Search found 80 matches

by BallyBasic79
08 Apr 2020, 19:49
Forum: Suggestions (csf)
Topic: csf.blocklists update
Replies: 0
Views: 2835

csf.blocklists update

DSHIELD blocklist is now secured (http s ) at: https://www.dshield.org/block.txt /etc/csf/csf.blocklists # DShield.org Recommended Block List # Details: http://dshield.org #DSHIELD|86400|0|http://www.dshield.org/block.txt Apr 8 11:27:50 server lfd[6697]: Unable to retrieve blocklist DSHIELD - Unable...
by BallyBasic79
07 Dec 2019, 00:04
Forum: General Discussion (csf)
Topic: lfd alert emails - no body text
Replies: 10
Views: 2373

Re: lfd alert emails - no body text

Good sleuthing, petre75 !

I have not looked at the emails in detail, but wonder if the emails are standards compliant, or if it O365 that is failing to render the standard.
by BallyBasic79
05 Dec 2019, 04:01
Forum: General Discussion (csf)
Topic: lfd alert emails - no body text
Replies: 10
Views: 2373

Re: lfd alert emails - no body text

Curious if it is a rendering issue.

Is the message body totally missing, or just not shown?
If you look at the message source, is it there?
If you use a third party email client to look at the message sent to O365, does it show?
by BallyBasic79
02 Nov 2019, 21:02
Forum: General Discussion (csf)
Topic: ERROR: Faststart invalid port/service
Replies: 1
Views: 1242

Re: ERROR: Faststart invalid port/service

Does it matter which IP? Or how it is entered? Maybe just a copy and paste error, but the IP in the two code blocks provided doesn't match. I haven't researched that error in more depth, but it looks like you may have invalid characters in csf.deny. Maybe ` or ' in the entries? Start by checking the...
by BallyBasic79
02 Nov 2019, 06:52
Forum: General Discussion (csf)
Topic: regex for URI not URL
Replies: 7
Views: 2235

Re: regex for URI not URL

Yes, stack them up. Be sure to keep the syntax of each statement complete. Essentially:

Code: Select all

if ( ... ) {
	return ( ... );
}

by BallyBasic79
02 Nov 2019, 01:33
Forum: General Discussion (csf)
Topic: regex for URI not URL
Replies: 7
Views: 2235

Re: regex for URI not URL

Nice job! Each rule checks a specific log for a specific pattern match and captures the IP. It returns a comment, the IP, a rule name, and specifies trigger level, ports to block (opt), temp/perm, cloudflare. Each rule is very specific to a set of conditions and results so you will likely need one r...
by BallyBasic79
01 Nov 2019, 18:42
Forum: General Discussion (csf)
Topic: regex for URI not URL
Replies: 7
Views: 2235

Re: regex for URI not URL

You will be empowered by some study in pattern matching and regular expressions. Here, the offending IP starts the log string which also contains the target keyword.

You can see how to match that and capture the IP address with this interactive regex tool:
https://rubular.com/r/EvW0POJTwizNM9
by BallyBasic79
01 Nov 2019, 06:32
Forum: General Discussion (csf)
Topic: stop emailing alerts about temporarily Block IP?
Replies: 1
Views: 1190

Re: stop emailing alerts about temporarily Block IP?

csf.conf: ############################################################################### # SECTION:Login Failure Blocking and Alerts ############################################################################### # Send an email alert if an IP address is blocked by one of the [*] triggers LF_EMAIL_...
by BallyBasic79
01 Nov 2019, 06:24
Forum: General Discussion (csf)
Topic: regex for URI not URL
Replies: 7
Views: 2235

Re: regex for URI not URL

Please post a few example log lines which show what you are trying to match.
by BallyBasic79
22 Oct 2019, 01:30
Forum: General Discussion (csf)
Topic: csf & geoip
Replies: 2
Views: 1269

Re: csf & geoip

At first glance, it looks like the only port allowed for GB is 22. Be sure to include all ports allowed.