Search found 46 matches

by peterelsner
13 Dec 2012, 22:52
Forum: General Discussion (csf)
Topic: 60 logins per hour in 3600 second interval
Replies: 1
Views: 3104

Re: 60 logins per hour in 3600 second interval

Are they checking from multiple devices? IE: computer, phone, tablet... each one will be a login and if they are checking every 3 to 5 minutes on phone and every 3 to 5 minutes on computer etc... Then that will quickly add up.
by peterelsner
28 Nov 2012, 18:38
Forum: General Discussion (csf)
Topic: Cannot start CSF
Replies: 3
Views: 3617

Re: Cannot start CSF

This is just a guess, but It seems that some of the iptable modules are missing from your vps. Make sure the following modules are loaded: ipt_MASQUERADE ipt_helper ipt_REDIRECT ipt_state ipt_TCPMSS ipt_LOG ipt_TOS tun iptable_nat ipt_length ipt_tcpmss iptable_mangle ipt_limit ipt_tos iptable_filter...
by peterelsner
20 Nov 2012, 21:47
Forum: Suggestions (cxs)
Topic: Send mail to scripts owner (victims)
Replies: 13
Views: 19367

Re: Send mail to scripts owner (victims)

This does not appear to be working properly... I've created the template to look like this: From: support@XXXXX.COM To: [user] CC: [to] Subject: Security Scan detected possible infection. (Hits:[hits]) (Viruses:[viruses]) (Fingerprints:[fingerprints]) Time : [time] User Contact: [user] Our security ...
by peterelsner
27 Aug 2012, 19:07
Forum: General Discussion (cxs)
Topic: plupload.silverlight.xap <- is it safe?
Replies: 14
Views: 16342

Re: plupload.silverlight.xap <- is it safe?

Yes it is. Thank you very much.
by peterelsner
03 Aug 2012, 16:07
Forum: Suggestions (csf)
Topic: LFD Feature Request: Slow Attack Check
Replies: 1
Views: 3160

Re: LFD Feature Request: Slow Attack Check

I just found 2 IP addresses from Romania, that were sending spam from 4 different, compromised email accounts.
Wonder if this is how they got the login credentials for email??
by peterelsner
03 Aug 2012, 15:51
Forum: Suggestions (cxs)
Topic: Send mail to scripts owner (victims)
Replies: 13
Views: 19367

Re: Send mail to scripts owner (victims)

+1 on this. I think it would be great, if cxs would grab the owners email address (from /var/cpanel/users/username file) and send them an email (that we can customize) that says something like: Our security scanner detected an infection on your site recently and the file has been quarantined. Please...
by peterelsner
19 Jul 2012, 19:21
Forum: General Discussion (cxs)
Topic: plupload.silverlight.xap <- is it safe?
Replies: 14
Views: 16342

Re: plupload.silverlight.xap <- is it safe?

So back to the md5sum feature... I have this in my cxs.ignore file # f3c8aaf882d1ed25a7f5fe7fd2ee4d9d is the plupload.silverlight.xap file md5sum:f3c8aaf882d1ed25a7f5fe7fd2ee4d9d hfile:plupload.silverlight.xap hfile:plupload.silverlight.dll Yet I still receive the following email daily: cxswatch Sca...
by peterelsner
04 Jun 2012, 21:09
Forum: Suggestions (csf)
Topic: csf security scan getting wrong PHP version?
Replies: 1
Views: 4010

csf security scan getting wrong PHP version?

So just updated one of the servers to the latest csf. csf v5.55 Ran a "Check Server Security" scan and under PHP Version info it says this: Check php version (/usr/local/bin/php) WARNING Any version of PHP (Current: v4.*) older than v5.3.* is now obsolete and should be considered a securit...
by peterelsner
01 Jun 2012, 22:25
Forum: Suggestions (cmm)
Topic: Hourly limit is not compatilbe with 11.32.2
Replies: 7
Views: 10030

Re: Hourly limit is not compatilbe with 11.32.2

Still getting this when changing hourly limit for a domain using mail manage...

/scripts/updateemail_limits xxxxxxxx
This command is deprecated, please run /usr/local/cpanel/scripts/updateuserdomains instead
Executing /usr/local/cpanel/scripts/updateuserdomains ...

Changes saved.
by peterelsner
25 May 2012, 22:35
Forum: General Discussion (cxs)
Topic: plupload.silverlight.xap <- is it safe?
Replies: 14
Views: 16342

Re: plupload.silverlight.xap <- is it safe?

Doh... Ignore my question on the hfile deal. I just realized how that's supposed to work :)

Still do need an answer on the md5sum: however. I think I'm doing that correctly, not 100% sure though.