Search found 10 matches

by Silent Ninja
19 Jul 2018, 16:42
Forum: Suggestions (csf)
Topic: Sending update logs next to integrity check
Replies: 1
Views: 3396

Sending update logs next to integrity check

Usually LFD detects modified binaries that have been updated by yum / apt on the integrity check.

It would be quite useful if you send the last lines of the yum / apt log (last 24 hs) attached or appended to these e-mails to quickly check if those changes correlate with the modified files or not.
by Silent Ninja
30 Jan 2018, 08:13
Forum: Suggestions (csf)
Topic: Block probers
Replies: 3
Views: 4361

Re: Block probers

I believe you are looking for Mod Security and/or ConfigServer eXploit Scanner, which both have URL / uploaded file scanning patterns and LFD can block multiple matches by these two (LF_MODSEC, LF_CXS)
by Silent Ninja
30 Jan 2018, 08:09
Forum: Suggestions (csf)
Topic: auto ignore/whitelist option
Replies: 1
Views: 2953

Re: auto ignore/whitelist option

Why not just add the remote IP of the router as a whitelisted / ignored IP?
Do you have a dynamic IP?
by Silent Ninja
14 Oct 2017, 17:40
Forum: General Discussion (csf)
Topic: mod_cloudflare not detected
Replies: 1
Views: 2217

mod_cloudflare not detected

This is somewhat minor but on EA4 the security check says that I don't have mod_cloudflare installed but I do have it. Perhaps it's due to the name change on the module: #$ httpd -M | grep cloudflare [Sat Oct 14 13:38:55.345007 2017] [so:warn] [pid 28750:tid 140564230232192] AH01574: module cloudfla...
by Silent Ninja
15 Jun 2017, 20:40
Forum: General Discussion (cxs)
Topic: cxsftp warns for any php script
Replies: 2
Views: 3592

Re: cxsftp warns for any php script

Crap, just noticed that I've created this on the wrong forum, could someone move it to "General Discussion (cxs)" ?
by Silent Ninja
15 Jun 2017, 18:22
Forum: General Discussion (cxs)
Topic: cxsftp warns for any php script
Replies: 2
Views: 3592

cxsftp warns for any php script

I've recently added quarantine form cxsftp and enabled the service, but it seems that any PHP script that gets uploaded I'm notified. Scanning FTP file... Time : Thu, 15 Jun 2017 14:10:32 -0300 FTP user : webmaster@*******.*** FTP file : /home/*******/public_html/*******/page.php FTP owner : *******...
by Silent Ninja
04 Mar 2017, 15:47
Forum: Suggestions (csf)
Topic: Country whitelist on LFD
Replies: 1
Views: 6464

Country whitelist on LFD

It would be nice if we could white list countries so that they don't get blocked by the failed logins, most of the times our customers setup Outlook or similar clients and after an email password changed IMAP / SMTP blocks them. Since most of the time hackers use compromised servers or anonymous pro...
by Silent Ninja
21 Feb 2017, 19:34
Forum: General Discussion (csf)
Topic: Can't locate object method "new" via package "Crypt::CBC"
Replies: 1
Views: 2628

Re: Can't locate object method "new" via package "Crypt::CBC"

I had the same issue and it got fixed by adding use Crypt::CBC; (after the other uses), on the file /usr/sbin/csf

Perhaps it's best to wait for an official answer, but it should work just fine.
by Silent Ninja
03 Jan 2017, 14:55
Forum: General Discussion (csf)
Topic: Block a hostname forever
Replies: 1
Views: 2174

Block a hostname forever

One of our customers is having issues with a remote MX, so my plan was to block it on CSF, but every once in a while it gets cleared out due to the IP limit of the deny table.

How can I block that IP forever?

Also, is there a way to block domains using dyndns instead of just allowing them thru?
by Silent Ninja
13 Jun 2008, 22:02
Forum: Suggestions (csf)
Topic: Show how many Temporary IPs banned in a glance.
Replies: 2
Views: 3945

Also, besides this, the tempban file doesn't show the reason from the block. csf.deny shows {sshd} {imapd} or something like that, but i hadn't seen them on the tempban file, so I don't know why this IP's whas blocked. Some workaround has been to add one second to each block (eg. pop3 1800, imapd 18...