Search found 19 matches

by wolf
30 Aug 2008, 00:44
Forum: Suggestions (csf)
Topic: Banned IP users get info page - its possible?
Replies: 18
Views: 12716

perhaps you could use more than one dns server , the 2nd, alternate dns address pair pointing to a different box with a special page for banned users. might want to make the alt, address dns entry with a very low TTL/refresh setting as so users dont cache the entry too long. I haven't tried this, It...
by wolf
22 Jul 2008, 15:24
Forum: Report Bugs (csf)
Topic: cdir block denied still triggers temp ip blocking emails
Replies: 2
Views: 2810

oh ok I see now lol.
I had DROP_IP_LOGGING set to 1 just so we could see if one of our clients custom apps might require a specific port. I guess we will just put up with the numerous emails fo now :)
thanks chirpy
by wolf
21 Jul 2008, 20:58
Forum: MailScanner
Topic: How to allow email with png and mov attachements?
Replies: 5
Views: 4765

there could be any number of reasons why your images are being dropped/removed. you should try looking at the recieved emails and check for error messages or notices of removed content for starters. perhaps a mailserver configuration needs adjusting? or maybe your spam control or virus control syste...
by wolf
20 Jul 2008, 17:25
Forum: Report Bugs (csf)
Topic: cdir block denied still triggers temp ip blocking emails
Replies: 2
Views: 2810

cdir block denied still triggers temp ip blocking emails

I have noticed that when a cdir address (eg.67.210.3.1/24) is blocked in the csf deny list, continued hammering by ips within that subnet still trigger the csf temp ban emails. (eg. 67.210.3.66, and 67.210.3.69 will trigger temp bans if hammering even after subnet is denied.) this could give an atta...
by wolf
19 May 2008, 16:50
Forum: Report Bugs (csf)
Topic: csf ldf not blocking failed login triggers
Replies: 2
Views: 3086

fixed in version 3.31
thanks :)
by wolf
19 May 2008, 14:16
Forum: Report Bugs (csf)
Topic: csf ldf not blocking failed login triggers
Replies: 2
Views: 3086

csf ldf not blocking failed login triggers

Since the update to csf v 3.30 csf does not block failed login attempts to any service. here is an example of one of the 87 emails I found this morning. Time: Mon May 19 03:09:16 2008 IP: user (Unknown) Failures: 6 (pop3d) Interval: 240 seconds Blocked: Yes Log entries: May 19 03:09:08 server pop3d:...
by wolf
29 Apr 2008, 23:58
Forum: Suggestions (csf)
Topic: IP Blocklist Format
Replies: 7
Views: 6229

GLOBAL_DENY = "http://www.listproviderdomain.com/list.txt"

would be proper :)
by wolf
27 Apr 2008, 14:16
Forum: Suggestions (csf)
Topic: Remove Blocked IP Without Reloading iptables
Replies: 3
Views: 3581

kewl :) csf -dr [IP] has arrived in v3.26
thanks chirpy
by wolf
25 Apr 2008, 21:38
Forum: Suggestions (csf)
Topic: Remove Blocked IP Without Reloading iptables
Replies: 3
Views: 3581

What about temp banning them instead, this feature is in there. 1000+ IPs? :p Way too many, IMO. I use the tempban option for other triggers. Max num of blocked ips is dynamicly changed depending on several other monitoring systems.(eg.durring a drddos attack). we have endured attacks consisting of...
by wolf
23 Apr 2008, 18:12
Forum: Suggestions (csf)
Topic: Remove Blocked IP Without Reloading iptables
Replies: 3
Views: 3581

Remove Blocked IP Without Reloading iptables

Hey guys, I'm on dialup for alot of my time and use rather large deny lists(1000+ ips). when removeing a banned ip, it takes alongtime to upload the new deny list as well as display the full ruleset when flushing/restarting the firewall.(+20 seconds at times). just thought it would be most convenien...