Search found 70 matches

Search found 70 matches Page 7 of 7
by keat63
20 Feb 2015, 08:20
Forum: General Discussion (csf)
Topic: LFD report file checksum failed
Replies: 0
Views: 933

On the 16th of Feb, CSF posted an email stating MD5 cheksum failed on the following files. /usr/bin/less /usr/bin/pcregrep /usr/bin/pcretest /bin/grep Cpanel support have looked at this and have said that as far as they can see, these files have not been modified. Any reasons why CSF would think oth...
by keat63
06 Feb 2015, 09:29
Forum: General Discussion (csf)
Topic: Distributed Attack False Positive ?
Replies: 0
Views: 1053

My Boss is out in Thialand at the moment, and she can't get her emails on her phone. I notice that CSF has blocked her. lfd[13428]: 101.109.xxx.xxx (TH/Thailand/node-1cit.pool-101-109.dynamic.totbb.net), 5 distributed imapd attacks on account [myboss@domain.com] in the last 3600 secs - *Blocked in c...
by keat63
26 Jan 2015, 17:42
Forum: General Discussion (csf)
Topic: LFD not sending emails
Replies: 3
Views: 2101

In WHM under "Server Contacts" and then "Edit System Mail Preferences", do you have Root's emails being forwarded to a real email account ?
by keat63
16 Jan 2015, 13:31
Forum: General Discussion (csf)
Topic: whats a reasonable amount of blocks
Replies: 3
Views: 1659

I currently have LFD configured for 400 Ip blocks, which is filling up fast.
I understand that once the table has reached 400, they will fall off the end.
What's a reasonable upper limit without causing too much overhead ?
by keat63
07 Jan 2015, 13:25
Forum: Suggestions (csf)
Topic: Blocking by Mac Address
Replies: 1
Views: 1432

Blocking by Mac Address would be a nice feature.
by keat63
07 Jan 2015, 11:54
Forum: General Discussion (csf)
Topic: How to stop port scanning attacks every hour
Replies: 5
Views: 3482

I have one very similar. You could always add 89.242.44.165 #do not delete or maybe 89.24.0.0./16 #do not delete to your deny ip list. This will only block that IP (or range) though, so if they are using a proxy (is is the case for me) then the IP is constantly changing. A block by Mac address would...
by keat63
07 Jan 2015, 11:22
Forum: General Discussion (csf)
Topic: help in identifying what ports
Replies: 0
Views: 903

I seem to be getting a lot of LFD's originating from China. (not uncommon apparently) I'm keen to learn, so could anyone help decipher this one, and advise if there may be any further info i could gather? I've quite a few from the mac address associated with this one, so they must be using proxy and...
by keat63
18 Dec 2014, 09:54
Forum: General Discussion (csf)
Topic: csf and cphulk
Replies: 5
Views: 2683

I'm running both side by side, without apparent issues.
by keat63
17 Dec 2014, 15:03
Forum: General Discussion (csf)
Topic: Vulnerability Scanning
Replies: 0
Views: 848

I found the following log recently, and i assume that someone was running a vulnerability scan. ? Are there any rules which could be applied which would stop them dead in thier tracks, rather than allowing them to run 20+ scans? [Tue Dec 16 00:28:55 2014] [error] [client 176.74.184.46] File does not...
by keat63
17 Dec 2014, 15:01
Forum: General Discussion (csf)
Topic: Easy Apache
Replies: 0
Views: 982

Guys. Not sure if you can recreate this. In csf I had about 6 maybe 7 country codes listed as blocked. CN, TW, RU, RO, Possibly USA and 2 other i can't recall. When i tried to run WHM Easy Apache, it was taking for ever. With the country codes applied, it would take 5 minutes to refresh where it wou...
Search found 70 matches Page 7 of 7