ConfigServer Community Forum

Hello. We have a server with CSF that is not logging iptables blocks to var/logs/messages. Last iptables logs are from december. I tried to restart CSF but not works. I compared CSF configuration with other server that logs iptables well, but there is no differences. Somebody knows what is happening...

Hello. It can be done to configure Mailscanner to send email to server administrator of the "Other Bad Content Detected" emails but configure it to each domain?. Thanks.

Kind regards.

We configured it at Home »Plugins »ConfigServer Security & Firewall - Check for IPs in RBL. At bottom of page you can schedule an automatic email hourly, daily, weekly or monthly.

Kind regards.

Hello. Why is not possible to set Low and High Spam Score with decimals?.

Kind regards.

Hello. Since a few weeks ago, the automatic RBL check (once at hour in our server), outputs always this at email: Checked 31.2xx.xxx.xxx (PUBLIC) on Sat May 19 17:00:01 2018 short.rbl.jp TIMEOUT virus.rbl.jp TIMEOUT OK These 2 lists short.rbl.jp and virus.rbl.jp always output TIMEOUT. It's a common ...

Hello again @hostnow. We installed Wordfence in both sites and it detect a lot of injected files (Pyxsoft did not do it). We cleaned the files and connections disapeared from CSF!!.

Kind regards.

Hello again @hostnow. After deny this IP in CSF, we could search in the log/messages log (you can access from CSF in main menu clicking in "Search System Logs") and see this: Apr 15 05:20:23 virt1947 kernel: [924838.992153] Firewall: *TCP_OUT Blocked* IN= OUT=venet0 SRC=31.200.243.xxx DST=...

Hello @hostnow, sure, it's not the solution, but in our case this has served to Spamhaus delist our IP. It's a first step to continue investigate the origin of problem. I hope someone of this forum or someone of CSF Support can help to you and us. Thanks.

Kind regards.

Hello. A few days ago the main IP of our server was listed by Spamhause. The reason was: This was detected by a TCP connection from "31.200.243.xxx" on port "48048" going to IP address "192.42.119.41" (the sinkhole (sinkhole.html)) on port "80". The botnet com...

Hi. Since today, Clamd is detecting all .DOC files, sent or received in server, as Win.Exploit.CVE_2016_3316-1 virus. Has someone the same problem?. How I can resend emails that have been detected as virus?.

Kind regards.