Search found 24 matches

by sahostking
11 May 2020, 06:15
Forum: General Discussion (cxs)
Topic: CXS Causing higher than usual server load
Replies: 1
Views: 2620

Re: CXS Causing higher than usual server load

I think CXSwatch is the culprit as it checks every file on the server when modified etc and new files.
So note also if your server has tons of files changing and its not an SSD or CPU is too weak and cannot keep up then load will go up.

Look at that aswell = just a tip.
by sahostking
11 May 2020, 06:13
Forum: General Discussion (cxs)
Topic: CXS and the cPanel Transfer Tool
Replies: 1
Views: 1318

Re: CXS and the cPanel Transfer Tool

Maybe check if you have cxs blocks enabled as it adds ip lists to CSF. In otherwords check /etc/cxs/cxs.blocklists and comment all the lists. Restart CSF and retry Alternatively check for your server IPs in the list https://download.configserver.com/reputation/all.txt Note you can only download that...
by sahostking
11 May 2020, 06:10
Forum: General Discussion (cxs)
Topic: IP Reputation Poopulation
Replies: 2
Views: 832

Re: IP Reputation Poopulation

I've had the same issue but we notice enabling the individual lists like LF_SMTP seem to block very nicely
So we enabled the following:

CXS_LF_SSHD
CXS_LF_FTPD
CXS_LF_SMTPAUTH
CXS_LF_CXS

Works quiet well for us atleast and load has gone down ALOT.
by sahostking
01 Oct 2018, 10:17
Forum: General Discussion (cxs)
Topic: PHP Malware.expert Signatures with CXS
Replies: 0
Views: 1238

PHP Malware.expert Signatures with CXS

Hi guys

I'd like to know if I should configure CXS with ClamAV "Unofficial Signatures Option" if i'm using the following on clamav:

https://malware.expert/signatures/

Thoughts?
by sahostking
06 Mar 2017, 11:52
Forum: MailScanner Front-End
Topic: Remove Pending Queue
Replies: 0
Views: 945

Remove Pending Queue

With exim you usually just get one queue called the delivery queue. With Mailscanner we get a pending queue aswell.

Kind of messing up monitoring.

Anyway to have just one queue rather than monitoring both?
by sahostking
15 Oct 2016, 17:25
Forum: General Discussion (cxs)
Topic: Why did this get blocked by csf
Replies: 0
Views: 1219

Why did this get blocked by csf

Hi This got blocked by CSF due to CXS block upload on ftp: Oct 15 16:15:18 lin05 cxs[876014]: IP:1.2.3.4 User:hcjvregm FTP upload:['/home/hcjvregm/public_html/cloner.php'] - Regular expression match = [symlink\s*\(] Trying to figure out why it did when the cxsftp.sh has the following: /usr/sbin/cxs ...
by sahostking
18 Mar 2016, 14:21
Forum: MailScanner Front-End
Topic: Randsomeware and SaneSecurity
Replies: 0
Views: 2144

Randsomeware and SaneSecurity

Customers are saying that randsomeware got through mailscanner. Customer sent to gmail where it got blocked but through mailscanner its getting through.

Now I have read that SaneSecurity can pick these types of viruses up. How does one install it?
by sahostking
11 Jun 2015, 09:33
Forum: General Discussion (csf)
Topic: Help with custom regex rules
Replies: 42
Views: 15093

Re: Help with custom regex rules

I checked now and the regex is : #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^\[modsecurity\] \[client (\S+)\] (.*) Access denied with (code|connection)/)) { $ip = $1; $acc = ""; $ip =~ s/^::ffff://; if (&checkip($ip)) {return ("mod_secur...
by sahostking
11 Jun 2015, 08:54
Forum: General Discussion (csf)
Topic: Help with custom regex rules
Replies: 42
Views: 15093

Re: Help with custom regex rules

I need assistance on a regex to block this via CSF say after 5 failed attempts : [Thu Jun 11 08:45:40.512566 2015] [:error] [pid 40857:tid 140173587228416] [client 168.63.216.42] ModSecurity: [file "/usr/local/apache/conf/modsec2.user.conf"] [line "37"] [id "5000135"] [msg "ip address blocked for 5 ...