Search found 1084 matches

by Sergio
20 Nov 2024, 01:59
Forum: General Discussion (csf)
Topic: Need some help with a log regex
Replies: 2
Views: 6452

Re: Need some help with a log regex

What are you looking for the REGEX to do with that info?

Sergio
by Sergio
02 Nov 2024, 13:53
Forum: General Discussion (csf)
Topic: LF_SPI requires disabling on restored Server
Replies: 5
Views: 11155

Re: LF_SPI requires disabling on restored Server

Please post a blocked note to see what is wrong.

Sergio
by Sergio
21 Oct 2024, 20:13
Forum: General Discussion (csf)
Topic: csf.pignore rules aren't working?
Replies: 2
Views: 11310

Re: csf.pignore rules aren't working?

Does a "pignore" will help you on this?

Sergio
by Sergio
04 Oct 2024, 06:24
Forum: General Discussion (csf)
Topic: Blocking Wordpress Login and xmlprc attacks with LFD
Replies: 32
Views: 107866

Re: Blocking Wordpress Login and xmlprc attacks with LFD

Here is the new rule: # BLOCKING ModSec Rules attacks if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\.\d+\s+\S+\] \[\S+:error\] \[pid \d+.*\] \[client \S+\] \[client (\S+)\] ModSecurity.*\[id "(210280|210350|210380|210481|210492|210710|210730|210831|210921)"\...
by Sergio
03 Oct 2024, 16:01
Forum: General Discussion (csf)
Topic: Blocking Wordpress Login and xmlprc attacks with LFD
Replies: 32
Views: 107866

Re: Blocking Wordpress Login and xmlprc attacks with LFD

Post a log line of your ModSecurity error_log for me to check it, thanks.

Sergio
by Sergio
16 Sep 2024, 03:54
Forum: General Discussion (csf)
Topic: Regex problem using one of the pre-defined lsws ones
Replies: 1
Views: 4661

Re: Regex problem using one of the pre-defined lsws ones

Testing your sample log at regex101 the rule is working as should be and shows:

GROUP1 144-165 someaddress@gmail.com
GROUP2 170-181 12.34.56.78

Could it be that the IP is in a white list?

Sergio
by Sergio
19 Aug 2024, 05:00
Forum: General Discussion (csf)
Topic: Ignore WHM/cPanel login emails from Static IP
Replies: 1
Views: 4818

Re: Ignore WHM/cPanel login emails from Static IP

Yes, is possible if your email is in your cpanel, you can create a filter to delete that email when it is your own IP that logged in.
Sergio
by Sergio
25 Jul 2024, 05:13
Forum: General Discussion (csf)
Topic: Is there a way to exclude one user from blocks in CSF?
Replies: 2
Views: 7907

Re: Is there a way to exclude one user from blocks in CSF?

Yes, you can add the IP to the white list.

If those users have dedicated IPs then you can WhiteList those IPs.
Remember that CSF is a FireWall based on IPs, so to white list them you have to white list the IPs.
by Sergio
17 Jul 2024, 01:33
Forum: General Discussion (csf)
Topic: Csf Block my whitlelist ip
Replies: 9
Views: 14349

Re: Csf Block my whitlelist ip

You have to check a few things. - Does cPhulk is running in your server? If yes, then check if the IP is not being block by cPhulk. If it is, then add your IP on the whitelist in cPhulk. - Have you tried to add your IP on /etc/csf/csf.ignore ? If not then, do what the readme on file suggest: # The f...