Search found 809 matches

by Sergio
10 Jun 2020, 05:11
Forum: General Discussion (csf)
Topic: Disable notification for a specific mail box or better solution?
Replies: 3
Views: 994

Re: Disable notification for a specific mail box or better solution?

Ok, another way to handel this. If what you want is just not to receive the tons of emails of the account being blocked, enter webmail for the account that is receiving this notifications. On the main page of the webmail (don't enter into the mail manager) in there could be an option to create "...
by Sergio
09 Jun 2020, 19:44
Forum: General Discussion (csf)
Topic: LFD ignoring mod_security
Replies: 6
Views: 1628

Re: LFD ignoring mod_security

Nice to read that it is working, congrats.

Sergio
by Sergio
09 Jun 2020, 00:53
Forum: General Discussion (csf)
Topic: Blocking Wordpress Login and xmlprc attacks with LFD
Replies: 28
Views: 42803

Re: Blocking Wordpress Login and xmlprc attacks with LFD

@FutherForward20 Do you have the file: /etc/apache2/logs/error_log in your server? if you do, please do the following as root: less /etc/apache2/logs/error_log | grep "77.zzz.zzz.100" (change .zzz.zzz. for the real numbers of your VPN) and post one of the lines of what you got, don't forge...
by Sergio
08 Jun 2020, 05:22
Forum: General Discussion (csf)
Topic: LFD ignoring mod_security
Replies: 6
Views: 1628

Re: LFD ignoring mod_security

Nice, the rule is ok if it works, :-)
I just would use "\s" instead of "\s+" if there is only one space between words, but is not important.
I always use regex101.com to check my REGEX and to see the speed of the rule.

Sergio
by Sergio
08 Jun 2020, 03:53
Forum: General Discussion (csf)
Topic: Disable email for certain alerts
Replies: 3
Views: 946

Re: Disable email for certain alerts

Ok, open your CSF Configuration and search for:

SECURITY WARNING
================
LF_EMAIL_ALERT

Sergio
by Sergio
08 Jun 2020, 03:43
Forum: General Discussion (csf)
Topic: LFD ignoring mod_security
Replies: 6
Views: 1628

Re: LFD ignoring mod_security

For me it is better to find ModSec blocks info on /etc/apache2/logs/error_log

Check if you have that file and you can use that file to write your own rule at:
/usr/local/csf/bin/regex.custom.pm

Sergio
by Sergio
08 Jun 2020, 03:03
Forum: General Discussion (csf)
Topic: Disable email for certain alerts
Replies: 3
Views: 946

Re: Disable email for certain alerts

Access the account with webmail, in webmail on the front page enter into "Email Filters" and create there a rule to delete the emails that you don't want to receive. Example: SUBJECT CONTAINS blocked AND BODY MATCHES REGEX auth failed|Failed password for root|Incorrect authentication data ...
by Sergio
08 Jun 2020, 02:51
Forum: General Discussion (csf)
Topic: Disable notification for a specific mail box or better solution?
Replies: 3
Views: 994

Re: Disable notification for a specific mail box or better solution?

If you still have the password for that email, go to cPanel recreate the account with the old password. Then access the "Manage an Email Account" for that specific account and set the following: Restrictions Receiving Incoming Mail: Suspend Sending Outgoing Email: Suspend Logging In: Allow...
by Sergio
07 Jun 2020, 04:18
Forum: General Discussion (csf)
Topic: Blocking or Identifying bad IPs
Replies: 1
Views: 731

Re: Blocking or Identifying bad IPs

I haven't seen this option in CSF. But you can do the following: - When an attack to xmlrpc.php is blocked, you can send the reportl to an email address of yours from all the servers you have. - Create a bash script that reads all the emails each 15 minutes and get the offending IPs and add the IPs ...
by Sergio
07 Jun 2020, 03:59
Forum: General Discussion (csf)
Topic: Blocking connections without blocking e-mail
Replies: 11
Views: 2828

Re: Blocking connections without blocking e-mail

I didn't mean all your attacks, lol.
Just paste an example.