Search found 80 matches

by BallyBasic79
08 Apr 2020, 19:49
Forum: Suggestions (csf)
Topic: csf.blocklists update
Replies: 0
Views: 2111

csf.blocklists update

DSHIELD blocklist is now secured (http s ) at: https://www.dshield.org/block.txt /etc/csf/csf.blocklists # DShield.org Recommended Block List # Details: http://dshield.org #DSHIELD|86400|0|http://www.dshield.org/block.txt Apr 8 11:27:50 server lfd[6697]: Unable to retrieve blocklist DSHIELD - Unable...
by BallyBasic79
07 Dec 2019, 00:04
Forum: General Discussion (csf)
Topic: lfd alert emails - no body text
Replies: 10
Views: 1415

Re: lfd alert emails - no body text

Good sleuthing, petre75 !

I have not looked at the emails in detail, but wonder if the emails are standards compliant, or if it O365 that is failing to render the standard.
by BallyBasic79
05 Dec 2019, 04:01
Forum: General Discussion (csf)
Topic: lfd alert emails - no body text
Replies: 10
Views: 1415

Re: lfd alert emails - no body text

Curious if it is a rendering issue.

Is the message body totally missing, or just not shown?
If you look at the message source, is it there?
If you use a third party email client to look at the message sent to O365, does it show?
by BallyBasic79
02 Nov 2019, 21:02
Forum: General Discussion (csf)
Topic: ERROR: Faststart invalid port/service
Replies: 1
Views: 1006

Re: ERROR: Faststart invalid port/service

Does it matter which IP? Or how it is entered? Maybe just a copy and paste error, but the IP in the two code blocks provided doesn't match. I haven't researched that error in more depth, but it looks like you may have invalid characters in csf.deny. Maybe ` or ' in the entries? Start by checking the...
by BallyBasic79
02 Nov 2019, 06:52
Forum: General Discussion (csf)
Topic: regex for URI not URL
Replies: 7
Views: 1552

Re: regex for URI not URL

Yes, stack them up. Be sure to keep the syntax of each statement complete. Essentially:

Code: Select all

if ( ... ) {
	return ( ... );
}

by BallyBasic79
02 Nov 2019, 01:33
Forum: General Discussion (csf)
Topic: regex for URI not URL
Replies: 7
Views: 1552

Re: regex for URI not URL

Nice job! Each rule checks a specific log for a specific pattern match and captures the IP. It returns a comment, the IP, a rule name, and specifies trigger level, ports to block (opt), temp/perm, cloudflare. Each rule is very specific to a set of conditions and results so you will likely need one r...
by BallyBasic79
01 Nov 2019, 18:42
Forum: General Discussion (csf)
Topic: regex for URI not URL
Replies: 7
Views: 1552

Re: regex for URI not URL

You will be empowered by some study in pattern matching and regular expressions. Here, the offending IP starts the log string which also contains the target keyword.

You can see how to match that and capture the IP address with this interactive regex tool:
https://rubular.com/r/EvW0POJTwizNM9
by BallyBasic79
01 Nov 2019, 06:32
Forum: General Discussion (csf)
Topic: stop emailing alerts about temporarily Block IP?
Replies: 1
Views: 945

Re: stop emailing alerts about temporarily Block IP?

csf.conf: ############################################################################### # SECTION:Login Failure Blocking and Alerts ############################################################################### # Send an email alert if an IP address is blocked by one of the [*] triggers LF_EMAIL_...
by BallyBasic79
01 Nov 2019, 06:24
Forum: General Discussion (csf)
Topic: regex for URI not URL
Replies: 7
Views: 1552

Re: regex for URI not URL

Please post a few example log lines which show what you are trying to match.
by BallyBasic79
22 Oct 2019, 01:30
Forum: General Discussion (csf)
Topic: csf & geoip
Replies: 2
Views: 955

Re: csf & geoip

At first glance, it looks like the only port allowed for GB is 22. Be sure to include all ports allowed.