Search found 12 matches

by bsntech
16 Jan 2017, 19:48
Forum: General Discussion (csf)
Topic: Allow IP Range To Port in csf.allow
Replies: 4
Views: 4822

Re: Allow IP Range To Port in csf.allow

No other ideas? I would think there has to be a way to ensure the csf.allow is called before the csf.deny, but it doesn't seem to be the case.
by bsntech
11 Jan 2017, 19:33
Forum: General Discussion (csf)
Topic: Allow IP Range To Port in csf.allow
Replies: 4
Views: 4822

Re: Allow IP Range To Port in csf.allow

Don't exactly want to trust the range as I don't want them to be able to access some ports or brute force things like SSH.

Just want them to always be able to access port 80 and port 443. But if they are brute forcing SMTP or POP, those would be blocked upon trying to do so.
by bsntech
10 Jan 2017, 22:41
Forum: General Discussion (csf)
Topic: Allow IP Range To Port in csf.allow
Replies: 4
Views: 4822

Allow IP Range To Port in csf.allow

First question: How are the rules applied? Is the csf.deny applied first and then csf.allow - or is csf.allow applied first? Here is my issue. In the csf.allow file, I have IP ranges allowed for port 80 and port 443 - idea is to prevent them from being blocked: tcp|in|d=80|s=1.1.1.0/24 tcp|in|d=443|...
by bsntech
23 Apr 2014, 18:33
Forum: General Discussion (csf)
Topic: Allow PPTP / GRE
Replies: 2
Views: 3143

Re: Allow PPTP / GRE

Resurrecting this question to see if anyone can provide assistance.

In essence, is there a file within the CSF config that allows me to specifically put in additional IPTABLES rules? If so, I could open up the GRE protocol myself by using an IPTABLES rule.

Thank you :)
by bsntech
31 Mar 2014, 21:03
Forum: General Discussion (csf)
Topic: Brute pop3 logins attack from one IP not blocked
Replies: 2
Views: 2712

Re: Brute pop3 logins attack from one IP not blocked

It might depend upon what you are using as the POP3 / IMAP server. I installed CSF on our servers over the weekend. Noticed that some things did get blocked correctly (like CERTAIN FTP attempts) but others didn't. In the end, I had to add items to the custom.regex.pm file and create new regex entrie...
by bsntech
30 Mar 2014, 19:31
Forum: General Discussion (csf)
Topic: LF Temp to Permanent Ban
Replies: 1
Views: 3123

Re: LF Temp to Permanent Ban

Was able to answer this on my own after fixing the issue on how to block 401 errors in Apache. Needless to say, you will set the specific "PERM" setting (such as LF_FTPD_PERM) to the temporary block amount - such as 300 seconds (5 minutes). The the Temp-to-Perm settings will watch and once...
by bsntech
30 Mar 2014, 18:53
Forum: General Discussion (csf)
Topic: Stop 401 Attacks in Apache
Replies: 2
Views: 3258

Re: Stop 401 Attacks in Apache

Fixed. Found another post that referenced a site I could use to check RegEx. Link to the RegEx checker: http://regex101.com/r/uO1vS2 Here is the RegEx if you want to be able to block those getting 401 errors in Apache: #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($globlogs{MODSEC_LOG}{...
by bsntech
30 Mar 2014, 18:32
Forum: General Discussion (csf)
Topic: Stop 401 Attacks in Apache
Replies: 2
Views: 3258

Re: Stop 401 Attacks in Apache

I added this to the regex.custom.pm log - doesn't seem to work. Just need some help figuring out how to make a regex to find these. Here is the code: #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^(\S+)\ (.*) 401 (.*)/)) { $ip = $1; $acc = ...
by bsntech
30 Mar 2014, 17:07
Forum: General Discussion (csf)
Topic: Stop 401 Attacks in Apache
Replies: 2
Views: 3258

Stop 401 Attacks in Apache

Getting hundreds of these attacks:

82.98.162.20 - - [29/Mar/2014:23:59:07 -0500] "GET /administrator/index.php HTTP/1.0" 401 -

I have enabled the HTACCESS and MODSEC and set the log files to the proper place, but these are not being stopped.
by bsntech
30 Mar 2014, 15:28
Forum: General Discussion (csf)
Topic: DirectAdmin virtual domain error logs not included.
Replies: 12
Views: 12165

Re: DirectAdmin virtual domain error logs not included.

Resurrecting an old thread here. Has the support for file globbing been put in place for the HTACCESS_LOG? Looking to set the HTACCESS_LOG and MODSEC_LOG to these: /path/to/*/logs/error*.log Want to be sure that CSF will open all files that start with "error" and end in ".log" th...