ConfigServer Community Forum

Ohhh, that is why.

Thought I was doing something wrong, thanks for telling, appreciated.

Best Regards,
Sergio

Hi, Sarah. Would you be kind to tell me what I am doing wrong on the following rule that I have created on CXS? InmunifyAV+ is detecting the following code as malicious, so, I have added the rule in cxs.xtra to quarantine the file but is not working. This is the code that I want to block: <?php eval...

Great to know it worked for you, your welcome.

Try this instead: Sergio

This rule blocks any connection from census.shodan.io. (I really don't like attacks from these servers) # BLOCKING CENSUS SHODAN if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s\S+\sSMTP\s\D+from\s\S+(?>\.census\.shodan\.io|\.censys\-scanner\.com)\s\[(\S+)\]/i)) { return ("",$1,...

This article can help:
https://support.cpanel.net/hc/en-us/art ... ub-x-x-x-x

Do you have CXS installed or MailScanner?

First of all, you don't need to copy all the log lines, just a few ones are needed. I recommend you to add one of the following lines in csf.pignore: REGEX for any version of ea-php: pexe:/opt/cpanel/ea\-php\d+/root/usr/sbin/php\-fpm Rule just for ea-php81: exe:/opt/cpanel/ea-php81/root/usr/sbin/php...

One easy way to block Countries is using cPhulk.
Enable it on your server, then go to the BLACK LIST by Country and you can block all the ones that you don't want.

Also, you can add range of IPs that you don't want them to access your server.

Sarah, Would you be kind to check the possibility to add a "SUBJECT COUNT" into MSFE Statistics, please? It will be great if it could send a warning mail when more that 100 emails (or threshold defined by admin) with the same subject are sent, this will help to track any email account that...