Search found 1106 matches

by Sergio
24 Nov 2024, 16:50
Forum: General Discussion (csf)
Topic: Fully disbled alert email from LFD
Replies: 7
Views: 14854

Re: Fully disbled alert email from LFD

As the email is pure informative it means that you don't do have to do anything more than check why dovecot is reporting this. So, you don't need to add any rule into pignore as it is been ignored by the OS. Checking on the anvil process: is responsible for tracking authentication penalties for diff...
by Sergio
20 Nov 2024, 20:26
Forum: MailScanner Front-End
Topic: How to filter on From:
Replies: 1
Views: 30507

Re: How to filter on From:

If you provide a complete log line where that info appears, a regex can be done.

Sergio
by Sergio
20 Nov 2024, 02:04
Forum: General Discussion (csf)
Topic: Blocked IP address can still deliver spam to server
Replies: 2
Views: 9774

Re: Blocked IP address can still deliver spam to server

Or you can add that IP into cPHulk Black List.

Sergio
by Sergio
20 Nov 2024, 02:03
Forum: General Discussion (csf)
Topic: Fully disbled alert email from LFD
Replies: 7
Views: 14854

Re: Fully disbled alert email from LFD

Have you tried to add the following line into CSF.PIGNORE?
exe: /opt/cpanel/ea-php81/root/usr/sbin/php-fpm

Sergio
by Sergio
20 Nov 2024, 01:59
Forum: General Discussion (csf)
Topic: Need some help with a log regex
Replies: 2
Views: 11119

Re: Need some help with a log regex

What are you looking for the REGEX to do with that info?

Sergio
by Sergio
02 Nov 2024, 13:53
Forum: General Discussion (csf)
Topic: LF_SPI requires disabling on restored Server
Replies: 5
Views: 16398

Re: LF_SPI requires disabling on restored Server

Please post a blocked note to see what is wrong.

Sergio
by Sergio
21 Oct 2024, 20:13
Forum: General Discussion (csf)
Topic: csf.pignore rules aren't working?
Replies: 2
Views: 17233

Re: csf.pignore rules aren't working?

Does a "pignore" will help you on this?

Sergio
by Sergio
04 Oct 2024, 06:24
Forum: General Discussion (csf)
Topic: Blocking Wordpress Login and xmlprc attacks with LFD
Replies: 32
Views: 150722

Re: Blocking Wordpress Login and xmlprc attacks with LFD

Here is the new rule: # BLOCKING ModSec Rules attacks if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\.\d+\s+\S+\] \[\S+:error\] \[pid \d+.*\] \[client \S+\] \[client (\S+)\] ModSecurity.*\[id "(210280|210350|210380|210481|210492|210710|210730|210831|210921)"\...
by Sergio
03 Oct 2024, 16:01
Forum: General Discussion (csf)
Topic: Blocking Wordpress Login and xmlprc attacks with LFD
Replies: 32
Views: 150722

Re: Blocking Wordpress Login and xmlprc attacks with LFD

Post a log line of your ModSecurity error_log for me to check it, thanks.

Sergio
by Sergio
16 Sep 2024, 03:54
Forum: General Discussion (csf)
Topic: Regex problem using one of the pre-defined lsws ones
Replies: 1
Views: 8818

Re: Regex problem using one of the pre-defined lsws ones

Testing your sample log at regex101 the rule is working as should be and shows:

GROUP1 144-165 someaddress@gmail.com
GROUP2 170-181 12.34.56.78

Could it be that the IP is in a white list?

Sergio