Search found 35 matches
- 17 Aug 2022, 12:13
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 92
- Views: 1942538
Re: Custom REGEX rules for CSF.
will this block any attacks on joomla and opencart admin and administrator folders? or will it block legitimate customers too? # ADMIN FOLDER if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^(\S+).*POST.*(\/admin).* (200|401)/)) { return ("admin folder",$1,"ADMINFOLDER",&quo...
- 10 Jun 2022, 11:10
- Forum: General Discussion (csf)
- Topic: LFD crashing any ideas?
- Replies: 2
- Views: 722
Re: LFD crashing any ideas?
Reinstalled fresh copy on Directadmin server. May be that their update causing it. Will have to look into it a bit more
- 26 May 2022, 12:43
- Forum: General Discussion (csf)
- Topic: LFD crashing any ideas?
- Replies: 2
- Views: 722
LFD crashing any ideas?
Main Process: Unmatched [ in regex; marked by <-- HERE in m/[ <-- HERE Thu (Unknown)/ at /usr/sbin/lfd line 7793, <$lffd[...]> line 12
Get this error not sure what it is.
Keep having to restart lfd every hour on one server
Get this error not sure what it is.
Keep having to restart lfd every hour on one server
- 20 May 2022, 06:08
- Forum: General Discussion (csf)
- Topic: DirectAdmin modsecurity denials not blocked by CSF/LFD
- Replies: 3
- Views: 7748
Re: DirectAdmin modsecurity denials not blocked by CSF/LFD
wrt to this post I assume this would be correct then? #mod_security v2 (apache on DirectAdmin host) if (($config{LF_MODSEC}) and ($globlogs{MODSEC_LOG}{$lgfile}) and ($line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client \S+:\S+\] \[client (\S+)\] ModSecurity:(( \[[^\]...
- 19 May 2022, 07:55
- Forum: General Discussion (csf)
- Topic: LFD causing kernel panic
- Replies: 3
- Views: 2255
Re: LFD causing kernel panic
yea on all our servers I am noticing lfd keeps crashing and appears on our monitoring. We keep having to start it on random servers every few hours.
Must be new update causing this as it has been running for years fine
Must be new update causing this as it has been running for years fine
- 18 May 2022, 15:21
- Forum: General Discussion (csf)
- Topic: CSF vs Imunify360
- Replies: 3
- Views: 2874
Re: CSF vs Imunify360
In my opinion both have their benefits. But Imunify360 has more features that CSF. CSF is just a firewall whereas Imunify360 has malware scanner, proactive scanner, etc. However If you purchase CXS and use CSF alongside they are quite similar. Imunify360 has a monthly plan where you need to pay each...
- 21 Apr 2022, 21:52
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 92
- Views: 1942538
Re: Custom REGEX rules for CSF.
Something strange is happening. This rule used to work but not its not stopping attacks: # WP-LOGINS if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^(\S+).*POST.*(wp-login\.php|xmlrpc\.php).* (200|401)/)) { return ("Get lost please",$1,"WPLOGINorWHATEVER","5",&qu...
- 14 Apr 2022, 05:57
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 92
- Views: 1942538
Re: Custom REGEX rules for CSF.
Something strange is happening. This rule used to work but not its not stopping attacks: # WP-LOGINS if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^(\S+).*POST.*(wp-login\.php|xmlrpc\.php).* (200|401)/)) { return ("Get lost please",$1,"WPLOGINorWHATEVER","5",&quo...
- 18 Dec 2021, 10:38
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 92
- Views: 1942538
Re: Custom REGEX rules for CSF.
Hey guys! I'm using this regex to block attemps to get into xmlrpc.php file. It works great, unfortunately it only works for the root domain folder. if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST|HEAD) \/+xmlrpc\.php.*" /)) { return ("WP XMLPRC Attack&q...
- 05 Jul 2021, 11:45
- Forum: General Discussion (csf)
- Topic: Block countries but allow port 53/dns
- Replies: 3
- Views: 2448
Re: Block countries but allow port 53/dns
I would say maybe using something like this unless someone else has a better idea. You could deny services, port access to many countries attacking your server by just using their country codes. # This option denies access from the following countries to specific ports # listed in CC_DENY_PORTS_TCP ...