Search found 16 matches

by sahostking
05 Nov 2020, 05:02
Forum: General Discussion (csf)
Topic: (CSF) Check for IPs In RBLs ,not responding
Replies: 3
Views: 1561

Re: (CSF) Check for IPs In RBLs ,not responding

Did you guys figure it out yet? Think I have same problem.
by sahostking
11 May 2020, 06:15
Forum: General Discussion (cxs)
Topic: CXS Causing higher than usual server load
Replies: 1
Views: 3223

Re: CXS Causing higher than usual server load

I think CXSwatch is the culprit as it checks every file on the server when modified etc and new files.
So note also if your server has tons of files changing and its not an SSD or CPU is too weak and cannot keep up then load will go up.

Look at that aswell = just a tip.
by sahostking
11 May 2020, 06:13
Forum: General Discussion (cxs)
Topic: CXS and the cPanel Transfer Tool
Replies: 1
Views: 1757

Re: CXS and the cPanel Transfer Tool

Maybe check if you have cxs blocks enabled as it adds ip lists to CSF. In otherwords check /etc/cxs/cxs.blocklists and comment all the lists. Restart CSF and retry Alternatively check for your server IPs in the list https://download.configserver.com/reputation/all.txt Note you can only download that...
by sahostking
11 May 2020, 06:10
Forum: General Discussion (cxs)
Topic: IP Reputation Poopulation
Replies: 2
Views: 1419

Re: IP Reputation Poopulation

I've had the same issue but we notice enabling the individual lists like LF_SMTP seem to block very nicely
So we enabled the following:

CXS_LF_SSHD
CXS_LF_FTPD
CXS_LF_SMTPAUTH
CXS_LF_CXS

Works quiet well for us atleast and load has gone down ALOT.
by sahostking
11 Jun 2015, 09:33
Forum: General Discussion (csf)
Topic: Help with custom regex rules
Replies: 42
Views: 18669

Re: Help with custom regex rules

I checked now and the regex is : #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^\[modsecurity\] \[client (\S+)\] (.*) Access denied with (code|connection)/)) { $ip = $1; $acc = ""; $ip =~ s/^::ffff://; if (&checkip($ip)) {retu...
by sahostking
11 Jun 2015, 08:54
Forum: General Discussion (csf)
Topic: Help with custom regex rules
Replies: 42
Views: 18669

Re: Help with custom regex rules

I need assistance on a regex to block this via CSF say after 5 failed attempts : [Thu Jun 11 08:45:40.512566 2015] [:error] [pid 40857:tid 140173587228416] [client 168.63.216.42] ModSecurity: [file "/usr/local/apache/conf/modsec2.user.conf"] [line "37"] [id "5000135"] [...
by sahostking
06 Feb 2015, 10:05
Forum: General Discussion (cxs)
Topic: Trying to lower load for CXS
Replies: 1
Views: 2137

Trying to lower load for CXS

I think I got it to lower load a bit but now I'm noticing something strange with CXS watch: This is CXS watch configuration: /usr/sbin/cxs --Wstart --allusers --www --smtp -I /etc/cxs/cxs.ignore --options M --qoptions Mv --quarantine /cxs/scan/ --Wmaxchild 3 --nofallback --Wloglevel 0 --Wsleep 15 --...
by sahostking
29 Sep 2014, 18:10
Forum: General Discussion (csf)
Topic: Any reason why modsec rules not being blocked anymore?
Replies: 2
Views: 2226

Re: Any reason why modsec rules not being blocked anymore?

Thanks you are absolutely right.

Had to change modsec_log = /etc/httpd/logs/error_log

Now it's blocking them nicely.

Yippee :)
by sahostking
29 Sep 2014, 15:20
Forum: General Discussion (csf)
Topic: Any reason why modsec rules not being blocked anymore?
Replies: 2
Views: 2226

Any reason why modsec rules not being blocked anymore?

Hi all, Weird one I noticed today is that none of my mod security rules are being blocked anymore? I have LF_MODSEC set to 3. Is there something else I'm missing? For eg. [Mon Sep 29 16:14:09.069556 2014] [:error] [pid 982245:tid 140548245526272] [client 96.47.226.20] ModSecurity: Access denied with...