ConfigServer Community Forum

keat63

Using Host Access Control in WHM, its possible to restrict Cpanel login to specific IP or range of IP's. However, any unauthorised log in attempts will generate the following warning: "Dropping connection from xxx.xxx.xxx.xxx because of tcp_wrappers at cpsrvd.pl line ####" There are no restrictions ...

keat63

I've scoured the custom regex thread and it doesn't matter how many times i read it, it makes absolutely no logical sense to me.
I think writing my own regex is out of the question.

keat63

Returning to work today, I see multip[le attempts over a number of days of someone trying to log in to cpanel.

Dropping connection from xxx.xxx.xxx.xxx because of tcp_wrappers at cpsrvd.pl line 3622

Is anyone able to help me write a custom rule which will block the offending IP.

keat63

thanks

keat63

does anyone know where to change this message please. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "PO KCTCN1104863.jar" is on the list of unacceptable attachments for this...

keat63

Try clearing out the blocked IP's and stat with a fresh blocklist.
This may help identify google.

keat63

Whitelist your IP in CSF. Using host access control (cpanel) allow ssh access to your IP or IP's, then deny SSH to all. Then change the port number to something else. https://forums.cpanel.net/threads/change-ssh-port-via-whm.108197/ In csf, configure ssh logins to something really low like 3 strikes...

keat63

After a number of experiments and waiting for these emails to arrive, I may have figured it out.
Just in case anyone else needs this, this is what I came up with.

header FROM_YOURRULENAME ALL =~ /mydomain\.co\.uk@/i
score FROM_YOURRULENAME 0.1

Giving it a very low score for testing purposes.

keat63

I'm still struggling with this one if anyone can help at all. (envelope-from <bounce-mc.us4_8899577.1056541-sales=mydomain.co.uk@mail208.atl61.xxxx.net>) I'm looking to score this phrase "sales=mydomain.co.uk@" I see a rule in SA which may do the trick if I could get the rejex right. header LOCAL_DE...

keat63

Actually, I think I stumbled on the answer.

Max Spam Check Size =

ConfigServer Community Forum

Search found 83 matches

Re: Custom REGEX rules for CSF.

Re: really could do with some help on a custom filter

really could do with some help on a custom filter

Re: Change messages

Change messages

Re: CSF blocking Google Image Proxy Server

Re: Best practices hardening a Cpanel / WHM Setup?

Re: can anyone suggest a custom SA rule

Re: can anyone suggest a custom SA rule

Re: Not Spam - Too Large