Search found 13 matches

by seco
05 Feb 2020, 12:40
Forum: General Discussion (csf)
Topic: Can I see a log of blocked (dropped) connections?
Replies: 1
Views: 521

Can I see a log of blocked (dropped) connections?

Hi,

I configured CSF to block all IPs expect my IP and everything is working perfectly.
Now, my question can I check those blocked IPs. As far as I know, they are dropped so there would be no log.

Regards,
by seco
23 Jan 2020, 20:29
Forum: General Discussion (csf)
Topic: Requests in WordPress wp-includes return 520 error
Replies: 0
Views: 1349

Requests in WordPress wp-includes return 520 error

Hi, I noticed that after this latest update many requests return 520 error especially any page or file behind wp-includes This issue only appeared after the latest update (14.01)!! I didn't change anything on the server. The only thing changed is the CSF update. Note: The entire website works well a...
by seco
16 Oct 2019, 14:48
Forum: General Discussion (csf)
Topic: Block POST requests if it contains a specific word
Replies: 0
Views: 1355

Block POST requests if it contains a specific word

Hello,

Can I Block POST request if it contains a specific word or some words?

Regards,
Moderated Message:
Please do not bump threads
by seco
05 Feb 2019, 18:17
Forum: General Discussion (csf)
Topic: Restrict access to /wp-login.php based on DYNDNS
Replies: 0
Views: 545

Restrict access to /wp-login.php based on DYNDNS

Hello,

I'm already using DYNDNS feature of CSF and it's really great.
Just asking, can I write a custom regex to protect /wp-login.php and accept the request to it only from my DYNDNS IP only?

Regards,
by seco
17 Oct 2018, 09:58
Forum: General Discussion (csf)
Topic: Custom regex not working
Replies: 4
Views: 1524

Custom regex not working

Hello, I'm using this regex to block wp-login.php POST requests on /etc/csf/regex.custom.pm: if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) { return ("Failed WordPress login from",$1,"wordpress","5","80,443","3600"); } My CUSTOM2_LOG point to the access...
by seco
15 Oct 2018, 11:58
Forum: General Discussion (csf)
Topic: Block access to a subdomain
Replies: 0
Views: 876

Block access to a subdomain

Hello,

I'm using CSF with my main domain perfectly and I'm using it with Cloudflare and everything is good!
Now, I will create a subdomain and I want to block access to it, how can I do that using CSF?

Regards,
by seco
01 Jan 2018, 23:54
Forum: General Discussion (csf)
Topic: CSF not blocking IPs
Replies: 1
Views: 1026

CSF not blocking IPs

Hi
I've tried many ModSec attacks (SQL injections) on my server to see if the IP will be blocked but noting blocked.
I saw apache log, it contains all the attempts from my IP.
csf.conf contains:

LF_MODSEC_PERM=1
LF_MODSEC=1

How to block the attacking IP?
Thanks in advance.
by seco
28 Sep 2015, 10:45
Forum: General Discussion (cxs)
Topic: cxs quarantine suspicious files but csf do not block ip
Replies: 0
Views: 1971

cxs quarantine suspicious files but csf do not block ip

Hi
i upgrade php to 5.5 and everything works well
before upgrade when some one upload suspicious file the ip is blocked but now ip is not blocked !!
although other things like htaccess or cpanel or ssh attacks the ip is blocked successfully

only cxs is not blocked by csf !!
what is wrong?
by seco
05 Apr 2015, 20:16
Forum: General Discussion (cxs)
Topic: add Fingerprint for new PHP shell
Replies: 6
Views: 4175

Re: add Fingerprint for new PHP shell

one last question
now if any changes made to the file so it can now uploaded so is there any other effective method to identify the file ?
by seco
05 Apr 2015, 20:01
Forum: General Discussion (csf)
Topic: can i send SYN packets or any to the attacker
Replies: 0
Views: 1057

can i send SYN packets or any to the attacker

Hi
just fun and testing only
can i send SYN packets or any other kind of packet instead of blocking him or send those packets then block him?
thanks in advance.