ConfigServer Community Forum

peterelsner

Are they checking from multiple devices? IE: computer, phone, tablet... each one will be a login and if they are checking every 3 to 5 minutes on phone and every 3 to 5 minutes on computer etc... Then that will quickly add up.

peterelsner

This is just a guess, but It seems that some of the iptable modules are missing from your vps. Make sure the following modules are loaded: ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS tun iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter...

peterelsner

This does not appear to be working properly... I've created the template to look like this: From: support@XXXXX.COM To: [user] CC: [to] Subject: Security Scan detected possible infection. (Hits:[hits]) (Viruses:[viruses]) (Fingerprints:[fingerprints]) Time : [time] User Contact: [user] Our security ...

peterelsner

Yes it is. Thank you very much.

peterelsner

I just found 2 IP addresses from Romania, that were sending spam from 4 different, compromised email accounts.
Wonder if this is how they got the login credentials for email??

peterelsner

+1 on this. I think it would be great, if cxs would grab the owners email address (from /var/cpanel/users/username file) and send them an email (that we can customize) that says something like: Our security scanner detected an infection on your site recently and the file has been quarantined. Please...

peterelsner

So back to the md5sum feature... I have this in my cxs.ignore file # f3c8aaf882d1ed25a7f5fe7fd2ee4d9d is the plupload.silverlight.xap file md5sum:f3c8aaf882d1ed25a7f5fe7fd2ee4d9d hfile:plupload.silverlight.xap hfile:plupload.silverlight.dll Yet I still receive the following email daily: cxswatch Sca...

peterelsner

So just updated one of the servers to the latest csf. csf v5.55 Ran a "Check Server Security" scan and under PHP Version info it says this: Check php version (/usr/local/bin/php) WARNING Any version of PHP (Current: v4.*) older than v5.3.* is now obsolete and should be considered a securit...

peterelsner

Still getting this when changing hourly limit for a domain using mail manage...

/scripts/updateemail_limits xxxxxxxx
This command is deprecated, please run /usr/local/cpanel/scripts/updateuserdomains instead
Executing /usr/local/cpanel/scripts/updateuserdomains ...

Changes saved.

peterelsner

Doh... Ignore my question on the hfile deal. I just realized how that's supposed to work

Still do need an answer on the md5sum: however. I think I'm doing that correctly, not 100% sure though.

ConfigServer Community Forum

Search found 46 matches

Re: 60 logins per hour in 3600 second interval

Re: Cannot start CSF

Re: Send mail to scripts owner (victims)

Re: plupload.silverlight.xap <- is it safe?

Re: LFD Feature Request: Slow Attack Check

Re: Send mail to scripts owner (victims)

Re: plupload.silverlight.xap <- is it safe?

csf security scan getting wrong PHP version?

Re: Hourly limit is not compatilbe with 11.32.2

Re: plupload.silverlight.xap <- is it safe?