Search found 19 matches

by wolf
03 Apr 2008, 21:13
Forum: Report Bugs (csf)
Topic: CSF deleting custom rules in csf.deny
Replies: 3
Views: 7354

please note this will only work untill the csf deny limit is reached, to ensure your rules never get deleted i recommend using the global_deny file configuration for permanant rules as it is never changed by csf :)
by wolf
27 Mar 2008, 21:24
Forum: Report Bugs (csf)
Topic: Possible bug with Server Security and Settings report in CSF 3.19 and 3.20
Replies: 5
Views: 7377

Since upgrading to 3.19, when I run the Security and Settings report in CSF I get a message saying "a fatal error or timeout occurred while processing this directive" This is on a CentOS 4.4 VPS running Cpanel 11 with Apache 1.3. confirmed on dedicated CENTOS Enterprise 4.6 i686 apache 1....
by wolf
23 Mar 2008, 15:51
Forum: Suggestions (csf)
Topic: Regex Rules Editor
Replies: 1
Views: 3117

Regex Rules Editor

similar to my previous suggstion but prob alittle simpler. would be useful to have a whm section where one could add, edit, or remove custom rules. reason being, some hosts use many different error codes which many will trigger the default mod_security regex. a service which is locked "code 423...
by wolf
10 Feb 2008, 22:18
Forum: Suggestions (csf)
Topic: DShield
Replies: 6
Views: 9077

i guess that does cover a wide spectrum of attacks.

just wondering, if one could create a script which submits logs to be processed by dshield or anyother ip block list, could one not create a script which would send spoofed logs rendering the end data results useless to anyone?...
by wolf
10 Feb 2008, 17:45
Forum: Suggestions (csf)
Topic: DShield
Replies: 6
Views: 9077

i think DShield is a list of ip addresses attempting DOS (denial of service) attacks and not remote file exploit attempts which are quite commonly caught by mod_security. But you know a website which lists such attacks would be just as useful as the dshield and sorbs lists :)
by wolf
13 Jan 2008, 16:55
Forum: Report Bugs (cmm)
Topic: general bugs
Replies: 1
Views: 10098

general bugs

cmm version is missing from home page. very annoying cmm change password always seems to work but returns error as well [webmaster+host-comp.com Undefined subroutine &Cpanel::EventHandler::event called at /usr/local/[cpanel_install_dir]/Email.pm line 1953. Cpanel::Email::passwdpop('[emailuser]',...
by wolf
13 Jan 2008, 16:31
Forum: Suggestions (csf)
Topic: add mod_security ban by error code configuration
Replies: 2
Views: 4518

exactly what code(s) does csf recognize in the mod_security audit logs? seems some codes will trigger it while others wont.
by wolf
06 Aug 2007, 12:29
Forum: Suggestions (csf)
Topic: add mod_security ban by error code configuration
Replies: 2
Views: 4518

add mod_security ban by error code configuration

I think it would be extremely useful if csf checked the error code of the audit_log and ban,temp_ban, or ignore based on the error code of the audit_log entry. eg. permanantly ban any 412 code on 1 connection while temp banning a 403 error code with 5 attempts for X seconds and ignoreing 406 alltoge...
by wolf
13 Jul 2007, 14:32
Forum: Report Bugs (csf)
Topic: Global Deny Url Error
Replies: 1
Views: 4727

Global Deny Url Error

we have tried this on two different CentOS4+ installs and found the following. when setting GLOBAL_DENY is set to http://anywhere.com/some_global_file_list , csf will sucessfully load new ips durring each cycle but will not remove them when ips are removed from the list. even when list is removed, a...