Search found 47 matches

by peterelsner
13 Dec 2012, 22:52
Forum: General Discussion (csf)
Topic: 60 logins per hour in 3600 second interval
Replies: 1
Views: 2306

Re: 60 logins per hour in 3600 second interval

Are they checking from multiple devices? IE: computer, phone, tablet... each one will be a login and if they are checking every 3 to 5 minutes on phone and every 3 to 5 minutes on computer etc... Then that will quickly add up.
by peterelsner
13 Dec 2012, 19:30
Forum: General Discussion (csf)
Topic: IP address in DSHIELD may be false positive?
Replies: 0
Views: 1561

IP address in DSHIELD may be false positive?

Got an IP address that has been blocked via DSHIELD. csf -g 37.1.222.162 Chain num pkts bytes target prot opt in out source destination DSHIELD 11 770 46212 DROP all -- * * 37.1.222.0/24 0.0.0.0/0 Looks like the entire class c was blocked here. Looking at www.dshield.org there are currently no threa...
by peterelsner
28 Nov 2012, 18:38
Forum: General Discussion (csf)
Topic: Cannot start CSF
Replies: 3
Views: 2695

Re: Cannot start CSF

This is just a guess, but It seems that some of the iptable modules are missing from your vps. Make sure the following modules are loaded: ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS tun iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter...
by peterelsner
20 Nov 2012, 21:47
Forum: Suggestions (cxs)
Topic: Send mail to scripts owner (victims)
Replies: 13
Views: 15231

Re: Send mail to scripts owner (victims)

This does not appear to be working properly... I've created the template to look like this: From: support@XXXXX.COM To: [user] CC: [to] Subject: Security Scan detected possible infection. (Hits:[hits]) (Viruses:[viruses]) (Fingerprints:[fingerprints]) Time : [time] User Contact: [user] Our security ...
by peterelsner
27 Aug 2012, 19:07
Forum: General Discussion (cxs)
Topic: plupload.silverlight.xap <- is it safe?
Replies: 14
Views: 13060

Re: plupload.silverlight.xap <- is it safe?

Yes it is. Thank you very much.
by peterelsner
03 Aug 2012, 16:07
Forum: Suggestions (csf)
Topic: LFD Feature Request: Slow Attack Check
Replies: 1
Views: 2613

Re: LFD Feature Request: Slow Attack Check

I just found 2 IP addresses from Romania, that were sending spam from 4 different, compromised email accounts.
Wonder if this is how they got the login credentials for email??
by peterelsner
03 Aug 2012, 15:51
Forum: Suggestions (cxs)
Topic: Send mail to scripts owner (victims)
Replies: 13
Views: 15231

Re: Send mail to scripts owner (victims)

+1 on this. I think it would be great, if cxs would grab the owners email address (from /var/cpanel/users/username file) and send them an email (that we can customize) that says something like: Our security scanner detected an infection on your site recently and the file has been quarantined. Please...
by peterelsner
19 Jul 2012, 19:21
Forum: General Discussion (cxs)
Topic: plupload.silverlight.xap <- is it safe?
Replies: 14
Views: 13060

Re: plupload.silverlight.xap <- is it safe?

So back to the md5sum feature... I have this in my cxs.ignore file # f3c8aaf882d1ed25a7f5fe7fd2ee4d9d is the plupload.silverlight.xap file md5sum:f3c8aaf882d1ed25a7f5fe7fd2ee4d9d hfile:plupload.silverlight.xap hfile:plupload.silverlight.dll Yet I still receive the following email daily: cxswatch Sca...
by peterelsner
04 Jun 2012, 21:09
Forum: Suggestions (csf)
Topic: csf security scan getting wrong PHP version?
Replies: 1
Views: 3172

csf security scan getting wrong PHP version?

So just updated one of the servers to the latest csf. csf v5.55 Ran a "Check Server Security" scan and under PHP Version info it says this: Check php version (/usr/local/bin/php) WARNING Any version of PHP (Current: v4.*) older than v5.3.* is now obsolete and should be considered a security threat. ...
by peterelsner
01 Jun 2012, 22:25
Forum: Suggestions (cmm)
Topic: Hourly limit is not compatilbe with 11.32.2
Replies: 7
Views: 7838

Re: Hourly limit is not compatilbe with 11.32.2

Still getting this when changing hourly limit for a domain using mail manage...

/scripts/updateemail_limits xxxxxxxx
This command is deprecated, please run /usr/local/cpanel/scripts/updateuserdomains instead
Executing /usr/local/cpanel/scripts/updateuserdomains ...

Changes saved.