ConfigServer Community Forum

Hello Chirpy and Sarah, just to let you know that CSF is not blocking IPs from Thailand, example: Oct XX 11:51:12 server99 lfd[11184]: (mod_security) mod_security (id:990076) triggered by 1.0.128.41 (TH/Thailand/node-15.pool-1-0.dynamic.totbb.net): 3 in the last 3600 secs - *Blocked in csf* [LF_MODS...

Resurrecting a very old thread.

If you don't write that line, mod_sec will take serial by default. So, it will be no necessary to add the line.

Modsec2.user.conf since 2010 has not changed.

Do you have an example of the log generated when the relay is generated?

would be awesome, i have like 40 in queue, because customers write in a wrong way the email :@ @Chandro, the exim delivery system has already alerted the sender of the email that the email has not been delivered, inside the email is a note saying that the system will be trying to deliver the email ...

Go to SEARCH SYSTEM LOGS and select EXIM_MAINLOG and search for a few of the offending errors and post them, may be in there will be helpful information about this.

Sergio

Have you checked the load on your server at the time this is happening?

What is the modsec rule number that is not blocked?

There a few rules that are not blocked by CSF as those are just warnings, rule 377360 is one of them.

Sergio

The way CSF works is blocking the input and output loop, that works great in case a malicious script is trying to send info out from the server, on the other hand RBL chains are set (like DSHIELD, SPAMEDROP and TOR) to use one iptable rule blocking all "*", in my own iptables I follow this...

Thank you, I will wait for the next release.

Hello Chirpy and Sarah, could it be possible to include on the details of a blocked IP in CSF.DENY made by mod_security, the rule number that was triggered by the IP? If there were a few different rules, to write the last one? This an actual line in CSF.DENY: 113.64.81.10 # lfd: (mod_security) mod_s...