Can we get support of developers to integrate my way of catching bad bots in CSF?
My way id 100% accurate against bad bots, mail harvesters and spam bots, and site scrapers.
It is based in 3 steps:
1. allow good bots.
2. blind all others.
3. block all bad bots in htaccess when hit bot trap url
Only bad thing is constantly grow of htaccess file.
I've been using csf ever since i discovered it. It's awesome. Even recommended it today to an abuse dept. teamleader (of a company with 4k+ servers) after resolving an abuse matter.
During the chat i had with this person, ARF came up. It looks like an upcoming standard for reporting abuse, which i would defenatelly would like to see within csf.
There is also a perl module for it, see...
I do not log into my DirectAdmin weekly. Therefore I do not have an efficient way to see update notifications about CSF the ultimate ip tables firewall.
Would it be possible to perhaps create a locked thread (forum) where you will reply to it when you create a update to the script and I can follow the topic by email notification to see updates more efficiently.
Hi, i'm using Debian Squeeze with csf+lfd as firewall.
Could you make the program to be LSB compliant with the Debian LSB initscripts, because I get frequent warnings regarding csf+lfd when I upgrade certain packages with apt.
The other day we had an issue where we needed to open up SSH to cPANEL so they could log in and resolve an issue with PURE-FTP.
Once they were completed we needed to remove/comment out their entries.
It would be great if you could add an entry like this to the allow:
d=9999:s=201.211.212.213:expire=2d # cPANEL Support
then two days after you entered this allow, it would remove itself. Even...
Hello,
i would be nice to have a text field next to the quick allow / quick deny to add some text why that ip is allowed or deny'd.
that text shows in the csf.deny and csf.allow file
111.112.113.114 # Manually allowed - Sun Mar 14 15:59:54 2010
111.112.113.114 # Manually allowed - Sun Mar 14 15:59:54 2010 # give acces to configserver support
Whe currently testing the CSF clust feature. At first everything looks fine and works okay.
Until today, now i see that CSf tries to talk to the other servers with other IP addresses.
Not all the servers in the same cluster have this issue. Al servers are CentOS with cpanel
Cluster env: description with example IP's
Server1
main IP: 11.22.33.44
multi shared IP's
nameserver 11.22.33.12...
I am a huge fan of csf. To the point where my servers doesn't crash from the number of hack attempts/port scans. They must be sorely disappointed after 5 attempts and going no further. mwhahaha!
What would be good to have is a global list of blocked IP addresses, mainly to save me sifting through my inbox and deleting those e-mails that need deleting!
It would be awesome if support for too many failed recepients in exim_mainlog would be added.
I get many emails inbound for addresses that never existed, so would be very neat to be able to block the sending IPs.
At the moment I use BFD just for that and I write to csf.deny with csf -d $IP.
similar to my previous suggstion but prob alittle simpler.
would be useful to have a whm section where one could add, edit, or remove custom rules.
reason being, some hosts use many different error codes which many will trigger the default mod_security regex. a service which is locked code 423 shouldnt ban a connection attempting to connect as it may be nothing more then an expired subscription...
I have noticed quite a few SSHD login attempts appearing in Logwatch that do not appear to be getting blocked by CSF.
The log looks like this:
Feb 15 14:37:01 vps1 sshd : User root from 211.141.237.36 not allowed because not listed in AllowUsers
Feb 15 14:37:01 vps1 sshd : input_userauth_request: invalid user root
Feb 15 14:37:02 vps1 sshd : Received disconnect from 211.141.237.36: 11:...
Hi,
it will be nice if CSF could block IPs that are trying to connect to the same FTP account but from different IPs.
Let me explain, a few days ago an account got compromised, customer had a virus that sent his FTP password to a hacker, in less than 10 seconds, about 200 different IPs were trying to access the account. Of couse we detected the intrusion and blocked the account, so, no major...
Would it be possible to change csf.pignore so that I can tell it to ignore the executable /bin/bash when it's from user stijn?
When i'm logged on with ssh I get these emails regularly, and the only possibility to stop them as far as I know is to add user:stijn or exe:/bin/bash to the list.
If i exclude /bin/bash I won't see notices for other people, and when I add my user, i won't receive...
Recently it has become necessary for me to separate different allow/deny rules on some of my servers running CSF.
In particular, i am looking to be able to include another file in the csf.allow/deny file.
What this means is that i can keep the global allow/deny rules across all of my servers the same using an external script, but have the allow/deny files reference a customer allow/deny file...
Dear Santa Chirpy :
I have been a nice guy all this year and I ask you to please, grant me 2 wishes, lol:
1. Please, set a new option where we could edit the DENY.TXT file to add or delete IPs that are trying to abuse our servers, with this we could manage in a better way our GLOBAL_DENY file.
2. Also, when an IP is written to the CSF.DENY file, would you be very kind to write it there the IP...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum