Please post a blocked note to see what is wrong.
Sergio
Search found 1063 matches
- 02 Nov 2024, 13:53
- Forum: General Discussion (csf)
- Topic: LF_SPI requires disabling on restored Server
- Replies: 1
- Views: 1666
- 21 Oct 2024, 20:13
- Forum: General Discussion (csf)
- Topic: csf.pignore rules aren't working?
- Replies: 2
- Views: 4324
Re: csf.pignore rules aren't working?
Does a "pignore" will help you on this?
Sergio
Sergio
- 04 Oct 2024, 06:24
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 32
- Views: 85025
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Here is the new rule: # BLOCKING ModSec Rules attacks if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\.\d+\s+\S+\] \[\S+:error\] \[pid \d+.*\] \[client \S+\] \[client (\S+)\] ModSecurity.*\[id "(210280|210350|210380|210481|210492|210710|210730|210831|210921)"\...
- 03 Oct 2024, 16:01
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 32
- Views: 85025
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Post a log line of your ModSecurity error_log for me to check it, thanks.
Sergio
Sergio
- 16 Sep 2024, 03:54
- Forum: General Discussion (csf)
- Topic: Regex problem using one of the pre-defined lsws ones
- Replies: 1
- Views: 2251
Re: Regex problem using one of the pre-defined lsws ones
Testing your sample log at regex101 the rule is working as should be and shows:
GROUP1 144-165 someaddress@gmail.com
GROUP2 170-181 12.34.56.78
Could it be that the IP is in a white list?
Sergio
GROUP1 144-165 someaddress@gmail.com
GROUP2 170-181 12.34.56.78
Could it be that the IP is in a white list?
Sergio
- 19 Aug 2024, 05:00
- Forum: General Discussion (csf)
- Topic: Ignore WHM/cPanel login emails from Static IP
- Replies: 1
- Views: 2549
Re: Ignore WHM/cPanel login emails from Static IP
Yes, is possible if your email is in your cpanel, you can create a filter to delete that email when it is your own IP that logged in.
Sergio
Sergio
- 25 Jul 2024, 05:13
- Forum: General Discussion (csf)
- Topic: Is there a way to exclude one user from blocks in CSF?
- Replies: 2
- Views: 4423
Re: Is there a way to exclude one user from blocks in CSF?
Yes, you can add the IP to the white list.
If those users have dedicated IPs then you can WhiteList those IPs.
Remember that CSF is a FireWall based on IPs, so to white list them you have to white list the IPs.
If those users have dedicated IPs then you can WhiteList those IPs.
Remember that CSF is a FireWall based on IPs, so to white list them you have to white list the IPs.
- 17 Jul 2024, 01:33
- Forum: General Discussion (csf)
- Topic: Csf Block my whitlelist ip
- Replies: 9
- Views: 8479
Re: Csf Block my whitlelist ip
You have to check a few things. - Does cPhulk is running in your server? If yes, then check if the IP is not being block by cPhulk. If it is, then add your IP on the whitelist in cPhulk. - Have you tried to add your IP on /etc/csf/csf.ignore ? If not then, do what the readme on file suggest: # The f...
- 17 Jul 2024, 01:03
- Forum: General Discussion (csf)
- Topic: Where does csf keep the list of blocked emails that are associated with IP address
- Replies: 4
- Views: 5809
Re: Where does csf keep the list of blocked emails that are associated with IP address
Try checking /var/log/maillog
- 26 Jun 2024, 15:52
- Forum: General Discussion (csf)
- Topic: Csf Block my whitlelist ip
- Replies: 9
- Views: 8479
Re: Csf Block my whitlelist ip
Have you checked that the IP that you are white listening is not in an RBL?