Search found 11 matches

by aegis
21 Dec 2020, 13:04
Forum: Suggestions (csf)
Topic: LFD block email address instead of complete IP on many wrong logins
Replies: 7
Views: 14817

Re: LFD block email address instead of complete IP on many wrong logins

I would second this suggestion. I come across a couple of scenarios where this causes an issue semi regularly. The main one is a client has their email misconfigured on their phone. They walk in to work where it connects to wifi, blocking the entire office. Their office broadband does not have a sta...
by aegis
25 Apr 2019, 01:38
Forum: General Discussion (cxs)
Topic: IP Reputation Poopulation
Replies: 3
Views: 6165

Re: IP Reputation Poopulation

I've had a similar problem. I've a user who persistently gets her IMAP login wrong. She has a phone with the wrong password. When she arrives at work, they get a temp ban. The temp ban then gets sent to ConfigServer's IP reputation server and they end up on the CXS_ALL list. In the meantime the temp...
by aegis
24 Jul 2018, 15:35
Forum: General Discussion (csf)
Topic: Centrally Manage CSF from one server
Replies: 2
Views: 2810

Re: Centrally Manage CSF from one server

The config files and settings are set on each server but it does have a cluster facility whereby you can block and unblock IPs across the entire cluster from another cluster member.
by aegis
09 Feb 2018, 10:30
Forum: Suggestions (cxs)
Topic: CLEAN button in quarantine?
Replies: 2
Views: 8501

Re: CLEAN button in quarantine?

Thread resurrection. I was clearing up a site earlier and was thinking through the process. I get an email with all the exploits/fingerprints/viruses etc but then cut out the filename from the email, paste in to a shell to view it and then I decide to either delete the file, quarantine it or edit it...
by aegis
05 Dec 2016, 14:28
Forum: Suggestions (cxs)
Topic: WHMCS Module
Replies: 1
Views: 7887

Re: WHMCS Module

A module that let you run a scan from the admin side of WHMCS would be useful also so that support staff could order a scan if the client thinks their site may be exploited.
by aegis
25 Oct 2016, 12:41
Forum: General Discussion (cxs)
Topic: Seeming false positive - not sure
Replies: 2
Views: 11412

Re: Seeming false positive - not sure

Bumping an old thread here but we've had an uptick in this recently. Presumably they're trying to upload a replacement file to exploit the hole in Revolution Slider that was discovered and patched some time ago. It's somewhat concerning that through Wordpress's admin-ajax.php they can get a file thr...
by aegis
06 Nov 2014, 10:34
Forum: Suggestions (cmm)
Topic: Order by Date
Replies: 2
Views: 10243

Re: Order by Date

Adding a +1 for this.

Some of my customers have inboxes with 1000s of emails in them and currently with it being ordered oldest -> newest I have to wait minutes for the browser to load the entire mailbox to get to the most recent messages.
by aegis
04 Nov 2014, 17:18
Forum: General Discussion (cmc)
Topic: ModSecurity features in cPanel 11.46
Replies: 3
Views: 9311

ModSecurity features in cPanel 11.46

11.46 adds ModSecurity features to WHM/cPanel which on the face of it seems like a great thing but is it?

Does it conflict with ConfigServer's ModSecurity Control?
by aegis
16 Apr 2013, 14:43
Forum: General Discussion (csf)
Topic: What's the best solution in CSF for DNS/named flooding?
Replies: 5
Views: 10314

Re: What's the best solution in CSF for DNS/named flooding?

A client of mine has been getting repeatedly hit by these kinds of DNS attacks and would appreciate if anyone has any further insight as to how to solve it. Like the OP their DNS was getting repeatedly asked to respond to A / MX record requests for domains they used to host but no longer did. The so...
by aegis
05 Jun 2010, 20:47
Forum: Suggestions (csf)
Topic: PT_USERMEM / PT_USERTIME Debugging info
Replies: 1
Views: 3723

PT_USERMEM / PT_USERTIME Debugging info

At the moment when PT_USERMEM or PT_USERTIME are exceeded you just get a message telling you which process has exceeded the limit. Could more debugging info be included such as a trace of the process causing the memory limit to be broken? For example, I've had a couple of users go past a 200MB limit...