Search found 1042 matches
- 13 Nov 2023, 18:59
- Forum: MailScanner Front-End
- Topic: usage question
- Replies: 5
- Views: 3235
Re: usage question
To answer your quesions: first of all i want to know if this is server wide block Yes, it is. ...and also if there is window in GUi or command to check all blacklisted address Yes, the MailScanner Front End in WHM. One more thing that you can use is WHM, go to: FILTER INCOMING EMAILS BY DOMAIN and a...
- 03 Nov 2023, 00:45
- Forum: General Discussion (csf)
- Topic: I need help with a custom log
- Replies: 1
- Views: 1400
Re: I need help with a custom log
Your regex is not well constructed to work with the LOG line that you are posting. You have escape "[" and "]". You missed "i" at "/))", it should be "/i))". There is no "@" in the log line. The IP is better to have in just one "\d+&qu...
- 29 Oct 2023, 21:12
- Forum: General Discussion (csf)
- Topic: Opening port on specific server ip.
- Replies: 1
- Views: 1092
Re: Opening port on specific server ip.
Try to add "out" as well.
- 29 Oct 2023, 21:01
- Forum: General Discussion (csf)
- Topic: alert.txt emails not being sent/arriving
- Replies: 4
- Views: 3824
Re: alert.txt emails not arriving
. . . We have configured the alert template (/usr/local/csf/tpl/alert.txt) on multiple servers to send email to a particular email account This has been working fine for a number of years. All of a sudden on one server it no longer works. We are puzzled as to why this would be the case. . . . If yo...
- 15 Oct 2023, 19:20
- Forum: MailScanner
- Topic: Use Mailscanner to Filter Subject Text
- Replies: 11
- Views: 13027
Re: Use Mailscanner to Filter Subject Text
If you want, you can do rules like this, per example for bitcoin scams: body __SERGIO_BITCOIN01 /bitcoin address can\'t be tracked/i body __SERGIO_BITCOIN02 /central intelligence agency/i body __SERGIO_BITCOIN03 /do not get money from you/i body __SERGIO_BITCOIN04 /forum in the deep web|bought from ...
- 09 Oct 2023, 22:19
- Forum: MailScanner
- Topic: Use Mailscanner to Filter Subject Text
- Replies: 11
- Views: 13027
Re: Use Mailscanner to Filter Subject Text
Hi @andyhans, in your rule you use the or command "|" (the pipe sign means "or") and add two or more subjects in the rule, per example: header SUBJ_XAMPLE Subject =~ /subject one|subject two|subject three/i score SUBJ_XAMPLE 11 describe SUBJ_XAMPLE Subject XAMPLE Or you can use t...
- 25 Sep 2023, 23:25
- Forum: General Discussion (csf)
- Topic: Regex not working in custom log
- Replies: 7
- Views: 1615
Re: Regex not working in custom log
Yes, I wanted to know exactly what you want to do.
Here is the regex that will help you:
Sergio
Here is the regex that will help you:
Code: Select all
/(\S+)\s\-\s\-\s\[\d+\/\S+\d+\s\-\d+\]\s\"\S+\"\s400\s\d+\s\"\-\"/i
- 25 Sep 2023, 21:07
- Forum: General Discussion (csf)
- Topic: Regex not working in custom log
- Replies: 7
- Views: 1615
Re: Regex not working in custom log
ok,
on that log line what are you looking for to be triggered?
Also, on that log line what do you want to receive?
on that log line what are you looking for to be triggered?
Also, on that log line what do you want to receive?
- 25 Sep 2023, 20:01
- Forum: General Discussion (csf)
- Topic: Regex not working in custom log
- Replies: 7
- Views: 1615
Re: Regex not working in custom log
Write a full log line of what you want to block and I will help you to do the regex.
Sergio
Sergio
- 25 Sep 2023, 19:49
- Forum: General Discussion (csf)
- Topic: Distributed IPs attack over large timespan
- Replies: 1
- Views: 1013
Re: Distributed IPs attack over large timespan
One option could be to use cPhulk to block those attacks.
Also, you can create your own script to block a 0/24 if more than 10 different IPs from the same 0/24 range are attacking your server.
Also, you can create your own script to block a 0/24 if more than 10 different IPs from the same 0/24 range are attacking your server.