Search found 9 matches
- 10 Mar 2023, 08:21
- Forum: General Discussion (csf)
- Topic: Country Code (CC) in custom regex ?
- Replies: 1
- Views: 1026
Country Code (CC) in custom regex ?
Hello, it's possible to read the country code in a the customer regex? In my case, I want to block xmlrpc attacks on all countries except spain. Something like this will run? if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) and ($cc != ES) \/xmlrpc\.php.*" /))...
- 12 Oct 2022, 09:57
- Forum: General Discussion (csf)
- Topic: SYSLOG Check failed
- Replies: 1
- Views: 3662
Re: SYSLOG Check failed
Same issue here on servers running AlmaLinux 8
Subject: lfd on hostnamet: SYSLOG Check Failed
Message:
Time: Wed Oct 12 09:50:21 2022 +0200
Error: Failed to detect code [EboXrlKqf8S7cU5sxI1y8gPEsp] in SYSLOG_LOG [/var/log/messages]
SYSLOG may not be running correctly on hostname
Subject: lfd on hostnamet: SYSLOG Check Failed
Message:
Time: Wed Oct 12 09:50:21 2022 +0200
Error: Failed to detect code [EboXrlKqf8S7cU5sxI1y8gPEsp] in SYSLOG_LOG [/var/log/messages]
SYSLOG may not be running correctly on hostname
- 14 Mar 2022, 21:06
- Forum: General Discussion (csf)
- Topic: hook or custom script when LFD triggers
- Replies: 2
- Views: 1518
hook or custom script when LFD triggers
Hi, I would like to run my own script when an LFD alert is generated.
Is this possible?
Thank you!
Is this possible?
Thank you!
- 06 Mar 2021, 09:01
- Forum: General Discussion (csf)
- Topic: port 3306 no correctly protected?
- Replies: 0
- Views: 2399
port 3306 no correctly protected?
Hello, we have a server that needs to be able to access mysql with the root user. We have blocked port 3306 globally. And allowed the authorized IP in csf.allow with the following format: tcp|in|d=3306|s=x.x.x.x We check that it works fine, but we have found a strange log: cat /var/log/mysqld.log | ...
- 03 Feb 2021, 08:19
- Forum: General Discussion (csf)
- Topic: CSF pignore *
- Replies: 0
- Views: 1875
CSF pignore *
Hello, in csf.pignore instead of this: exe:/opt/cpanel/ea-php56/root/usr/bin/lsphp exe:/opt/cpanel/ea-php70/root/usr/bin/lsphp exe:/opt/cpanel/ea-php71/root/usr/bin/lsphp exe:/opt/cpanel/ea-php72/root/usr/bin/lsphp exe:/opt/cpanel/ea-php73/root/usr/bin/lsphp exe:/opt/cpanel/ea-php74/root/usr/bin/lsp...
- 19 Aug 2017, 18:55
- Forum: General Discussion (csf)
- Topic: regex.custom.pm trigger trigger level and temporary value ignored
- Replies: 1
- Views: 2600
regex.custom.pm trigger trigger level and temporary value ignored
Hello, I have configured this regex.custom.pm # setup-config if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/wp-admin\/setup-config\.php.*" /)) { return ("setup-config attack",$1,"setup-config","20","80,443","360...
- 13 Jun 2016, 10:32
- Forum: General Discussion (cxs)
- Topic: twentyfourteen hacked?
- Replies: 1
- Views: 5674
twentyfourteen hacked?
All the twentyfourteen in my server are detected as exploit. Is true? Content of the file cxs[163898]: ['/home/xxx/public_html/wp-content/themes/twentyfourteen/js/featured-content-admin.js'] - Suspected exploit file /** * Twenty Fourteen Featured Content admin behavior: add a tag suggestion * when c...
- 21 Feb 2016, 09:18
- Forum: General Discussion (cxs)
- Topic: CXS for Linux
- Replies: 1
- Views: 3706
CXS for Linux
Hello, is possible to install CXS on a non-cPanel server? Just to scan files on a CentOS (or any Linux) server via shell. No need interface.
- 18 Feb 2015, 20:51
- Forum: General Discussion (csf)
- Topic: Suspicious process running under user cpanellogaholic
- Replies: 1
- Views: 3274
Re: Suspicious process running under user cpanellogaholic
+1 Time: Wed Feb 18 21:08:29 2015 +0100 PID: 7905 (Parent PID:7904) Account: cpanellogaholic Uptime: 119 seconds Executable: /usr/local/cpanel/3rdparty/php/54/bin/php-cgi Command Line (often faked in exploits): /usr/local/cpanel/3rdparty/php/54/bin/php-cgi -d display_errors=0 -d log_errors=1 -d erro...