Search found 25 matches

by sahostking
26 Mar 2021, 19:57
Forum: General Discussion (cxs)
Topic: Is there any problem increasing filemax?
Replies: 1
Views: 114

Re: Is there any problem increasing filemax?

Nope - just uses more resources and at times creates more watches.

So if you have enough resources and fast cpus and SSDs you should be fine.
by sahostking
26 Mar 2021, 19:55
Forum: General Discussion (cxs)
Topic: Trace how malware was uploaded to server
Replies: 1
Views: 103

Re: Trace how malware was uploaded to server

Do you use modsecurity? If not consider installing OWASP rules or Comodo WAF ruleset both which are free. Usually they upload via a outdated plugin or some flaw in one. If not that then if you have no modsecurity then your server is vulnerable. Best to have Firewall + Modsecurity + CXS + ClamAV with...
by sahostking
19 Mar 2021, 17:56
Forum: General Discussion (csf)
Topic: csf causing excessive load averages
Replies: 1
Views: 80

Re: csf causing excessive load averages

Not entirely sure what the cause could be. But I would recommend you go through each setting in your csf.conf. Also are you using ipset? if not then if you have alot of blocklists enabled that could cause some slowness. Also is CSF monitoring alot of CUSTOM log locations? May be too many logs to be ...
by sahostking
22 Feb 2021, 18:25
Forum: General Discussion (cxs)
Topic: STICKY rules for CXS.XTRA regs.
Replies: 69
Views: 71183

Re: STICKY rules for CXS.XTRA regs.

Noticed tons of files with kindex.php and windex.php and wikindex.php plus many more. Created a list and here are the md5sum and regex. Add and try out if you like. # Added 22/02/2021 regall:quarantine:Pwnd By NekoBot! md5sum:quarantine:e421e55e907fcbafe575c918214140b8 md5sum:quarantine:4355572862fb...
by sahostking
31 Jan 2021, 15:39
Forum: General Discussion (cxs)
Topic: Ignore wp-content/cache/wp-rocket/domain suspicious directory
Replies: 3
Views: 3773

Re: Ignore wp-content/cache/wp-rocket/domain suspicious directory

I think you add

hdir:*/wp-content/cache/

to cxs.ignore

I stand to be corrected. Test it if you like and see?
by sahostking
31 Jan 2021, 15:36
Forum: General Discussion (cxs)
Topic: How to override IP Reputation blocked IP
Replies: 1
Views: 182

Re: How to override IP Reputation blocked IP

I think we experienced a similar issue before using the CC_IGNORE feature where we would like a country and customers IPs would still be blocked I think if they existed in those CXS lists.

I am not to sure if there is way but hopefully someone has an idea how to do so.
by sahostking
31 Jan 2021, 15:28
Forum: General Discussion (csf)
Topic: wp-login.php ban : NCSA extended/combined log
Replies: 3
Views: 288

Re: wp-login.php ban : NCSA extended/combined log

I use the following on our cpanel servers. Not sure if it is the same for you but it definitely helps us and stops tons a day: # XMLRPC if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) { return ("WP XMLPRC Attack",$1,"XMLRPC...
by sahostking
14 Jan 2021, 13:51
Forum: General Discussion (cxs)
Topic: STICKY rules for CXS.XTRA regs.
Replies: 69
Views: 71183

Re: STICKY rules for CXS.XTRA regs.

Here are some MD5sum fiels we added yesterday. Mostly uploaded mailer scripts trying to spam from server but a few were also wordpress hacking scripts. The filenames were wpz-load.php, mindex.php, ROOT.php, and many weird russian filenames I can't remember. md5sum:quarantine:0b138d902d6aea94ff386a70...
by sahostking
12 Jan 2021, 19:44
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 61
Views: 90067

Re: Custom REGEX rules for CSF.

Today we had two servers blacklisted due to spam originating from contact is pages on Joomla websites that are not using captchas. Now informing customers to do so sometimes takes time and they done even do it. So we decided to look into a way that will stop it from happening all servers without the...
by sahostking
05 Nov 2020, 05:02
Forum: General Discussion (csf)
Topic: (CSF) Check for IPs In RBLs ,not responding
Replies: 3
Views: 1976

Re: (CSF) Check for IPs In RBLs ,not responding

Did you guys figure it out yet? Think I have same problem.