ConfigServer Community Forum

please note this will only work untill the csf deny limit is reached, to ensure your rules never get deleted i recommend using the global_deny file configuration for permanant rules as it is never changed by csf

Since upgrading to 3.19, when I run the Security and Settings report in CSF I get a message saying "a fatal error or timeout occurred while processing this directive" This is on a CentOS 4.4 VPS running Cpanel 11 with Apache 1.3. confirmed on dedicated CENTOS Enterprise 4.6 i686 apache 1....

similar to my previous suggstion but prob alittle simpler. would be useful to have a whm section where one could add, edit, or remove custom rules. reason being, some hosts use many different error codes which many will trigger the default mod_security regex. a service which is locked "code 423...

i guess that does cover a wide spectrum of attacks.

just wondering, if one could create a script which submits logs to be processed by dshield or anyother ip block list, could one not create a script which would send spoofed logs rendering the end data results useless to anyone?...

i think DShield is a list of ip addresses attempting DOS (denial of service) attacks and not remote file exploit attempts which are quite commonly caught by mod_security. But you know a website which lists such attacks would be just as useful as the dshield and sorbs lists

cmm version is missing from home page. very annoying cmm change password always seems to work but returns error as well [webmaster+host-comp.com Undefined subroutine &Cpanel::EventHandler::event called at /usr/local/[cpanel_install_dir]/Email.pm line 1953. Cpanel::Email::passwdpop('[emailuser]',...

exactly what code(s) does csf recognize in the mod_security audit logs? seems some codes will trigger it while others wont.

I think it would be extremely useful if csf checked the error code of the audit_log and ban,temp_ban, or ignore based on the error code of the audit_log entry. eg. permanantly ban any 412 code on 1 connection while temp banning a 403 error code with 5 attempts for X seconds and ignoreing 406 alltoge...

we have tried this on two different CentOS4+ installs and found the following. when setting GLOBAL_DENY is set to http://anywhere.com/some_global_file_list , csf will sucessfully load new ips durring each cycle but will not remove them when ips are removed from the list. even when list is removed, a...