Search found 1106 matches
- 24 Nov 2024, 16:50
- Forum: General Discussion (csf)
- Topic: Fully disbled alert email from LFD
- Replies: 7
- Views: 14854
Re: Fully disbled alert email from LFD
As the email is pure informative it means that you don't do have to do anything more than check why dovecot is reporting this. So, you don't need to add any rule into pignore as it is been ignored by the OS. Checking on the anvil process: is responsible for tracking authentication penalties for diff...
- 20 Nov 2024, 20:26
- Forum: MailScanner Front-End
- Topic: How to filter on From:
- Replies: 1
- Views: 30507
Re: How to filter on From:
If you provide a complete log line where that info appears, a regex can be done.
Sergio
Sergio
- 20 Nov 2024, 02:04
- Forum: General Discussion (csf)
- Topic: Blocked IP address can still deliver spam to server
- Replies: 2
- Views: 9774
Re: Blocked IP address can still deliver spam to server
Or you can add that IP into cPHulk Black List.
Sergio
Sergio
- 20 Nov 2024, 02:03
- Forum: General Discussion (csf)
- Topic: Fully disbled alert email from LFD
- Replies: 7
- Views: 14854
Re: Fully disbled alert email from LFD
Have you tried to add the following line into CSF.PIGNORE?
exe: /opt/cpanel/ea-php81/root/usr/sbin/php-fpm
Sergio
exe: /opt/cpanel/ea-php81/root/usr/sbin/php-fpm
Sergio
- 20 Nov 2024, 01:59
- Forum: General Discussion (csf)
- Topic: Need some help with a log regex
- Replies: 2
- Views: 11119
Re: Need some help with a log regex
What are you looking for the REGEX to do with that info?
Sergio
Sergio
- 02 Nov 2024, 13:53
- Forum: General Discussion (csf)
- Topic: LF_SPI requires disabling on restored Server
- Replies: 5
- Views: 16398
Re: LF_SPI requires disabling on restored Server
Please post a blocked note to see what is wrong.
Sergio
Sergio
- 21 Oct 2024, 20:13
- Forum: General Discussion (csf)
- Topic: csf.pignore rules aren't working?
- Replies: 2
- Views: 17233
Re: csf.pignore rules aren't working?
Does a "pignore" will help you on this?
Sergio
Sergio
- 04 Oct 2024, 06:24
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 32
- Views: 150722
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Here is the new rule: # BLOCKING ModSec Rules attacks if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\.\d+\s+\S+\] \[\S+:error\] \[pid \d+.*\] \[client \S+\] \[client (\S+)\] ModSecurity.*\[id "(210280|210350|210380|210481|210492|210710|210730|210831|210921)"\...
- 03 Oct 2024, 16:01
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 32
- Views: 150722
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Post a log line of your ModSecurity error_log for me to check it, thanks.
Sergio
Sergio
- 16 Sep 2024, 03:54
- Forum: General Discussion (csf)
- Topic: Regex problem using one of the pre-defined lsws ones
- Replies: 1
- Views: 8818
Re: Regex problem using one of the pre-defined lsws ones
Testing your sample log at regex101 the rule is working as should be and shows:
GROUP1 144-165 someaddress@gmail.com
GROUP2 170-181 12.34.56.78
Could it be that the IP is in a white list?
Sergio
GROUP1 144-165 someaddress@gmail.com
GROUP2 170-181 12.34.56.78
Could it be that the IP is in a white list?
Sergio