Search found 24 matches

by sahostking
06 Feb 2015, 10:05
Forum: General Discussion (cxs)
Topic: Trying to lower load for CXS
Replies: 1
Views: 1894

Trying to lower load for CXS

I think I got it to lower load a bit but now I'm noticing something strange with CXS watch: This is CXS watch configuration: /usr/sbin/cxs --Wstart --allusers --www --smtp -I /etc/cxs/cxs.ignore --options M --qoptions Mv --quarantine /cxs/scan/ --Wmaxchild 3 --nofallback --Wloglevel 0 --Wsleep 15 --...
by sahostking
20 Dec 2014, 22:03
Forum: General Discussion (csf)
Topic: Exclude folder and subfolders from csf
Replies: 0
Views: 922

Exclude folder and subfolders from csf

Hi,

I am trying to install CSF / LFD on a VPS Node. But whenever I enabled CSF all is good but LFD is a problem.

Mentions all clients processes under /vz/root is a suspicous process.

How does one exclude a directly and it's subfolders and all files from LFD checks?

Thanks
by sahostking
13 Oct 2014, 14:05
Forum: General Discussion (cxs)
Topic: iowait and cxs
Replies: 0
Views: 1323

iowait and cxs

Just something I decided to look at when trying to improve disk reponsiveness on server. 05:50:01 AM CPU %user %nice %system %iowait %steal %idle 06:00:01 AM all 10.19 0.54 3.43 25.82 0.00 60.02 06:10:01 AM all 12.94 0.53 5.04 29.08 0.00 52.42 06:20:02 AM all 10.75 0.81 3.28 23.46 0.00 61.71 06:30:0...
by sahostking
29 Sep 2014, 18:10
Forum: General Discussion (csf)
Topic: Any reason why modsec rules not being blocked anymore?
Replies: 2
Views: 2038

Re: Any reason why modsec rules not being blocked anymore?

Thanks you are absolutely right.

Had to change modsec_log = /etc/httpd/logs/error_log

Now it's blocking them nicely.

Yippee :)
by sahostking
29 Sep 2014, 15:20
Forum: General Discussion (csf)
Topic: Any reason why modsec rules not being blocked anymore?
Replies: 2
Views: 2038

Any reason why modsec rules not being blocked anymore?

Hi all, Weird one I noticed today is that none of my mod security rules are being blocked anymore? I have LF_MODSEC set to 3. Is there something else I'm missing? For eg. [Mon Sep 29 16:14:09.069556 2014] [:error] [pid 982245:tid 140548245526272] [client 96.47.226.20] ModSecurity: Access denied with...
by sahostking
27 Sep 2014, 21:05
Forum: General Discussion (csf)
Topic: nf_ct_ftp attack from various IPs kill server
Replies: 1
Views: 1487

nf_ct_ftp attack from various IPs kill server

Hi, I have a weird issue. Server has been running smoothly for a few years now. But some weird issue occured today where I noticed alot of these from 1 IP: kernel: nf_ct_ftp: dropping packetIN= OUT=eth1 SRC=<IP Address> DST=<IP Address> LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=14581 DF PROTO=TCP SPT=21 D...
by sahostking
02 May 2014, 16:36
Forum: General Discussion (csf)
Topic: IPs not being blocked for ModSec
Replies: 5
Views: 5806

IPs not being blocked for ModSec

Hi all, Need some advice. LF_MODSEC = 5 LF_MODSEC_PERM = 300 LF_CXS = 1 LF_CXS_PERM = 300 I have the following settings and have Modsecurity, CXS and CSF installed though IPs are not being blocked after 5 ModSec hits: [Fri May 02 17:30:50.588560 2014] [:error] [pid 792706:tid 139737910183680] [clien...
by sahostking
15 Nov 2013, 09:22
Forum: General Discussion (cxs)
Topic: CXSwatch and CXS cron
Replies: 1
Views: 1717

CXSwatch and CXS cron

Hi,

To lower load for a webhost is running the cron job necessary.

Basically I was thinking:

1. Run CXS cronjob once a week
2. Have CXSWatch run all the time.

IS this good enough? Opinions
by sahostking
09 Nov 2013, 19:47
Forum: General Discussion (cxs)
Topic: CXS high CPU usage over 50%
Replies: 4
Views: 4020

Re: CXS high CPU usage over 50%

I'd also like to know - sitting with the same issue of high cpu usage for CXS
by sahostking
09 Nov 2013, 19:37
Forum: General Discussion (csf)
Topic: WHM Upgrade to 11.40.0 Excessive Dovecot now
Replies: 8
Views: 5967

Re: WHM Upgrade to 11.40.0 Excessive Dovecot now

Thanks just did this which helped. Not sure if it solves as to why it occured in this version itself that may be a dovecot issue but nevertheless could not stand the emails.

Thanks