ConfigServer Community Forum

It was "found" using the CSF search but i was wondering why the offending IP was placed there. Ie.. so i could tell my client "scan for viruses" or "your apple mobile is using port 587 to try to send and the server thinks you're port-scanning". So normally i look at the...

I have users that are blocked from the system. When I search csf.deny the IP address isn't in there. But when I add them to csf.allow, they are able to get e-mail OK. So my question is, is there another place to look for IP addresses or is there another method that IPs get blacklisted that isn't thr...

I'm not actually sure about the specifics, I'm just a beginner myself.

Yes, i don't believe the log file can be hacked directly. And even so, that wouldn't do anything. But it does indicate a larger problem.

As i recall, it's command line like /etc/cxs/cxs.ignore.

Thanks a lot for the response, it's much appreciated. So similar to the "false-positive, this file doesn't exist error", CXS intercepts the bad files before it even gets uploaded. If CXS wasn't there, it's possible that the patched-file would also NOT accept the file? So basically, my job ...

Hope someone can clarify something. I understand about the false-positives (when the file doesn't exist), but I get a lot of e-mails having to do with viruses or fingerprints referring to files like: http://domain.com/wp-admin/admin-ajax.php or http://www.domain.com/index.php?option=com_jdownloads&a...

As per the advice of the installed service, a reboot helped fix the IPtables and LF_SPI = 1 is now back online.

I'm getting a few log entries like this: Sep 15 12:40:38 www cxswatch[9665]: WARNING: '/home/user/public_html/error_log' scanned 6 times in the last 30 seconds, you might want to ignore this resource Any ideas what might cause this, or whether ignoring: hfile:/public_html/error_log is advisable for ...

Nevermind, it's on the configserver.com forum.

I thought it was based on your sig in the footer..

I was unable to find that link.