Ok, open your CSF Configuration and search for:
SECURITY WARNING
================
LF_EMAIL_ALERT
Sergio
Search found 795 matches
- 08 Jun 2020, 03:53
- Forum: General Discussion (csf)
- Topic: Disable email for certain alerts
- Replies: 3
- Views: 871
- 08 Jun 2020, 03:43
- Forum: General Discussion (csf)
- Topic: LFD ignoring mod_security
- Replies: 6
- Views: 1486
Re: LFD ignoring mod_security
For me it is better to find ModSec blocks info on /etc/apache2/logs/error_log
Check if you have that file and you can use that file to write your own rule at:
/usr/local/csf/bin/regex.custom.pm
Sergio
Check if you have that file and you can use that file to write your own rule at:
/usr/local/csf/bin/regex.custom.pm
Sergio
- 08 Jun 2020, 03:03
- Forum: General Discussion (csf)
- Topic: Disable email for certain alerts
- Replies: 3
- Views: 871
Re: Disable email for certain alerts
Access the account with webmail, in webmail on the front page enter into "Email Filters" and create there a rule to delete the emails that you don't want to receive. Example: SUBJECT CONTAINS blocked AND BODY MATCHES REGEX auth failed|Failed password for root|Incorrect authentication data ...
- 08 Jun 2020, 02:51
- Forum: General Discussion (csf)
- Topic: Disable notification for a specific mail box or better solution?
- Replies: 3
- Views: 908
Re: Disable notification for a specific mail box or better solution?
If you still have the password for that email, go to cPanel recreate the account with the old password. Then access the "Manage an Email Account" for that specific account and set the following: Restrictions Receiving Incoming Mail: Suspend Sending Outgoing Email: Suspend Logging In: Allow...
- 07 Jun 2020, 04:18
- Forum: General Discussion (csf)
- Topic: Blocking or Identifying bad IPs
- Replies: 1
- Views: 662
Re: Blocking or Identifying bad IPs
I haven't seen this option in CSF. But you can do the following: - When an attack to xmlrpc.php is blocked, you can send the reportl to an email address of yours from all the servers you have. - Create a bash script that reads all the emails each 15 minutes and get the offending IPs and add the IPs ...
- 07 Jun 2020, 03:59
- Forum: General Discussion (csf)
- Topic: Blocking connections without blocking e-mail
- Replies: 11
- Views: 2569
Re: Blocking connections without blocking e-mail
I didn't mean all your attacks, lol.
Just paste an example.
Just paste an example.
- 07 Jun 2020, 03:07
- Forum: General Discussion (csf)
- Topic: Blocking connections without blocking e-mail
- Replies: 11
- Views: 2569
Re: Blocking connections without blocking e-mail
What you need to block is the offending IP not the account.
If you can, paste the text of the failed login and rewrite sensitive info with xxxxx.
Sergio
If you can, paste the text of the failed login and rewrite sensitive info with xxxxx.
Sergio
- 07 Jun 2020, 03:04
- Forum: General Discussion (csf)
- Topic: Excessive resource usage: ossecr
- Replies: 1
- Views: 639
Re: Excessive resource usage: ossecr
If you can, paste the text that follows to the message on your image.
The text that follows is the one that is needed to know what needs to be white listed.
If there is sensitive information about an account in your server, you can replace it with xxxxx.
Sergio
The text that follows is the one that is needed to know what needs to be white listed.
If there is sensitive information about an account in your server, you can replace it with xxxxx.
Sergio
- 02 Jun 2020, 19:40
- Forum: MailScanner Front-End
- Topic: Update rules for multiple servers
- Replies: 1
- Views: 1058
Re: Update rules for multiple servers
I had the same issue on my servers and I resurrected the old /usr/mailscanner/etc/mcp for my use. It works really well and you can copy and paste all the info from server to server. I even created an script that can feed the MCP blacklist with emails that are sent from specific email addresses. The ...
- 02 Jun 2020, 19:17
- Forum: MailScanner Front-End
- Topic: MailControl not showing From address.
- Replies: 2
- Views: 1292
MailControl not showing From address.
Hi. On some emails the "From Address" are shown in blank, please see the image: https://ibb.co/MNWQczf Checking on the headers of the emails that show this behavior I see: Received: from netman.individualpool.net ([93.119.106.16]:34528 helo=zlm0.lclbgdzb.com) by xxxxx.yyyyyyy.zzz with esmt...