ConfigServer Community Forum

Does anyone use the connection limit protection or port flooding settings that doesn't have network level DDOS protection? What would be typical reasonable settings for a server that is just running website applications that has maybe max 40 website users at any time plus bot scraping traffic and vi...

I had an application level attack on a Wordpress site that brought the server to its knees. First time I've had this happen ever running about a half dozen small business websites. Configserver is loading multiple RBLs like FIREHOL, etc. I did a blacklist search and out of like 60 lists the IP only ...

I've raised my max memory setting to 768MB and my max RSS Memory Setting to 512. These are much higher than the default settings. On a Linux server those are pretty large chunks of memory for an application to use. Nothing else triggers an LFD warning except Wordpress websites and I get a warning on...

The /usr/local/csf/bin/regex.custom.pm file allows you to set up blocking for failed Wordpress login attempts, for example: if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET) \/wp-login\.php.*" /)) { return ("Failed WordPress GET",$1,"WPLOGINGET",...

I've got a user that keeps getting blocked for a custom LFD rule to block 3 consecutive Worpress failed logins within 3600 seconds. But they swear they are not getting failed logins. The rule is the widely published rule: if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-...

I've run into this before at I swear sometimes the set loads, sometimes it doesn't. I feels like it happens more often when I add a new blocklist. Here's my config: CLEANTALK|3600|0|https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_updated_30d.ipset FIREHOL1|3600|0|https://...

I've searched and read many posts on this topics before but I still don't find it clear what specific syntax to use in the csf.pignore file. These is the type of warning I'm trying to ignore. lfd[5333]: *Suspicious Process* PID:3792 PPID:3788 User:username Uptime:121 secs EXE:/home/virtfs/elemcms/op...

I think I already know the answer to this but I'm running a half dozen Wordpress sites and I'm tired of seeing the gobs of traffic being blocked at the Wordpress security plugin level originating from China. I would consider putting a country block on China in CSF but frankly there is a small chance...

Is there any way (looks like not through CSF - so has to be Linux/IPSET/IPTABLES command I assume?) to display blocking activity history?

Anyone recommend which plugins/settings to use in combination with CSF for protecting Wordpress sites. It seems many of the security plugins are going to be overlapping with CSF functionality.