ConfigServer Community Forum

Yes, you can create your own CSF rule to block modsecurity attacks. Please read my post at: https://forum.configserver.com/viewtopic.php?p=32708#p32708 In that post I wrote a rule that you can use to block ModSec attacks, you will need to write the rules that you want to block and CSF will block the...

Francisco, CMC does not block any IP, the one that should block the IP is CSF, check the following options: [*]Enable failure detection of repeated Apache mod_security rule triggers LF_MODSEC = Default: 5 [0-100] LF_MODSEC_PERM = Default: 1 [0-604800] Also, in WHM you should check that the ModSecuri...

Ohhh, that is why.

Thought I was doing something wrong, thanks for telling, appreciated.

Best Regards,
Sergio

Hi, Sarah. Would you be kind to tell me what I am doing wrong on the following rule that I have created on CXS? InmunifyAV+ is detecting the following code as malicious, so, I have added the rule in cxs.xtra to quarantine the file but is not working. This is the code that I want to block: <?php eval...

Great to know it worked for you, your welcome.

Try this instead: Sergio

This rule blocks any connection from census.shodan.io. (I really don't like attacks from these servers) # BLOCKING CENSUS SHODAN if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s\S+\sSMTP\s\D+from\s\S+(?>\.census\.shodan\.io|\.censys\-scanner\.com)\s\[(\S+)\]/i)) { return ("",$1,...

This article can help:
https://support.cpanel.net/hc/en-us/art ... ub-x-x-x-x

Do you have CXS installed or MailScanner?

First of all, you don't need to copy all the log lines, just a few ones are needed. I recommend you to add one of the following lines in csf.pignore: REGEX for any version of ea-php: pexe:/opt/cpanel/ea\-php\d+/root/usr/sbin/php\-fpm Rule just for ea-php81: exe:/opt/cpanel/ea-php81/root/usr/sbin/php...