What are you looking for the REGEX to do with that info?
Sergio
Search found 1084 matches
- 20 Nov 2024, 01:59
- Forum: General Discussion (csf)
- Topic: Need some help with a log regex
- Replies: 2
- Views: 6452
- 02 Nov 2024, 13:53
- Forum: General Discussion (csf)
- Topic: LF_SPI requires disabling on restored Server
- Replies: 5
- Views: 11155
Re: LF_SPI requires disabling on restored Server
Please post a blocked note to see what is wrong.
Sergio
Sergio
- 21 Oct 2024, 20:13
- Forum: General Discussion (csf)
- Topic: csf.pignore rules aren't working?
- Replies: 2
- Views: 11310
Re: csf.pignore rules aren't working?
Does a "pignore" will help you on this?
Sergio
Sergio
- 04 Oct 2024, 06:24
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 32
- Views: 107866
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Here is the new rule: # BLOCKING ModSec Rules attacks if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\.\d+\s+\S+\] \[\S+:error\] \[pid \d+.*\] \[client \S+\] \[client (\S+)\] ModSecurity.*\[id "(210280|210350|210380|210481|210492|210710|210730|210831|210921)"\...
- 03 Oct 2024, 16:01
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 32
- Views: 107866
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Post a log line of your ModSecurity error_log for me to check it, thanks.
Sergio
Sergio
- 16 Sep 2024, 03:54
- Forum: General Discussion (csf)
- Topic: Regex problem using one of the pre-defined lsws ones
- Replies: 1
- Views: 4661
Re: Regex problem using one of the pre-defined lsws ones
Testing your sample log at regex101 the rule is working as should be and shows:
GROUP1 144-165 someaddress@gmail.com
GROUP2 170-181 12.34.56.78
Could it be that the IP is in a white list?
Sergio
GROUP1 144-165 someaddress@gmail.com
GROUP2 170-181 12.34.56.78
Could it be that the IP is in a white list?
Sergio
- 19 Aug 2024, 05:00
- Forum: General Discussion (csf)
- Topic: Ignore WHM/cPanel login emails from Static IP
- Replies: 1
- Views: 4818
Re: Ignore WHM/cPanel login emails from Static IP
Yes, is possible if your email is in your cpanel, you can create a filter to delete that email when it is your own IP that logged in.
Sergio
Sergio
- 25 Jul 2024, 05:13
- Forum: General Discussion (csf)
- Topic: Is there a way to exclude one user from blocks in CSF?
- Replies: 2
- Views: 7907
Re: Is there a way to exclude one user from blocks in CSF?
Yes, you can add the IP to the white list.
If those users have dedicated IPs then you can WhiteList those IPs.
Remember that CSF is a FireWall based on IPs, so to white list them you have to white list the IPs.
If those users have dedicated IPs then you can WhiteList those IPs.
Remember that CSF is a FireWall based on IPs, so to white list them you have to white list the IPs.
- 17 Jul 2024, 01:33
- Forum: General Discussion (csf)
- Topic: Csf Block my whitlelist ip
- Replies: 9
- Views: 14349
Re: Csf Block my whitlelist ip
You have to check a few things. - Does cPhulk is running in your server? If yes, then check if the IP is not being block by cPhulk. If it is, then add your IP on the whitelist in cPhulk. - Have you tried to add your IP on /etc/csf/csf.ignore ? If not then, do what the readme on file suggest: # The f...
- 17 Jul 2024, 01:03
- Forum: General Discussion (csf)
- Topic: Where does csf keep the list of blocked emails that are associated with IP address
- Replies: 4
- Views: 9653
Re: Where does csf keep the list of blocked emails that are associated with IP address
Try checking /var/log/maillog