Search found 35 matches

by sahostking
17 Aug 2022, 12:13
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 92
Views: 1935788

Re: Custom REGEX rules for CSF.

will this block any attacks on joomla and opencart admin and administrator folders? or will it block legitimate customers too? # ADMIN FOLDER if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^(\S+).*POST.*(\/admin).* (200|401)/)) { return ("admin folder",$1,"ADMINFOLDER",&quo...
by sahostking
10 Jun 2022, 11:10
Forum: General Discussion (csf)
Topic: LFD crashing any ideas?
Replies: 2
Views: 721

Re: LFD crashing any ideas?

Reinstalled fresh copy on Directadmin server. May be that their update causing it. Will have to look into it a bit more
by sahostking
26 May 2022, 12:43
Forum: General Discussion (csf)
Topic: LFD crashing any ideas?
Replies: 2
Views: 721

LFD crashing any ideas?

Main Process: Unmatched [ in regex; marked by <-- HERE in m/[ <-- HERE Thu (Unknown)/ at /usr/sbin/lfd line 7793, <$lffd[...]> line 12

Get this error not sure what it is.

Keep having to restart lfd every hour on one server
by sahostking
20 May 2022, 06:08
Forum: General Discussion (csf)
Topic: DirectAdmin modsecurity denials not blocked by CSF/LFD
Replies: 3
Views: 7744

Re: DirectAdmin modsecurity denials not blocked by CSF/LFD

wrt to this post I assume this would be correct then? #mod_security v2 (apache on DirectAdmin host) if (($config{LF_MODSEC}) and ($globlogs{MODSEC_LOG}{$lgfile}) and ($line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client \S+:\S+\] \[client (\S+)\] ModSecurity:(( \[[^\]...
by sahostking
19 May 2022, 07:55
Forum: General Discussion (csf)
Topic: LFD causing kernel panic
Replies: 3
Views: 2230

Re: LFD causing kernel panic

yea on all our servers I am noticing lfd keeps crashing and appears on our monitoring. We keep having to start it on random servers every few hours.

Must be new update causing this as it has been running for years fine
by sahostking
18 May 2022, 15:21
Forum: General Discussion (csf)
Topic: CSF vs Imunify360
Replies: 3
Views: 2861

Re: CSF vs Imunify360

In my opinion both have their benefits. But Imunify360 has more features that CSF. CSF is just a firewall whereas Imunify360 has malware scanner, proactive scanner, etc. However If you purchase CXS and use CSF alongside they are quite similar. Imunify360 has a monthly plan where you need to pay each...
by sahostking
21 Apr 2022, 21:52
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 92
Views: 1935788

Re: Custom REGEX rules for CSF.

Something strange is happening. This rule used to work but not its not stopping attacks: # WP-LOGINS if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^(\S+).*POST.*(wp-login\.php|xmlrpc\.php).* (200|401)/)) { return ("Get lost please",$1,"WPLOGINorWHATEVER","5",&qu...
by sahostking
14 Apr 2022, 05:57
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 92
Views: 1935788

Re: Custom REGEX rules for CSF.

Something strange is happening. This rule used to work but not its not stopping attacks: # WP-LOGINS if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^(\S+).*POST.*(wp-login\.php|xmlrpc\.php).* (200|401)/)) { return ("Get lost please",$1,"WPLOGINorWHATEVER","5",&quo...
by sahostking
18 Dec 2021, 10:38
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 92
Views: 1935788

Re: Custom REGEX rules for CSF.

Hey guys! I'm using this regex to block attemps to get into xmlrpc.php file. It works great, unfortunately it only works for the root domain folder. if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST|HEAD) \/+xmlrpc\.php.*" /)) { return ("WP XMLPRC Attack&q...
by sahostking
05 Jul 2021, 11:45
Forum: General Discussion (csf)
Topic: Block countries but allow port 53/dns
Replies: 3
Views: 2416

Re: Block countries but allow port 53/dns

I would say maybe using something like this unless someone else has a better idea. You could deny services, port access to many countries attacking your server by just using their country codes. # This option denies access from the following countries to specific ports # listed in CC_DENY_PORTS_TCP ...