ConfigServer Community Forum

I had the same issue and what I did in cPanel was to create an email filter to delete those emails and for me that was the only way to get rid of them.

The best way to go is to create your own SPAMASSASSIN RULE and tell your cPanel customers not to add their own domains in MailScanner WhiteList. I mean, if the hacker is impersonating you and you have your own domain in your MailScanner White List, then the spoofed email will go thru. So, if you cus...

ok, this will help you:
in csf.pignore add:

exe:/opt/cpanel/ea-php74/root/usr/bin/php

Try this:

Try the following REGEX instead:

Just curious,
Why did you wrote those " * " on the following line?

pcmd:*/usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/wpt-wp-cli\.php*

Have you tried to add those IPs at CSF.IGNORE?

@Sergio - here is another IP from the same domain that has been blocked. There are hundreds of similar lines, so I copied all the ones that were different from each other. On another note, I don't understand why this is so challenging to do on CSF. On other FWs, you can simply put in a rule that es...

@rolinger, the provided log lines can't help to block the IP at the first attempt, they are shown only when the IP has been blocked after (in your case) 5 failures. So, in your CSF go to to "Search System Logs" and select /var/log/messages and do a search for the IP 34.223.64.89 and give m...

You can create a rule and add it to /usr/local/csf/bin/

If you can provide a log line from a recent attack, write it here and I will help you to create the CSF rule needed or an Spamassasin rulte for the same.

Sergio