Search found 80 matches
- 09 Oct 2019, 08:24
- Forum: General Discussion (csf)
- Topic: GLOBAL_DENY v blacklist
- Replies: 1
- Views: 1868
Re: GLOBAL_DENY v blacklist
Good question. I use both. Blocklists are useful resources although often incomplete. Most blocklists are accessed via DNS so only file-based BLs can be added to CSF. A Global list is arbitrary which means you can control it. I use a GLOBAL_DENY list to add troublesome IPs not caught by blocklists o...
- 09 Oct 2019, 08:09
- Forum: General Discussion (csf)
- Topic: CSF Port Block Issue
- Replies: 4
- Views: 6152
Re: CSF Port Block Issue
I hope things have been working better. It could very well be a bug, but the information provided is insufficient to verify that. To empower others here to support you, provide more specific detail regarding your configuration and settings. Sharing relevant terminal and log reports can help as well.
- 09 Oct 2019, 07:50
- Forum: General Discussion (csf)
- Topic: regex.custom.pm stopped working
- Replies: 12
- Views: 7688
Re: regex.custom.pm stopped working
What is the syntax of your port declaration? Presently: [1] { return ("SMTP error 3",$1,"exim_main_error3","1","25","14400");} Have also used: [2] { return ("SMTP error 3",$1,"exim_main_error3","1",$3,"14400")...
- 07 Oct 2019, 19:41
- Forum: General Discussion (csf)
- Topic: regex.custom.pm stopped working
- Replies: 12
- Views: 7688
Re: regex.custom.pm stopped working
Temp blocks are stored in /var/lib/csf . Don't mess with these files. Permanent blocks are stored in csfdeny to the limit of DENY_IP_LIMIT . Once the limit is reached, the oldest records will be rotated out – unless you add the text " do not delete " to the comments of an entry. On the po...
- 07 Oct 2019, 17:39
- Forum: General Discussion (csf)
- Topic: Email alert for cPanel/WHM logins
- Replies: 5
- Views: 3420
Re: Email alert for cPanel/WHM logins
*_IGNORE does exactly what it says.
Look through these forums and you will complaints on every page of listings asking, "How can I make the notifications stop?"
Also consider why you are ignoring all traffic in Italy.
Look through these forums and you will complaints on every page of listings asking, "How can I make the notifications stop?"
Also consider why you are ignoring all traffic in Italy.
- 07 Oct 2019, 17:36
- Forum: General Discussion (csf)
- Topic: Block all OUTGING traffic to specified IP
- Replies: 1
- Views: 1496
- 07 Oct 2019, 02:35
- Forum: General Discussion (csf)
- Topic: Monitoring Blocks from Blocklists
- Replies: 1
- Views: 1667
Re: Monitoring Blocks from Blocklists
How exactly did you add this list? How do you know it is not working? What are you expecting that you are not seeing? Are you using iptables or ipset?
- 06 Oct 2019, 22:37
- Forum: General Discussion (csf)
- Topic: Blocking Brute Force Same Login - Different IPs
- Replies: 1
- Views: 1924
Re: Blocking Brute Force Same Login - Different IPs
I just posted a custom rule for this in the Custom REGEX rules for CSF thread:
Weeding Out WP Whackers
HTH
Weeding Out WP Whackers
HTH
- 06 Oct 2019, 22:34
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 93
- Views: 2018382
Re: Custom REGEX rules for CSF.
404 Forever? Nope. These custom rules block IPs continually probing for sensitive pages that are missed by other methods. Be sure to check the syntax of your logs. # Works on CentOS6/7, Apache, cPanel # file crawler # 2 try; 1 day ban # CUSTOM3_LOG = "/etc/apache2/logs/error_log" if (($gl...
- 06 Oct 2019, 22:30
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 93
- Views: 2018382
Re: Custom REGEX rules for CSF.
Weed Out WP Whackers This custom rule immediately blocks any machine probing for wp-login.php or xmlrpc.php . Note: If you actually have a WP site, make sure that your IP is maintained in csf.ignore so you don't get blocked yourself. # 1 try; 1 day ban # CUSTOM3_LOG = "/etc/apache2/logs/error_...