Search found 2 matches

by ilansch
09 Jul 2014, 18:38
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 56
Views: 64683

Re: Custom REGEX rules for CSF.

The attacks on our servers from the user ylmf-pc are directed to exim, so here is the modified rule for exim on CentOS 6.5 with DirectAdmin: if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\S+\s+login authenticator failed for (\S*)\s?\(ylmf-pc\) \[(\S+)\]/)) { return ("smtp_auth attack",...
by ilansch
03 Dec 2012, 03:39
Forum: Suggestions (csf)
Topic: Block based on the "host" IP instead of the connection IP
Replies: 1
Views: 2040

Block based on the "host" IP instead of the connection IP

Not sure if the title describes what I mean, so I'll explain. Lately we are receiving brute force attacks (SMTP) from different spoofed IP addresses, but they all have in common "host" IP, for example: 2012-12-02 09:10:27 login authenticator failed for host100-107-static. 224-95-b. business. telecom...