Search found 816 matches

by Sergio
19 May 2021, 16:34
Forum: General Discussion (csf)
Topic: CSF / Asterisk
Replies: 36
Views: 17545

Re: CSF / Asterisk

Thank you!
If you could change to Sergio C, it will be great as I am not related in any way to CSF, I am just a member of the Forum that likes a lot CSF that I think is a great FireWall.

Sergio
by Sergio
19 May 2021, 16:05
Forum: General Discussion (csf)
Topic: Turn off Excessive resource usage email notification
Replies: 3
Views: 586

Re: Turn off Excessive resource usage email notification

Ok, then do the following: - Using webmail enter into the email address where you receive the emails. - On the main page, enter into "Email Filtering". - Enter into Create New Filter. - On the following page on the first line write a name for the filter you are creating. - On the next line...
by Sergio
19 May 2021, 15:09
Forum: General Discussion (csf)
Topic: Logs
Replies: 3
Views: 654

Re: Logs

You should :)
the one that is installed by ConfigServer is a great tool.

Ok, then in CSF under the "Search System Logs", try to find the IP.
Also, you can search for the IP on the ModSecurity area of your server.
by Sergio
19 May 2021, 15:03
Forum: General Discussion (csf)
Topic: CSF / Asterisk
Replies: 36
Views: 17545

Re: CSF / Asterisk

Here is the new rule but before using it, please read the disclaimer: "I don't assume any responsibility if you use the following rule, use it at your own discretion." Please, before using it made some test to see if it works for you. Also, if you see that the rule works for you, please do...
by Sergio
19 May 2021, 07:02
Forum: General Discussion (csf)
Topic: Custom Regex for Postfix SASL Auth attacks
Replies: 1
Views: 733

Re: Custom Regex for Postfix SASL Auth attacks

Hi. Try this one: if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =/^\S+\s+\S+\s+\S+ myserver postfix\/smtps\/smtpd\[\d+\]\: warning\: unknown\[(\S+)\]\: SASL LOGIN authentication failed\: \S+/)) { return ("Failed SASL login from",$1,"SecmasSASL","1","","...
by Sergio
19 May 2021, 06:44
Forum: General Discussion (csf)
Topic: CSF / Asterisk
Replies: 36
Views: 17545

Re: CSF / Asterisk

Hi, all.
Wow 7 years ago around the same day, how fast time pass by.
How many people are using my rule? That will be great to know.

In order to create a new rule I need:
- a few log lines of the error message(s).
- what info should the rule show when it is added to CSF?

Sergio
by Sergio
19 May 2021, 05:47
Forum: General Discussion (csf)
Topic: Diferents users to use for unblock IP's
Replies: 1
Views: 499

Re: Diferents users to use for unblock IP's

To unblock IPs you need to access the server as root to proceed. So,if you want different users to unblock IPs, them will need to be logged as root. If you don't want to give them a root access, one work around could be to write a code where when an email is send to a defined email address, the scri...
by Sergio
19 May 2021, 05:35
Forum: General Discussion (csf)
Topic: [CSF+LFD, IPtables] Used CSF for limiting Port access on Remote Machine on CentOS-7-x64 to specific IPv4, NOT working?
Replies: 3
Views: 966

Re: [CSF+LFD, IPtables] Used CSF for limiting Port access on Remote Machine on CentOS-7-x64 to specific IPv4, NOT workin

Just as a test, try to give a 1 hour access to all ports to the specific IP using the "Temporary" option in CSF and check if that works.
by Sergio
19 May 2021, 05:19
Forum: General Discussion (csf)
Topic: Turn off Excessive resource usage email notification
Replies: 3
Views: 586

Re: Turn off Excessive resource usage email notification

Are the emails sent by CSF or by cPanel? Any way, you can add an email rule to delete that emails and you will never get them. Enter into your cPanel, go to the email address where you receive the notifications and enter into the option "EMAIL FILTER" create there the rule and set it to de...
by Sergio
19 May 2021, 05:16
Forum: General Discussion (csf)
Topic: Logs
Replies: 3
Views: 654

Re: Logs

Hi, Steve.
The first thing I always check is on MailScanner for the subject containing the IP, something like this:
subjec contains tblocked 203.57.138.20
then just check the body of the email and you will have the info that you need.

Sergio