Search found 795 matches

by Sergio
19 Jun 2020, 04:50
Forum: General Discussion (csf)
Topic: ConfigServer Firewall Version v14.03 bug
Replies: 1
Views: 713

Re: ConfigServer Firewall Version v14.03 bug

Try adding:

Code: Select all

exe:/opt/cpanel/ea-php72/root/usr/bin/lsphp.cagefs
into csf.pignore.
by Sergio
13 Jun 2020, 06:40
Forum: General Discussion (csf)
Topic: Blocking Wordpress Login and xmlprc attacks with LFD
Replies: 28
Views: 41149

Re: Blocking Wordpress Login and xmlprc attacks with LFD

Here is the new link for the image:
https://ibb.co/0mzF3PK

will be active for 12 hours.

Sergio
by Sergio
12 Jun 2020, 04:43
Forum: General Discussion (csf)
Topic: Blocking connections without blocking e-mail
Replies: 11
Views: 2569

Re: Blocking connections without blocking e-mail

Check all the options under: Country Code Lists and Settings Each option is well explained inside CSF FireWall Configuration. But the most importat for this to work is to have an IP DataBase. I recommend MaxMind. MaxMind is a database of all the IPs around the world with info about the Countries IPs...
by Sergio
11 Jun 2020, 04:29
Forum: General Discussion (csf)
Topic: Blocking connections without blocking e-mail
Replies: 11
Views: 2569

Re: Blocking connections without blocking e-mail

The way to do what you want is fair simple, just block any ports to CN but don't block the email ports:

110,143,993,995,25,26,463,587

In CSF search info for CC_
and check what suits for you.

Sergio
by Sergio
11 Jun 2020, 03:58
Forum: General Discussion (csf)
Topic: Blocking Wordpress Login and xmlprc attacks with LFD
Replies: 28
Views: 41149

Re: Blocking Wordpress Login and xmlprc attacks with LFD

I have tried to write here the regex rule that I wrote but the filter content has blocked my IPs I had to use 3 different connections. Here is an image of the rule based on the info that you wrote above under EDIT 2: The image will auto delete in 5 hours: https://ibb.co/jGFwJvb I have set the rule t...
by Sergio
10 Jun 2020, 22:05
Forum: General Discussion (csf)
Topic: Blocking SSH Login Attempts with CC_DENY
Replies: 1
Views: 647

Re: Blocking SSH Login Attempts with CC_DENY

Hi. After reading your post I will suggest you to do the opposite, I mean don't block all those countries, is better to allow only the countries that you want your server to be accessed and you will have lower IPs to allow thant IPs to block. About 2,000 IPs blocked, you can set it to a much higher ...
by Sergio
10 Jun 2020, 05:11
Forum: General Discussion (csf)
Topic: Disable notification for a specific mail box or better solution?
Replies: 3
Views: 908

Re: Disable notification for a specific mail box or better solution?

Ok, another way to handel this. If what you want is just not to receive the tons of emails of the account being blocked, enter webmail for the account that is receiving this notifications. On the main page of the webmail (don't enter into the mail manager) in there could be an option to create "...
by Sergio
09 Jun 2020, 19:44
Forum: General Discussion (csf)
Topic: LFD ignoring mod_security
Replies: 6
Views: 1486

Re: LFD ignoring mod_security

Nice to read that it is working, congrats.

Sergio
by Sergio
09 Jun 2020, 00:53
Forum: General Discussion (csf)
Topic: Blocking Wordpress Login and xmlprc attacks with LFD
Replies: 28
Views: 41149

Re: Blocking Wordpress Login and xmlprc attacks with LFD

@FutherForward20 Do you have the file: /etc/apache2/logs/error_log in your server? if you do, please do the following as root: less /etc/apache2/logs/error_log | grep "77.zzz.zzz.100" (change .zzz.zzz. for the real numbers of your VPN) and post one of the lines of what you got, don't forge...
by Sergio
08 Jun 2020, 05:22
Forum: General Discussion (csf)
Topic: LFD ignoring mod_security
Replies: 6
Views: 1486

Re: LFD ignoring mod_security

Nice, the rule is ok if it works, :-)
I just would use "\s" instead of "\s+" if there is only one space between words, but is not important.
I always use regex101.com to check my REGEX and to see the speed of the rule.

Sergio