ConfigServer Community Forum

nobodyfamous

the mistress that is regex. . . I use this tool to work out my rules. http://www.regexr.com/ Paste in a few different lines of the error log you are looking for, than start playing with the regex and get it to match. Start off by escaping "\" the reserved characters "[]." and the...

nobodyfamous

I came across this post searching for the same exe.

Other posts said to just whitelist it. It is my understanding that this has something to do with email. What if I do get hacked and some other file starts sending email, will it not use this same process?

nobodyfamous

I see I can set this in the Virtualmin Templates, so all new sites would use a common log. I need to look into this further. Thanks for the help.

nobodyfamous

so I just added the log file to /var/csf/csf.syslogs and it is monitoring it, but how do I get it to pickup on the log lines

Code: Select all

[Mon Feb 03 10:04:49 2014] [warn] [client 99.192.110.216] mod_fcgid: stderr: user  authentication failure, referer: http://www.****.ca/administrator/index.php

nobodyfamous

I think CSF should be reading the error logs of all the sites. How do I get CSF to read/monitor extra logs? And better yet, with a wild card?

nobodyfamous

add user: munin
or exe:/usr/local/cpanel/3rdparty/perl/514/bin/perl

nobodyfamous

I have a similar situation using virtualmin. I too would like to know how to add logs to be monitored

nobodyfamous

Server Details; OS: Ubuntu 12.04 LTS Virtualmin/Webmin I have a joomla site getting brute force attacks. Joomla brute force attack extensions can limit the login attempts, but the server is still loaded with calls to the blocked login. I'd rather block the IP via CSF. I have an extension using the f...

nobodyfamous

For anyone else who may find this, I figured it out; For the "Suspicious process running under user postgrey" I had ignored the postgrey UID under csf.uidignor - That DOES NOT WORK. I had to go under the csf.pignor and enter user:postgrey That took care of the hourly emails. As for the &qu...

nobodyfamous

I am already ignoring the user via it's ID, but keep getting this email Subject: ...Suspicious process running under user postgrey Time: Tue Dec 31 12:24:39 2013 -0400 PID: 14373 (Parent PID:14373) Account: postgrey Uptime: 18584 seconds Executable: /usr/bin/perl Command Line (often faked in exploit...

ConfigServer Community Forum

Search found 11 matches

Re: Login Failure Daemon or Login Tracking?

Re: LDF - Excessive resource usage spamd

Re: DirectAdmin virtual domain error logs not included.

Re: Login Failure Daemon or Login Tracking?

Re: Login Failure Daemon or Login Tracking?

Re: Excessive resource usage: munin

Re: DirectAdmin virtual domain error logs not included.

Login Failure Daemon or Login Tracking?

Re: how to ignore

how to ignore