ConfigServer Community Forum

In the mean time, What about adding in CXS something that could check if any script has some refers to syslog/rsyslog? just to start. I know it is not a big issue right now, but now that there are a few places that are talking about this, I imagine that a lot of hackers will be trying to get that pi...

Before I read the post I was trying to see if there could be a kind of hash code that syslog could add to every line truly generated by the server, right now lines comes on the way of: Jan 31 10:51:17 server1 named[13015]: client 92.46.218.238#57368: view external: query (cache) 'alt2.aspmx.l.google...

Thanks!
In your opinion, what is the best option to use?

After new CSF ver. 6.41 CSF is not blocking FTP failed attempts, I have the following config: RESTRICT_SYSLOG = 1 LF_FTPD = 4 LF_FTPD_PERM = 1 But now LFD report is showing the following attempts: Jan 29 21:02:40 server pure-ftpd: (?@212.99.45.168) [WARNING] Authentication failed for user [Administr...

Thank you, qchost, I have added these to the sticky.

Regards,

Sergio

It worked like a charm, thanks.

I will not forget to add the IP on future rules.

Regards,

Sergio

Thanks for your reply, certainly I will try it right away.

The weird thing is that my other rules are working without adding that, I will post the results.

Regards,

Sergio

Hi Jonathan / Sarah, I have declared the following custom rule in regex.custom.pm and it is not working: if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\S+\s+dovecot\wlogin authenticator failed for \(ylmf\-pc/)) { return ("smtp_auth attack",$1,"SMTPYLMF","1"...

Just add to csf.pignore:
exe:/bin/tar

CSF doesn't work per a domain basis.