Search found 1040 matches

by Sergio
14 Dec 2023, 02:26
Forum: General Discussion (csf)
Topic: Trying to ignore a Perl script, but still getting alerts
Replies: 3
Views: 3047

Re: Trying to ignore a Perl script, but still getting alerts

Great to know it worked for you, your welcome.
by Sergio
13 Dec 2023, 03:36
Forum: General Discussion (csf)
Topic: Trying to ignore a Perl script, but still getting alerts
Replies: 3
Views: 3047

Re: Trying to ignore a Perl script, but still getting alerts

Try this instead:

Code: Select all

 cmd:/usr/bin/perl /home/example/public_html/cgi-bin/cart.cgi
Sergio
by Sergio
09 Dec 2023, 02:39
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 92
Views: 1857886

REGEX Rule to block census.shodan.io

This rule blocks any connection from census.shodan.io. (I really don't like attacks from these servers) # BLOCKING CENSUS SHODAN if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s\S+\sSMTP\s\D+from\s\S+(?>\.census\.shodan\.io|\.censys\-scanner\.com)\s\[(\S+)\]/i)) { return ("",$1,...
by Sergio
06 Dec 2023, 02:56
Forum: Suggestions (csf)
Topic: Please add instructions on how to migrate to a new server
Replies: 4
Views: 10658

Re: Please add instructions on how to migrate to a new server

Do you have CXS installed or MailScanner?
by Sergio
23 Nov 2023, 20:38
Forum: General Discussion (csf)
Topic: Suspicious process running
Replies: 1
Views: 3965

Re: Suspicious process running

First of all, you don't need to copy all the log lines, just a few ones are needed. I recommend you to add one of the following lines in csf.pignore: REGEX for any version of ea-php: pexe:/opt/cpanel/ea\-php\d+/root/usr/sbin/php\-fpm Rule just for ea-php81: exe:/opt/cpanel/ea-php81/root/usr/sbin/php...
by Sergio
17 Nov 2023, 03:50
Forum: General Discussion (csf)
Topic: csf CC_DENY country blocking delayed filling of IPSETs
Replies: 1
Views: 2587

Re: csf CC_DENY country blocking delayed filling of IPSETs

One easy way to block Countries is using cPhulk.
Enable it on your server, then go to the BLACK LIST by Country and you can block all the ones that you don't want.

Also, you can add range of IPs that you don't want them to access your server.
by Sergio
15 Nov 2023, 16:43
Forum: MailScanner Front-End
Topic: Please add the SUBJECT COUNT into MSFE statistics, please.
Replies: 1
Views: 3667

Please add the SUBJECT COUNT into MSFE statistics, please.

Sarah, Would you be kind to check the possibility to add a "SUBJECT COUNT" into MSFE Statistics, please? It will be great if it could send a warning mail when more that 100 emails (or threshold defined by admin) with the same subject are sent, this will help to track any email account that...
by Sergio
13 Nov 2023, 18:59
Forum: MailScanner Front-End
Topic: usage question
Replies: 5
Views: 3151

Re: usage question

To answer your quesions: first of all i want to know if this is server wide block Yes, it is. ...and also if there is window in GUi or command to check all blacklisted address Yes, the MailScanner Front End in WHM. One more thing that you can use is WHM, go to: FILTER INCOMING EMAILS BY DOMAIN and a...
by Sergio
03 Nov 2023, 00:45
Forum: General Discussion (csf)
Topic: I need help with a custom log
Replies: 1
Views: 1382

Re: I need help with a custom log

Your regex is not well constructed to work with the LOG line that you are posting. You have escape "[" and "]". You missed "i" at "/))", it should be "/i))". There is no "@" in the log line. The IP is better to have in just one "\d+&qu...