Search found 1040 matches

by Sergio
29 Oct 2023, 21:12
Forum: General Discussion (csf)
Topic: Opening port on specific server ip.
Replies: 1
Views: 1074

Re: Opening port on specific server ip.

Try to add "out" as well.
by Sergio
29 Oct 2023, 21:01
Forum: General Discussion (csf)
Topic: alert.txt emails not being sent/arriving
Replies: 4
Views: 3791

Re: alert.txt emails not arriving

. . . We have configured the alert template (/usr/local/csf/tpl/alert.txt) on multiple servers to send email to a particular email account This has been working fine for a number of years. All of a sudden on one server it no longer works. We are puzzled as to why this would be the case. . . . If yo...
by Sergio
15 Oct 2023, 19:20
Forum: MailScanner
Topic: Use Mailscanner to Filter Subject Text
Replies: 11
Views: 12831

Re: Use Mailscanner to Filter Subject Text

If you want, you can do rules like this, per example for bitcoin scams: body __SERGIO_BITCOIN01 /bitcoin address can\'t be tracked/i body __SERGIO_BITCOIN02 /central intelligence agency/i body __SERGIO_BITCOIN03 /do not get money from you/i body __SERGIO_BITCOIN04 /forum in the deep web|bought from ...
by Sergio
09 Oct 2023, 22:19
Forum: MailScanner
Topic: Use Mailscanner to Filter Subject Text
Replies: 11
Views: 12831

Re: Use Mailscanner to Filter Subject Text

Hi @andyhans, in your rule you use the or command "|" (the pipe sign means "or") and add two or more subjects in the rule, per example: header SUBJ_XAMPLE Subject =~ /subject one|subject two|subject three/i score SUBJ_XAMPLE 11 describe SUBJ_XAMPLE Subject XAMPLE Or you can use t...
by Sergio
25 Sep 2023, 23:25
Forum: General Discussion (csf)
Topic: Regex not working in custom log
Replies: 7
Views: 1572

Re: Regex not working in custom log

Yes, I wanted to know exactly what you want to do.

Here is the regex that will help you:

Code: Select all

/(\S+)\s\-\s\-\s\[\d+\/\S+\d+\s\-\d+\]\s\"\S+\"\s400\s\d+\s\"\-\"/i
Sergio
by Sergio
25 Sep 2023, 21:07
Forum: General Discussion (csf)
Topic: Regex not working in custom log
Replies: 7
Views: 1572

Re: Regex not working in custom log

ok,
on that log line what are you looking for to be triggered?
Also, on that log line what do you want to receive?
by Sergio
25 Sep 2023, 20:01
Forum: General Discussion (csf)
Topic: Regex not working in custom log
Replies: 7
Views: 1572

Re: Regex not working in custom log

Write a full log line of what you want to block and I will help you to do the regex.

Sergio
by Sergio
25 Sep 2023, 19:49
Forum: General Discussion (csf)
Topic: Distributed IPs attack over large timespan
Replies: 1
Views: 985

Re: Distributed IPs attack over large timespan

One option could be to use cPhulk to block those attacks.
Also, you can create your own script to block a 0/24 if more than 10 different IPs from the same 0/24 range are attacking your server.
by Sergio
07 Sep 2023, 16:56
Forum: General Discussion (csf)
Topic: How to force to reload a blocklist?
Replies: 3
Views: 1042

Re: How to force to reload a blocklist?

You're welcome.
by Sergio
06 Sep 2023, 15:00
Forum: General Discussion (csf)
Topic: How to force to reload a blocklist?
Replies: 3
Views: 1042

Re: How to force to reload a blocklist?

yes, in CSF are the instructions for this:
# After making any changes to this file you must restart csf and then lfd
#
# If you want to redownload a blocklist you must first delete
# /var/lib/csf/csf.block.NAME and then restart csf and then lfd