Write a full log line of what you want to block and I will help you to do the regex.
Sergio
Search found 1044 matches
- 25 Sep 2023, 20:01
- Forum: General Discussion (csf)
- Topic: Regex not working in custom log
- Replies: 7
- Views: 1625
- 25 Sep 2023, 19:49
- Forum: General Discussion (csf)
- Topic: Distributed IPs attack over large timespan
- Replies: 1
- Views: 1021
Re: Distributed IPs attack over large timespan
One option could be to use cPhulk to block those attacks.
Also, you can create your own script to block a 0/24 if more than 10 different IPs from the same 0/24 range are attacking your server.
Also, you can create your own script to block a 0/24 if more than 10 different IPs from the same 0/24 range are attacking your server.
- 07 Sep 2023, 16:56
- Forum: General Discussion (csf)
- Topic: How to force to reload a blocklist?
- Replies: 4
- Views: 1359
Re: How to force to reload a blocklist?
You're welcome.
- 06 Sep 2023, 15:00
- Forum: General Discussion (csf)
- Topic: How to force to reload a blocklist?
- Replies: 4
- Views: 1359
Re: How to force to reload a blocklist?
yes, in CSF are the instructions for this:
# After making any changes to this file you must restart csf and then lfd
#
# If you want to redownload a blocklist you must first delete
# /var/lib/csf/csf.block.NAME and then restart csf and then lfd
- 06 Sep 2023, 05:51
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 93
- Views: 2020947
Re: Custom REGEX rules for CSF.
Are you suffering phishing attacks with the email subject "I RECORDED YOU!" or "your account is hacked"? If you have ConfigServer MailScanner FE in your server then create an spamassassin file at: /etc/mail/spamassassin/ With the file name: blacksubjects.cf Write on that file the...
- 23 Aug 2023, 14:27
- Forum: General Discussion (csf)
- Topic: How to stop logging ICMP_IN, UDP_IN, UDP_OUT blocked messages in kern.log?
- Replies: 5
- Views: 1368
Re: How to stop logging ICMP_IN, UDP_IN, UDP_OUT blocked messages in kern.log?
ok, for me is that this will be no logged and not reported to you, that is what you asked for on your first message:
"How can also block the logging of the above messages?"
My fault if I miss understood your request, sorry.
"How can also block the logging of the above messages?"
My fault if I miss understood your request, sorry.
- 23 Aug 2023, 13:57
- Forum: General Discussion (csf)
- Topic: How to stop logging ICMP_IN, UDP_IN, UDP_OUT blocked messages in kern.log?
- Replies: 5
- Views: 1368
Re: How to stop logging ICMP_IN, UDP_IN, UDP_OUT blocked messages in kern.log?
@ktp,
you wrote:
# If a log line matches it will be ignored, otherwise it will be reported
you wrote:
Well, that is exactly what you asked for:How can also block the logging of the above messages?
# If a log line matches it will be ignored, otherwise it will be reported
- 21 Aug 2023, 05:36
- Forum: General Discussion (csf)
- Topic: How to ignore wp-toolkit process?
- Replies: 13
- Views: 2646
Re: How to ignore wp-toolkit process?
You can do it simpler, just write \d+ instead of [74|80|81], using \d+ you will take care of any PHP version old or future.
Happy Birthday!
Happy Birthday!
- 21 Aug 2023, 05:34
- Forum: General Discussion (csf)
- Topic: Whtielsiting on Ubuntu Not Working
- Replies: 5
- Views: 1361
Re: Whtielsiting on Ubuntu Not Working
When this happens, and if cPhulk is enabled on your server, try to check if the IP is not blocked by cPhulk.
I had a similar issue and after checking everything I found that cPhulk was blocking the IPs not CSF.
I had a similar issue and after checking everything I found that cPhulk was blocking the IPs not CSF.
- 21 Aug 2023, 05:25
- Forum: General Discussion (csf)
- Topic: How to stop logging ICMP_IN, UDP_IN, UDP_OUT blocked messages in kern.log?
- Replies: 5
- Views: 1368
Re: How to stop logging ICMP_IN, UDP_IN, UDP_OUT blocked messages in kernel.log?
Have you tried to add them to /etc/csf/csf.logignore
Sergio
Sergio