Search found 1042 matches
- 31 Jan 2014, 17:19
- Forum: General Discussion (csf)
- Topic: After new CSF update, RESTRICT_SYSLOG
- Replies: 6
- Views: 8220
Re: After new CSF update, FTP block is not working.
In the mean time, What about adding in CXS something that could check if any script has some refers to syslog/rsyslog? just to start. I know it is not a big issue right now, but now that there are a few places that are talking about this, I imagine that a lot of hackers will be trying to get that pi...
- 31 Jan 2014, 17:00
- Forum: General Discussion (csf)
- Topic: After new CSF update, RESTRICT_SYSLOG
- Replies: 6
- Views: 8220
Re: After new CSF update, FTP block is not working.
Before I read the post I was trying to see if there could be a kind of hash code that syslog could add to every line truly generated by the server, right now lines comes on the way of: Jan 31 10:51:17 server1 named[13015]: client 92.46.218.238#57368: view external: query (cache) 'alt2.aspmx.l.google...
- 31 Jan 2014, 13:22
- Forum: General Discussion (csf)
- Topic: After new CSF update, RESTRICT_SYSLOG
- Replies: 6
- Views: 8220
Re: After new CSF update, FTP block is not working.
Thanks!
In your opinion, what is the best option to use?
In your opinion, what is the best option to use?
- 30 Jan 2014, 23:34
- Forum: General Discussion (csf)
- Topic: After new CSF update, RESTRICT_SYSLOG
- Replies: 6
- Views: 8220
After new CSF update, RESTRICT_SYSLOG
After new CSF ver. 6.41 CSF is not blocking FTP failed attempts, I have the following config: RESTRICT_SYSLOG = 1 LF_FTPD = 4 LF_FTPD_PERM = 1 But now LFD report is showing the following attempts: Jan 29 21:02:40 server pure-ftpd: (?@212.99.45.168) [WARNING] Authentication failed for user [Administr...
- 27 Jan 2014, 13:25
- Forum: General Discussion (cxs)
- Topic: STICKY rules for CXS.XTRA regs.
- Replies: 71
- Views: 202467
Re: STICKY rules for CXS.XTRA regs.
Thank you, qchost, I have added these to the sticky.
Regards,
Sergio
Regards,
Sergio
- 23 Jan 2014, 20:03
- Forum: General Discussion (csf)
- Topic: regex.custom.pm not triggering rule
- Replies: 3
- Views: 2594
Re: regex.custom.pm not triggering rule
It worked like a charm, thanks.
I will not forget to add the IP on future rules.
Regards,
Sergio
I will not forget to add the IP on future rules.
Regards,
Sergio
- 23 Jan 2014, 16:42
- Forum: General Discussion (csf)
- Topic: regex.custom.pm not triggering rule
- Replies: 3
- Views: 2594
Re: regex.custom.pm not triggering rule
Thanks for your reply, certainly I will try it right away.
The weird thing is that my other rules are working without adding that, I will post the results.
Regards,
Sergio
The weird thing is that my other rules are working without adding that, I will post the results.
Regards,
Sergio
- 22 Jan 2014, 17:18
- Forum: General Discussion (csf)
- Topic: regex.custom.pm not triggering rule
- Replies: 3
- Views: 2594
regex.custom.pm not triggering rule
Hi Jonathan / Sarah, I have declared the following custom rule in regex.custom.pm and it is not working: if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\S+\s+dovecot\wlogin authenticator failed for \(ylmf\-pc/)) { return ("smtp_auth attack",$1,"SMTPYLMF","1"...
- 22 Jan 2014, 04:35
- Forum: General Discussion (csf)
- Topic: Ignore Command Line
- Replies: 1
- Views: 2008
Re: Ignore Command Line
Just add to csf.pignore:
exe:/bin/tar
exe:/bin/tar
- 22 Jan 2014, 04:30
- Forum: General Discussion (csf)
- Topic: LT_POP3D
- Replies: 3
- Views: 3197
Re: LT_POP3D
CSF doesn't work per a domain basis.