Search found 1063 matches

by Sergio
02 Nov 2024, 13:53
Forum: General Discussion (csf)
Topic: LF_SPI requires disabling on restored Server
Replies: 1
Views: 1666

Re: LF_SPI requires disabling on restored Server

Please post a blocked note to see what is wrong.

Sergio
by Sergio
21 Oct 2024, 20:13
Forum: General Discussion (csf)
Topic: csf.pignore rules aren't working?
Replies: 2
Views: 4324

Re: csf.pignore rules aren't working?

Does a "pignore" will help you on this?

Sergio
by Sergio
04 Oct 2024, 06:24
Forum: General Discussion (csf)
Topic: Blocking Wordpress Login and xmlprc attacks with LFD
Replies: 32
Views: 85025

Re: Blocking Wordpress Login and xmlprc attacks with LFD

Here is the new rule: # BLOCKING ModSec Rules attacks if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\.\d+\s+\S+\] \[\S+:error\] \[pid \d+.*\] \[client \S+\] \[client (\S+)\] ModSecurity.*\[id "(210280|210350|210380|210481|210492|210710|210730|210831|210921)"\...
by Sergio
03 Oct 2024, 16:01
Forum: General Discussion (csf)
Topic: Blocking Wordpress Login and xmlprc attacks with LFD
Replies: 32
Views: 85025

Re: Blocking Wordpress Login and xmlprc attacks with LFD

Post a log line of your ModSecurity error_log for me to check it, thanks.

Sergio
by Sergio
16 Sep 2024, 03:54
Forum: General Discussion (csf)
Topic: Regex problem using one of the pre-defined lsws ones
Replies: 1
Views: 2251

Re: Regex problem using one of the pre-defined lsws ones

Testing your sample log at regex101 the rule is working as should be and shows:

GROUP1 144-165 someaddress@gmail.com
GROUP2 170-181 12.34.56.78

Could it be that the IP is in a white list?

Sergio
by Sergio
19 Aug 2024, 05:00
Forum: General Discussion (csf)
Topic: Ignore WHM/cPanel login emails from Static IP
Replies: 1
Views: 2549

Re: Ignore WHM/cPanel login emails from Static IP

Yes, is possible if your email is in your cpanel, you can create a filter to delete that email when it is your own IP that logged in.
Sergio
by Sergio
25 Jul 2024, 05:13
Forum: General Discussion (csf)
Topic: Is there a way to exclude one user from blocks in CSF?
Replies: 2
Views: 4423

Re: Is there a way to exclude one user from blocks in CSF?

Yes, you can add the IP to the white list.

If those users have dedicated IPs then you can WhiteList those IPs.
Remember that CSF is a FireWall based on IPs, so to white list them you have to white list the IPs.
by Sergio
17 Jul 2024, 01:33
Forum: General Discussion (csf)
Topic: Csf Block my whitlelist ip
Replies: 9
Views: 8479

Re: Csf Block my whitlelist ip

You have to check a few things. - Does cPhulk is running in your server? If yes, then check if the IP is not being block by cPhulk. If it is, then add your IP on the whitelist in cPhulk. - Have you tried to add your IP on /etc/csf/csf.ignore ? If not then, do what the readme on file suggest: # The f...
by Sergio
26 Jun 2024, 15:52
Forum: General Discussion (csf)
Topic: Csf Block my whitlelist ip
Replies: 9
Views: 8479

Re: Csf Block my whitlelist ip

Have you checked that the IP that you are white listening is not in an RBL?