That question might be better posted on the WHM/Cpanel forum.
I'd be interested to learn the outcome.
Search found 106 matches
- 21 May 2018, 14:22
- Forum: General Discussion (csf)
- Topic: cPHulk Brute Force blacklisted countries still showing in csf.deny
- Replies: 1
- Views: 2135
- 21 May 2018, 08:43
- Forum: General Discussion (csf)
- Topic: Blocked IP still comes back
- Replies: 1
- Views: 1816
Re: Blocked IP still comes back
Does anyone from CSF participate in this forum.
I regularly see lots of questions with little or no credible answers.
I regularly see lots of questions with little or no credible answers.
- 17 May 2018, 10:32
- Forum: General Discussion (csf)
- Topic: Blocked IP still comes back
- Replies: 1
- Views: 1816
Blocked IP still comes back
I see in my logs a small number of failed logins from an IP, which is blocked in CSF at 00:04am xxxx.xxx.xxx.xxx # lfd: (smtpauth) Failed SMTP AUTH login from xxx.xxx.xxx.xx. (AU/Australia/New South Wales/Sydney/xxx.xxx.xxx.xx.static.exetel.com.au): 1 in the last 3600 secs - Mon May 14 00:04:44 2018...
- 11 Apr 2018, 08:20
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 93
- Views: 2018337
Re: Custom REGEX rules for CSF.
Using Host Access Control in WHM, its possible to restrict Cpanel login to specific IP or range of IP's. However, any unauthorised log in attempts will generate the following warning: "Dropping connection from xxx.xxx.xxx.xxx because of tcp_wrappers at cpsrvd.pl line ####" There are no res...
- 04 Apr 2018, 11:15
- Forum: General Discussion (csf)
- Topic: really could do with some help on a custom filter
- Replies: 1
- Views: 1862
Re: really could do with some help on a custom filter
I've scoured the custom regex thread and it doesn't matter how many times i read it, it makes absolutely no logical sense to me.
I think writing my own regex is out of the question.
I think writing my own regex is out of the question.
- 03 Apr 2018, 08:16
- Forum: General Discussion (csf)
- Topic: really could do with some help on a custom filter
- Replies: 1
- Views: 1862
really could do with some help on a custom filter
Returning to work today, I see multip[le attempts over a number of days of someone trying to log in to cpanel.
Dropping connection from xxx.xxx.xxx.xxx because of tcp_wrappers at cpsrvd.pl line 3622
Is anyone able to help me write a custom rule which will block the offending IP.
Dropping connection from xxx.xxx.xxx.xxx because of tcp_wrappers at cpsrvd.pl line 3622
Is anyone able to help me write a custom rule which will block the offending IP.
- 22 Jan 2018, 13:25
- Forum: MailScanner Front-End
- Topic: Change messages
- Replies: 2
- Views: 3944
Re: Change messages
thanks
- 19 Jan 2018, 09:38
- Forum: MailScanner Front-End
- Topic: Change messages
- Replies: 2
- Views: 3944
Change messages
does anyone know where to change this message please. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "PO KCTCN1104863.jar" is on the list of unacceptable attachment...
- 03 Jul 2017, 13:27
- Forum: General Discussion (csf)
- Topic: CSF blocking Google Image Proxy Server
- Replies: 3
- Views: 3505
Re: CSF blocking Google Image Proxy Server
Try clearing out the blocked IP's and stat with a fresh blocklist.
This may help identify google.
This may help identify google.
- 03 Jul 2017, 13:19
- Forum: General Discussion (csf)
- Topic: Best practices hardening a Cpanel / WHM Setup?
- Replies: 1
- Views: 2817
Re: Best practices hardening a Cpanel / WHM Setup?
Whitelist your IP in CSF. Using host access control (cpanel) allow ssh access to your IP or IP's, then deny SSH to all. Then change the port number to something else. https://forums.cpanel.net/threads/change-ssh-port-via-whm.108197/ In csf, configure ssh logins to something really low like 3 strikes...