating
- Replies: 2
- Views: 418
Re: Messenger Not Updating
Flipping it back to v1 did the trick for me.
- 17 Sep 2020, 04:20
- Forum: General Discussion (csf)
- Topic: Messenger Not Updating
- Replies: 2
- Views: 418
Re: Messenger Not Updating
and then there is this as well... --mregen MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration. This will also gracefully restart httpd csf --mregen csf - MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration: Sep 16 20:16:48 serverlfd[52333]: *MESSENGERV2*: Unable to generate ...
- 17 Sep 2020, 04:12
- Forum: General Discussion (csf)
- Topic: Messenger Not Updating
- Replies: 2
- Views: 418
Messenger Not Updating
1 out of 10 servers updated the messenger index.recaptcha.html file. I have restarted csf, lfd, apache (v2 used), cleared caches, tried different browsers, different domain names but and yet it is still showing the default files when any host is hit at port 8888. This has been an ongoing issue since...
- 17 Sep 2020, 01:59
- Forum: General Discussion (csf)
- Topic: Unable to update /etc/csf/messenger/index.html
- Replies: 8
- Views: 4094
Re: Unable to update /etc/csf/messenger/index.html
This has been an ongoing issue for a while now. I still encounter it from time to time even after restarting lfd and using a new private window in FireFox and a new domain name on the server.
- 17 Sep 2020, 01:11
- Forum: General Discussion (csf)
- Topic: Messenger
- Replies: 0
- Views: 525
Messenger
I am seeing quite a few new files in the messenger directory along with an index.php which references invalid files. I understand what the .text file is for, can we get an up to date breakdown on what files are used for what now?
Thank you.
Thank you.
- 28 Apr 2020, 17:58
- Forum: General Discussion (csf)
- Topic: SSH Distributed Attack Floods
- Replies: 7
- Views: 2269
Re: SSH Distributed Attack Floods
If these are all blocked ports, why would it matter?
- 27 Apr 2020, 22:08
- Forum: General Discussion (csf)
- Topic: SSH Distributed Attack Floods
- Replies: 7
- Views: 2269
Re: SSH Distributed Attack Floods
As clearly indicated, these ports in the emails are ephemeral, and not the port SSH is on. Why is that? Hope this clarifies what I tried to wrote. The only one who knows the SSH port is you, so, hackers have to guess what port to attack. They use exploit scripts that tries to guess the SSH port and ...
- 27 Apr 2020, 02:11
- Forum: General Discussion (csf)
- Topic: SSH Distributed Attack Floods
- Replies: 7
- Views: 2269
Re: SSH Distributed Attack Floods
This does not answer my question and seems to be missing several underlying key points. Why is this showing up in an ephemeral port range in the first place? SSH is not on a standard port as indicated and can only be hit there. It appears to be more of a case of false positives. It is because the ha...
- 16 Apr 2020, 20:03
- Forum: General Discussion (csf)
- Topic: SSH Distributed Attack Floods
- Replies: 7
- Views: 2269
SSH Distributed Attack Floods
The latest version of configserver firewall. This one is driving me a little bonkers. We are all aware of the increase in SSH attacks lately. We run SSH on a non-standard port pretty high up but we are still seeing a MASSIVE influx of distributed SSH blocks on ports not related to our SSH port which...