Search found 6 matches
- 07 Aug 2016, 15:39
- Forum: General Discussion (cxs)
- Topic: Web upload script (i don't understand)
- Replies: 9
- Views: 12774
Re: Web upload script (i don't understand)
That is what the LF_CXS option in csf.conf is for. cxs itself cannot do it as the ModSecurity process runs as the nobody (or default apache) user and not root. So it is - missed that in the options. Not quite clear on the difference between LF_MODSEC and LF_CXS but have set LF_CXS to 1 and will mon...
- 04 Jul 2016, 15:55
- Forum: General Discussion (cxs)
- Topic: twentyfourteen hacked?
- Replies: 1
- Views: 5673
Re: twentyfourteen hacked?
If you don't use the theme, delete it. If you do, keep it updated. Haven't seen any other reports of a similar nature.
- 04 Jul 2016, 14:51
- Forum: General Discussion (cxs)
- Topic: Web upload script (i don't understand)
- Replies: 9
- Views: 12774
Re: Web upload script (i don't understand)
Having looked at various options to reduce the amount of alerting, I think the best one is just to put the script filename in the cxs.ignore file. In this case, it would be : hfile:/public_html/wp-admin/admin-ajax.php This assumes that you're happy that admin-ajax.php is properly patched and secure....
- 21 Jan 2015, 23:06
- Forum: General Discussion (csf)
- Topic: execute usr/sbin/csf -d within a php script
- Replies: 5
- Views: 8953
Re: execute usr/sbin/csf -d within a php script
Okay, here's my solution, hopefully someone can sanity-check it. I should say my server uses suPHP so my sites run with permissions of their owners. The best approach seems to be to allow your web user to sudo the command. Step 1 : I create a file /etc/sudoers.d/webuser with one line : webuser ALL=N...
- 21 Jan 2015, 19:45
- Forum: General Discussion (csf)
- Topic: execute usr/sbin/csf -d within a php script
- Replies: 5
- Views: 8953
Re: execute usr/sbin/csf -d within a php script
I know this is a fairly old post but I've been looking for the answer to the same question. The difficulty (I think) is that you need to be root to call the command-line CSF configuration utility e.g. csf -d 11.22.33.44 Added because I don't like them Most PHP scripts will run either as Apache, Nobo...
- 23 Jun 2008, 19:36
- Forum: Suggestions (csf)
- Topic: DShield
- Replies: 6
- Views: 9217
DShield log submission
In common with the others on this thread, I'm looking for a way to submit firewall logs to DShield. It's one of those areas where you are probably not going to make a huge difference at an individual server level because the majority of entries in your log are from your spotty Korean school boy who ...