ConfigServer Community Forum

I would say maybe using something like this unless someone else has a better idea. You could deny services, port access to many countries attacking your server by just using their country codes. # This option denies access from the following countries to specific ports # listed in CC_DENY_PORTS_TCP ...

Nope - just uses more resources and at times creates more watches.

So if you have enough resources and fast cpus and SSDs you should be fine.

Do you use modsecurity? If not consider installing OWASP rules or Comodo WAF ruleset both which are free. Usually they upload via a outdated plugin or some flaw in one. If not that then if you have no modsecurity then your server is vulnerable. Best to have Firewall + Modsecurity + CXS + ClamAV with...

Not entirely sure what the cause could be. But I would recommend you go through each setting in your csf.conf. Also are you using ipset? if not then if you have alot of blocklists enabled that could cause some slowness. Also is CSF monitoring alot of CUSTOM log locations? May be too many logs to be ...

Noticed tons of files with kindex.php and windex.php and wikindex.php plus many more. Created a list and here are the md5sum and regex. Add and try out if you like. # Added 22/02/2021 regall:quarantine:Pwnd By NekoBot! md5sum:quarantine:e421e55e907fcbafe575c918214140b8 md5sum:quarantine:4355572862fb...

I think you add

hdir:*/wp-content/cache/

to cxs.ignore

I stand to be corrected. Test it if you like and see?

I think we experienced a similar issue before using the CC_IGNORE feature where we would like a country and customers IPs would still be blocked I think if they existed in those CXS lists.

I am not to sure if there is way but hopefully someone has an idea how to do so.

I use the following on our cpanel servers. Not sure if it is the same for you but it definitely helps us and stops tons a day: # XMLRPC if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) { return ("WP XMLPRC Attack",$1,"XMLRPC...

Here are some MD5sum fiels we added yesterday. Mostly uploaded mailer scripts trying to spam from server but a few were also wordpress hacking scripts. The filenames were wpz-load.php, mindex.php, ROOT.php, and many weird russian filenames I can't remember. md5sum:quarantine:0b138d902d6aea94ff386a70...

Today we had two servers blacklisted due to spam originating from contact is pages on Joomla websites that are not using captchas. Now informing customers to do so sometimes takes time and they done even do it. So we decided to look into a way that will stop it from happening all servers without the...