Search found 9 matches

by jmginer
10 Mar 2023, 08:21
Forum: General Discussion (csf)
Topic: Country Code (CC) in custom regex ?
Replies: 1
Views: 1026

Country Code (CC) in custom regex ?

Hello, it's possible to read the country code in a the customer regex? In my case, I want to block xmlrpc attacks on all countries except spain. Something like this will run? if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) and ($cc != ES) \/xmlrpc\.php.*" /))...
by jmginer
12 Oct 2022, 09:57
Forum: General Discussion (csf)
Topic: SYSLOG Check failed
Replies: 1
Views: 3662

Re: SYSLOG Check failed

Same issue here on servers running AlmaLinux 8

Subject: lfd on hostnamet: SYSLOG Check Failed

Message:

Time: Wed Oct 12 09:50:21 2022 +0200
Error: Failed to detect code [EboXrlKqf8S7cU5sxI1y8gPEsp] in SYSLOG_LOG [/var/log/messages]

SYSLOG may not be running correctly on hostname
by jmginer
14 Mar 2022, 21:06
Forum: General Discussion (csf)
Topic: hook or custom script when LFD triggers
Replies: 2
Views: 1518

hook or custom script when LFD triggers

Hi, I would like to run my own script when an LFD alert is generated.

Is this possible?

Thank you!
by jmginer
06 Mar 2021, 09:01
Forum: General Discussion (csf)
Topic: port 3306 no correctly protected?
Replies: 0
Views: 2399

port 3306 no correctly protected?

Hello, we have a server that needs to be able to access mysql with the root user. We have blocked port 3306 globally. And allowed the authorized IP in csf.allow with the following format: tcp|in|d=3306|s=x.x.x.x We check that it works fine, but we have found a strange log: cat /var/log/mysqld.log | ...
by jmginer
03 Feb 2021, 08:19
Forum: General Discussion (csf)
Topic: CSF pignore *
Replies: 0
Views: 1875

CSF pignore *

Hello, in csf.pignore instead of this: exe:/opt/cpanel/ea-php56/root/usr/bin/lsphp exe:/opt/cpanel/ea-php70/root/usr/bin/lsphp exe:/opt/cpanel/ea-php71/root/usr/bin/lsphp exe:/opt/cpanel/ea-php72/root/usr/bin/lsphp exe:/opt/cpanel/ea-php73/root/usr/bin/lsphp exe:/opt/cpanel/ea-php74/root/usr/bin/lsp...
by jmginer
19 Aug 2017, 18:55
Forum: General Discussion (csf)
Topic: regex.custom.pm trigger trigger level and temporary value ignored
Replies: 1
Views: 2600

regex.custom.pm trigger trigger level and temporary value ignored

Hello, I have configured this regex.custom.pm # setup-config if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/wp-admin\/setup-config\.php.*" /)) { return ("setup-config attack",$1,"setup-config","20","80,443","360...
by jmginer
13 Jun 2016, 10:32
Forum: General Discussion (cxs)
Topic: twentyfourteen hacked?
Replies: 1
Views: 5674

twentyfourteen hacked?

All the twentyfourteen in my server are detected as exploit. Is true? Content of the file cxs[163898]: ['/home/xxx/public_html/wp-content/themes/twentyfourteen/js/featured-content-admin.js'] - Suspected exploit file /** * Twenty Fourteen Featured Content admin behavior: add a tag suggestion * when c...
by jmginer
21 Feb 2016, 09:18
Forum: General Discussion (cxs)
Topic: CXS for Linux
Replies: 1
Views: 3706

CXS for Linux

Hello, is possible to install CXS on a non-cPanel server? Just to scan files on a CentOS (or any Linux) server via shell. No need interface.
by jmginer
18 Feb 2015, 20:51
Forum: General Discussion (csf)
Topic: Suspicious process running under user cpanellogaholic
Replies: 1
Views: 3274

Re: Suspicious process running under user cpanellogaholic

+1 Time: Wed Feb 18 21:08:29 2015 +0100 PID: 7905 (Parent PID:7904) Account: cpanellogaholic Uptime: 119 seconds Executable: /usr/local/cpanel/3rdparty/php/54/bin/php-cgi Command Line (often faked in exploits): /usr/local/cpanel/3rdparty/php/54/bin/php-cgi -d display_errors=0 -d log_errors=1 -d erro...