Search found 1044 matches
- 18 Dec 2023, 04:26
- Forum: General Discussion (cmc)
- Topic: Mod_security is not blocking
- Replies: 5
- Views: 4143
Re: Mod_security is not blocking
Yes, you can create your own CSF rule to block modsecurity attacks. Please read my post at: https://forum.configserver.com/viewtopic.php?p=32708#p32708 In that post I wrote a rule that you can use to block ModSec attacks, you will need to write the rules that you want to block and CSF will block the...
- 17 Dec 2023, 20:55
- Forum: General Discussion (cmc)
- Topic: Mod_security is not blocking
- Replies: 5
- Views: 4143
Re: Mod_security is not blocking
Francisco, CMC does not block any IP, the one that should block the IP is CSF, check the following options: [*]Enable failure detection of repeated Apache mod_security rule triggers LF_MODSEC = Default: 5 [0-100] LF_MODSEC_PERM = Default: 1 [0-604800] Also, in WHM you should check that the ModSecuri...
- 16 Dec 2023, 23:01
- Forum: General Discussion (cxs)
- Topic: First time ever CXS rule is not working, why?
- Replies: 2
- Views: 2129
Re: First time ever CXS rule is not working, why?
Ohhh, that is why.
Thought I was doing something wrong, thanks for telling, appreciated.
Best Regards,
Sergio
Thought I was doing something wrong, thanks for telling, appreciated.
Best Regards,
Sergio
- 16 Dec 2023, 12:39
- Forum: General Discussion (cxs)
- Topic: First time ever CXS rule is not working, why?
- Replies: 2
- Views: 2129
First time ever CXS rule is not working, why?
Hi, Sarah. Would you be kind to tell me what I am doing wrong on the following rule that I have created on CXS? InmunifyAV+ is detecting the following code as malicious, so, I have added the rule in cxs.xtra to quarantine the file but is not working. This is the code that I want to block: <?php eval...
- 14 Dec 2023, 02:26
- Forum: General Discussion (csf)
- Topic: Trying to ignore a Perl script, but still getting alerts
- Replies: 3
- Views: 3097
Re: Trying to ignore a Perl script, but still getting alerts
Great to know it worked for you, your welcome.
- 13 Dec 2023, 03:36
- Forum: General Discussion (csf)
- Topic: Trying to ignore a Perl script, but still getting alerts
- Replies: 3
- Views: 3097
Re: Trying to ignore a Perl script, but still getting alerts
Try this instead:
Sergio
Code: Select all
cmd:/usr/bin/perl /home/example/public_html/cgi-bin/cart.cgi
- 09 Dec 2023, 02:39
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 93
- Views: 2019880
REGEX Rule to block census.shodan.io
This rule blocks any connection from census.shodan.io. (I really don't like attacks from these servers) # BLOCKING CENSUS SHODAN if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s\S+\sSMTP\s\D+from\s\S+(?>\.census\.shodan\.io|\.censys\-scanner\.com)\s\[(\S+)\]/i)) { return ("",$1,...
- 07 Dec 2023, 02:21
- Forum: MailScanner
- Topic: Query to zen.spamhaus.org blocked due to an open resolver
- Replies: 1
- Views: 2745
- 06 Dec 2023, 02:56
- Forum: Suggestions (csf)
- Topic: Please add instructions on how to migrate to a new server
- Replies: 4
- Views: 10912
Re: Please add instructions on how to migrate to a new server
Do you have CXS installed or MailScanner?
- 23 Nov 2023, 20:38
- Forum: General Discussion (csf)
- Topic: Suspicious process running
- Replies: 1
- Views: 3995
Re: Suspicious process running
First of all, you don't need to copy all the log lines, just a few ones are needed. I recommend you to add one of the following lines in csf.pignore: REGEX for any version of ea-php: pexe:/opt/cpanel/ea\-php\d+/root/usr/sbin/php\-fpm Rule just for ea-php81: exe:/opt/cpanel/ea-php81/root/usr/sbin/php...