Are you using ModSecurity?
Does ModSecurity gives you the rule number that the offending IPs are triggering?
If so, then you can block the attacks in realtime creating your own CSF rules.
Sergio
Search found 1044 matches
- 03 Feb 2024, 01:18
- Forum: General Discussion (csf)
- Topic: Barracuda RBL download anywhere or other comparable?
- Replies: 1
- Views: 382
- 25 Jan 2024, 20:57
- Forum: MailScanner
- Topic: Out of the box spam filters trapping MORE than MailScanner
- Replies: 1
- Views: 2091
Re: Out of the box spam filters trapping MORE than MailScanner
The best thing is to create your own spamassassin rules for the spam that is not catched by MSFE and assign a very high score. Then create rules for CSF (firewall) to block the server that sent the spam and at last another CSF script to check if more that 10 IPs from the same IP range have been send...
- 25 Jan 2024, 20:41
- Forum: General Discussion (csf)
- Topic: Allow specific country for specific user
- Replies: 3
- Views: 599
Re: Allow specific country for specific user
Yes, try adding that specific IP on the ALLOWED IP list
Sergio
Sergio
- 24 Jan 2024, 17:30
- Forum: MailScanner Front-End
- Topic: Please add a global domain button for block or allow in MSFE.
- Replies: 0
- Views: 743
Please add a global domain button for block or allow in MSFE.
Righ now MailsCanner Front-End just have 4 buttons when checking an email, they are: BLACKLIST EMAIL, BLACKLIST DOMAIN, WHITELIST EMAIL and WHITELIST DOMAIN. Would you please consider 2 more: BLACKLIST *.DOMAIN AND WHITELIST *.DOMAIN ? Right now there a thousand of attacks from domains like: root@bn...
- 23 Jan 2024, 12:39
- Forum: General Discussion (csf)
- Topic: Zone file error
- Replies: 2
- Views: 1431
Re: Zone file error
Another way to fix this could be to edit the entry at:
/var/lib/csf/zone/us.zone
from this 104.171.32.0/ to 104.171.32.0/20
/var/lib/csf/zone/us.zone
from this 104.171.32.0/ to 104.171.32.0/20
- 31 Dec 2023, 14:42
- Forum: General Discussion (csf)
- Topic: One computer on the local network blocked, but not others
- Replies: 3
- Views: 3261
Re: One computer on the local network blocked, but not others
Yes, in her computer go to:
settings -> system -> about
if it has not been changed by her, it should appear something like per example: DESKTOP-03TITAJ
and that name is what you could search for in all /usr/local/cpanel/logs/ files, hope that will give you a hint on where is the issue.
settings -> system -> about
if it has not been changed by her, it should appear something like per example: DESKTOP-03TITAJ
and that name is what you could search for in all /usr/local/cpanel/logs/ files, hope that will give you a hint on where is the issue.
- 30 Dec 2023, 20:02
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 93
- Views: 2019287
Re: Custom REGEX rules for CSF.
see above post
- 30 Dec 2023, 19:59
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 93
- Views: 2019287
Re: Custom REGEX rules for CSF.
HAPPY NEW YEAR EVERYBODY!!! I want to share an SPAM ASSASSIN Rule that I am sure you will like it, I know here is not the place to add SPAMASSASSIN rules as this forum was for CSF REGEX rules, but I am sure you will like it. Details: A lot of spam have entered into my servers coming from OUTLOOK IP ...
- 30 Dec 2023, 19:33
- Forum: General Discussion (csf)
- Topic: One computer on the local network blocked, but not others
- Replies: 3
- Views: 3261
Re: One computer on the local network blocked, but not others
Hi.
One way to find what is bloking that computer is to check log files searching for computer name not by the IP, give it a try.
Sergio
One way to find what is bloking that computer is to check log files searching for computer name not by the IP, give it a try.
Sergio
- 19 Dec 2023, 03:14
- Forum: General Discussion (cmc)
- Topic: Mod_security is not blocking
- Replies: 5
- Views: 4089
Re: Mod_security is not blocking
You can add rules for CSF on the file: /usr/local/csf/bin/regex.custom.pm and after you add your rules you have to restart LFD in order for them to start working. Be very carful adding rules in there as a bad written rule can make your server down. Please read CSF readme file to know about this. Ser...