Search found 10 matches

by aegis
25 Apr 2019, 01:38
Forum: General Discussion (cxs)
Topic: IP Reputation Poopulation
Replies: 2
Views: 804

Re: IP Reputation Poopulation

I've had a similar problem. I've a user who persistently gets her IMAP login wrong. She has a phone with the wrong password. When she arrives at work, they get a temp ban. The temp ban then gets sent to ConfigServer's IP reputation server and they end up on the CXS_ALL list. In the meantime the temp...
by aegis
24 Jul 2018, 15:35
Forum: General Discussion (csf)
Topic: Centrally Manage CSF from one server
Replies: 2
Views: 1091

Re: Centrally Manage CSF from one server

The config files and settings are set on each server but it does have a cluster facility whereby you can block and unblock IPs across the entire cluster from another cluster member.
by aegis
09 Feb 2018, 10:30
Forum: Suggestions (cxs)
Topic: CLEAN button in quarantine?
Replies: 2
Views: 3219

Re: CLEAN button in quarantine?

Thread resurrection. I was clearing up a site earlier and was thinking through the process. I get an email with all the exploits/fingerprints/viruses etc but then cut out the filename from the email, paste in to a shell to view it and then I decide to either delete the file, quarantine it or edit it...
by aegis
05 Dec 2016, 14:28
Forum: Suggestions (cxs)
Topic: WHMCS Module
Replies: 1
Views: 3039

Re: WHMCS Module

A module that let you run a scan from the admin side of WHMCS would be useful also so that support staff could order a scan if the client thinks their site may be exploited.
by aegis
25 Oct 2016, 12:41
Forum: General Discussion (cxs)
Topic: Seeming false positive - not sure
Replies: 2
Views: 8540

Re: Seeming false positive - not sure

Bumping an old thread here but we've had an uptick in this recently. Presumably they're trying to upload a replacement file to exploit the hole in Revolution Slider that was discovered and patched some time ago. It's somewhat concerning that through Wordpress's admin-ajax.php they can get a file thr...
by aegis
06 Nov 2014, 10:34
Forum: Suggestions (cmm)
Topic: Order by Date
Replies: 2
Views: 5389

Re: Order by Date

Adding a +1 for this.

Some of my customers have inboxes with 1000s of emails in them and currently with it being ordered oldest -> newest I have to wait minutes for the browser to load the entire mailbox to get to the most recent messages.
by aegis
04 Nov 2014, 17:18
Forum: General Discussion (cmc)
Topic: ModSecurity features in cPanel 11.46
Replies: 3
Views: 5376

ModSecurity features in cPanel 11.46

11.46 adds ModSecurity features to WHM/cPanel which on the face of it seems like a great thing but is it?

Does it conflict with ConfigServer's ModSecurity Control?
by aegis
16 Apr 2013, 14:43
Forum: General Discussion (csf)
Topic: What's the best solution in CSF for DNS/named flooding?
Replies: 5
Views: 5991

Re: What's the best solution in CSF for DNS/named flooding?

A client of mine has been getting repeatedly hit by these kinds of DNS attacks and would appreciate if anyone has any further insight as to how to solve it. Like the OP their DNS was getting repeatedly asked to respond to A / MX record requests for domains they used to host but no longer did. The so...
by aegis
05 Jun 2010, 20:47
Forum: Suggestions (csf)
Topic: PT_USERMEM / PT_USERTIME Debugging info
Replies: 1
Views: 2153


At the moment when PT_USERMEM or PT_USERTIME are exceeded you just get a message telling you which process has exceeded the limit. Could more debugging info be included such as a trace of the process causing the memory limit to be broken? For example, I've had a couple of users go past a 200MB limit...
by aegis
02 Feb 2010, 21:43
Forum: Suggestions (cmc)
Topic: Statistics
Replies: 2
Views: 4434


This is a long term one perhaps... I was working through mod_security logs and thinking 'I wonder which sites and which rules are getting the most attention?'. So, how about some kind of statistics tracking for sites and rules. It'd help with security if we knew which sites get hit a lot and which r...