Search found 36 matches
- 05 Nov 2020, 05:02
- Forum: General Discussion (csf)
- Topic: (CSF) Check for IPs In RBLs ,not responding
- Replies: 3
- Views: 4062
Re: (CSF) Check for IPs In RBLs ,not responding
Did you guys figure it out yet? Think I have same problem.
- 11 May 2020, 06:15
- Forum: General Discussion (cxs)
- Topic: CXS Causing higher than usual server load
- Replies: 1
- Views: 5342
Re: CXS Causing higher than usual server load
I think CXSwatch is the culprit as it checks every file on the server when modified etc and new files.
So note also if your server has tons of files changing and its not an SSD or CPU is too weak and cannot keep up then load will go up.
Look at that aswell = just a tip.
So note also if your server has tons of files changing and its not an SSD or CPU is too weak and cannot keep up then load will go up.
Look at that aswell = just a tip.
- 11 May 2020, 06:13
- Forum: General Discussion (cxs)
- Topic: CXS and the cPanel Transfer Tool
- Replies: 1
- Views: 3886
Re: CXS and the cPanel Transfer Tool
Maybe check if you have cxs blocks enabled as it adds ip lists to CSF. In otherwords check /etc/cxs/cxs.blocklists and comment all the lists. Restart CSF and retry Alternatively check for your server IPs in the list https://download.configserver.com/reputation/all.txt Note you can only download that...
- 11 May 2020, 06:10
- Forum: General Discussion (cxs)
- Topic: IP Reputation Poopulation
- Replies: 3
- Views: 6494
Re: IP Reputation Poopulation
I've had the same issue but we notice enabling the individual lists like LF_SMTP seem to block very nicely
So we enabled the following:
CXS_LF_SSHD
CXS_LF_FTPD
CXS_LF_SMTPAUTH
CXS_LF_CXS
Works quiet well for us atleast and load has gone down ALOT.
So we enabled the following:
CXS_LF_SSHD
CXS_LF_FTPD
CXS_LF_SMTPAUTH
CXS_LF_CXS
Works quiet well for us atleast and load has gone down ALOT.
- 01 Nov 2017, 12:34
- Forum: General Discussion (cmc)
- Topic: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied
- Replies: 3
- Views: 10580
Re: Failed to access DBM file "/var/cpanel/secdatadir/ip": Permission denied
This is not a config server issue. It is an Apache APR Util issue as per:
https://www.purehacking.com/blog/josh-z ... ize-limits
https://www.purehacking.com/blog/josh-z ... ize-limits
- 11 Jun 2015, 09:33
- Forum: General Discussion (csf)
- Topic: Help with custom regex rules
- Replies: 42
- Views: 29957
Re: Help with custom regex rules
I checked now and the regex is : #mod_security v2 (audit_log) if (($config{LF_MODSEC}) and ($lgfile eq $config{MODSEC_LOG}) and ($line =~ /^\[modsecurity\] \[client (\S+)\] (.*) Access denied with (code|connection)/)) { $ip = $1; $acc = ""; $ip =~ s/^::ffff://; if (&checkip($ip)) {retu...
- 11 Jun 2015, 08:54
- Forum: General Discussion (csf)
- Topic: Help with custom regex rules
- Replies: 42
- Views: 29957
Re: Help with custom regex rules
I need assistance on a regex to block this via CSF say after 5 failed attempts : [Thu Jun 11 08:45:40.512566 2015] [:error] [pid 40857:tid 140173587228416] [client 168.63.216.42] ModSecurity: [file "/usr/local/apache/conf/modsec2.user.conf"] [line "37"] [id "5000135"] [...
- 06 Feb 2015, 10:05
- Forum: General Discussion (cxs)
- Topic: Trying to lower load for CXS
- Replies: 1
- Views: 3370
Trying to lower load for CXS
I think I got it to lower load a bit but now I'm noticing something strange with CXS watch: This is CXS watch configuration: /usr/sbin/cxs --Wstart --allusers --www --smtp -I /etc/cxs/cxs.ignore --options M --qoptions Mv --quarantine /cxs/scan/ --Wmaxchild 3 --nofallback --Wloglevel 0 --Wsleep 15 --...
- 29 Sep 2014, 18:10
- Forum: General Discussion (csf)
- Topic: Any reason why modsec rules not being blocked anymore?
- Replies: 2
- Views: 3328
Re: Any reason why modsec rules not being blocked anymore?
Thanks you are absolutely right.
Had to change modsec_log = /etc/httpd/logs/error_log
Now it's blocking them nicely.
Yippee
Had to change modsec_log = /etc/httpd/logs/error_log
Now it's blocking them nicely.
Yippee
- 29 Sep 2014, 15:20
- Forum: General Discussion (csf)
- Topic: Any reason why modsec rules not being blocked anymore?
- Replies: 2
- Views: 3328
Any reason why modsec rules not being blocked anymore?
Hi all, Weird one I noticed today is that none of my mod security rules are being blocked anymore? I have LF_MODSEC set to 3. Is there something else I'm missing? For eg. [Mon Sep 29 16:14:09.069556 2014] [:error] [pid 982245:tid 140548245526272] [client 96.47.226.20] ModSecurity: Access denied with...