Search found 22 matches

by UWH-David
06 Oct 2020, 00:53
Forum: General Discussion (csf)
Topic: Cleaner Deny Descriptions
Replies: 0
Views: 710

Cleaner Deny Descriptions

How can I change what goes into the deny lines in the csf.deny

Example:
#.#.#.# # lfd: (mod_security)
#.#.#.# # lfd: (smtpauth) Failed SMTP AUTH login from

To:
#.#.#.# # Security filter triggered
#.#.#.# # Failed SMTP Logins
by UWH-David
17 Sep 2020, 04:26
Forum: General Discussion (csf)
Topic: Messenger Not Updating
Replies: 2
Views: 418

Re: Messenger Not Updating

Flipping it back to v1 did the trick for me.
by UWH-David
17 Sep 2020, 04:20
Forum: General Discussion (csf)
Topic: Messenger Not Updating
Replies: 2
Views: 418

Re: Messenger Not Updating

and then there is this as well... --mregen MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration. This will also gracefully restart httpd csf --mregen csf - MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration: Sep 16 20:16:48 serverlfd[52333]: *MESSENGERV2*: Unable to generate ...
by UWH-David
17 Sep 2020, 04:12
Forum: General Discussion (csf)
Topic: Messenger Not Updating
Replies: 2
Views: 418

Messenger Not Updating

1 out of 10 servers updated the messenger index.recaptcha.html file. I have restarted csf, lfd, apache (v2 used), cleared caches, tried different browsers, different domain names but and yet it is still showing the default files when any host is hit at port 8888. This has been an ongoing issue since...
by UWH-David
17 Sep 2020, 01:59
Forum: General Discussion (csf)
Topic: Unable to update /etc/csf/messenger/index.html
Replies: 8
Views: 4094

Re: Unable to update /etc/csf/messenger/index.html

This has been an ongoing issue for a while now. I still encounter it from time to time even after restarting lfd and using a new private window in FireFox and a new domain name on the server.
by UWH-David
17 Sep 2020, 01:11
Forum: General Discussion (csf)
Topic: Messenger
Replies: 0
Views: 525

Messenger

I am seeing quite a few new files in the messenger directory along with an index.php which references invalid files. I understand what the .text file is for, can we get an up to date breakdown on what files are used for what now?

Thank you.
by UWH-David
28 Apr 2020, 17:58
Forum: General Discussion (csf)
Topic: SSH Distributed Attack Floods
Replies: 7
Views: 2269

Re: SSH Distributed Attack Floods

If these are all blocked ports, why would it matter?
by UWH-David
27 Apr 2020, 22:08
Forum: General Discussion (csf)
Topic: SSH Distributed Attack Floods
Replies: 7
Views: 2269

Re: SSH Distributed Attack Floods

As clearly indicated, these ports in the emails are ephemeral, and not the port SSH is on. Why is that? Hope this clarifies what I tried to wrote. The only one who knows the SSH port is you, so, hackers have to guess what port to attack. They use exploit scripts that tries to guess the SSH port and ...
by UWH-David
27 Apr 2020, 02:11
Forum: General Discussion (csf)
Topic: SSH Distributed Attack Floods
Replies: 7
Views: 2269

Re: SSH Distributed Attack Floods

This does not answer my question and seems to be missing several underlying key points. Why is this showing up in an ephemeral port range in the first place? SSH is not on a standard port as indicated and can only be hit there. It appears to be more of a case of false positives. It is because the ha...
by UWH-David
16 Apr 2020, 20:03
Forum: General Discussion (csf)
Topic: SSH Distributed Attack Floods
Replies: 7
Views: 2269

SSH Distributed Attack Floods

The latest version of configserver firewall. This one is driving me a little bonkers. We are all aware of the increase in SSH attacks lately. We run SSH on a non-standard port pretty high up but we are still seeing a MASSIVE influx of distributed SSH blocks on ports not related to our SSH port which...