Search found 795 matches

by Sergio
08 Jun 2020, 03:53
Forum: General Discussion (csf)
Topic: Disable email for certain alerts
Replies: 3
Views: 871

Re: Disable email for certain alerts

Ok, open your CSF Configuration and search for:

SECURITY WARNING
================
LF_EMAIL_ALERT

Sergio
by Sergio
08 Jun 2020, 03:43
Forum: General Discussion (csf)
Topic: LFD ignoring mod_security
Replies: 6
Views: 1486

Re: LFD ignoring mod_security

For me it is better to find ModSec blocks info on /etc/apache2/logs/error_log

Check if you have that file and you can use that file to write your own rule at:
/usr/local/csf/bin/regex.custom.pm

Sergio
by Sergio
08 Jun 2020, 03:03
Forum: General Discussion (csf)
Topic: Disable email for certain alerts
Replies: 3
Views: 871

Re: Disable email for certain alerts

Access the account with webmail, in webmail on the front page enter into "Email Filters" and create there a rule to delete the emails that you don't want to receive. Example: SUBJECT CONTAINS blocked AND BODY MATCHES REGEX auth failed|Failed password for root|Incorrect authentication data ...
by Sergio
08 Jun 2020, 02:51
Forum: General Discussion (csf)
Topic: Disable notification for a specific mail box or better solution?
Replies: 3
Views: 908

Re: Disable notification for a specific mail box or better solution?

If you still have the password for that email, go to cPanel recreate the account with the old password. Then access the "Manage an Email Account" for that specific account and set the following: Restrictions Receiving Incoming Mail: Suspend Sending Outgoing Email: Suspend Logging In: Allow...
by Sergio
07 Jun 2020, 04:18
Forum: General Discussion (csf)
Topic: Blocking or Identifying bad IPs
Replies: 1
Views: 662

Re: Blocking or Identifying bad IPs

I haven't seen this option in CSF. But you can do the following: - When an attack to xmlrpc.php is blocked, you can send the reportl to an email address of yours from all the servers you have. - Create a bash script that reads all the emails each 15 minutes and get the offending IPs and add the IPs ...
by Sergio
07 Jun 2020, 03:59
Forum: General Discussion (csf)
Topic: Blocking connections without blocking e-mail
Replies: 11
Views: 2569

Re: Blocking connections without blocking e-mail

I didn't mean all your attacks, lol.
Just paste an example.
by Sergio
07 Jun 2020, 03:07
Forum: General Discussion (csf)
Topic: Blocking connections without blocking e-mail
Replies: 11
Views: 2569

Re: Blocking connections without blocking e-mail

What you need to block is the offending IP not the account.

If you can, paste the text of the failed login and rewrite sensitive info with xxxxx.

Sergio
by Sergio
07 Jun 2020, 03:04
Forum: General Discussion (csf)
Topic: Excessive resource usage: ossecr
Replies: 1
Views: 639

Re: Excessive resource usage: ossecr

If you can, paste the text that follows to the message on your image.
The text that follows is the one that is needed to know what needs to be white listed.
If there is sensitive information about an account in your server, you can replace it with xxxxx.

Sergio
by Sergio
02 Jun 2020, 19:40
Forum: MailScanner Front-End
Topic: Update rules for multiple servers
Replies: 1
Views: 1058

Re: Update rules for multiple servers

I had the same issue on my servers and I resurrected the old /usr/mailscanner/etc/mcp for my use. It works really well and you can copy and paste all the info from server to server. I even created an script that can feed the MCP blacklist with emails that are sent from specific email addresses. The ...
by Sergio
02 Jun 2020, 19:17
Forum: MailScanner Front-End
Topic: MailControl not showing From address.
Replies: 2
Views: 1292

MailControl not showing From address.

Hi. On some emails the "From Address" are shown in blank, please see the image: https://ibb.co/MNWQczf Checking on the headers of the emails that show this behavior I see: Received: from netman.individualpool.net ([93.119.106.16]:34528 helo=zlm0.lclbgdzb.com) by xxxxx.yyyyyyy.zzz with esmt...