I've been getting numerous suspicious process alerts each day, listing /usr/bin/php as the suspicious process but no actual process beyond that. I'm not sure if this is a false positive or not - and even if it is I don't know how to block it because it doesn't seem wise to ignore everything under php.
Can anyone help interpret this? I've searched high and low in this and other forums...
I'm trying custom regex to prevent Joomla Brutefoce login base on Wordpress Bruteforce login.
But it's not working. Somebody help me where i'm wrong ?
This is my regex
# joomla
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] POST \/administrator\/index\.php.* 200/)) {
return ( Failed Joomla login from ,$1, joomla , 2 , 80,443 , 3600 );
}
Hello,
I want to know that geoip database is on auto update or I need to update it manually?
If I need to update it manually, how should I do that? (please explain it briefly)
Thanks
My VPS (CentOS6 with CWP) logs failed logins in /var/log/dovecot-info.log:
May 05 15:20:13 pop3-login: Info: Disconnected (auth failed, 1 attempts): user= , method=PLAIN, rip=IP, lip=IP
but they are not blocked by CSF.
I've added this custom regex but still doesn't block them:
if (($lgfile eq $config{CUSTOM3_LOG}) and ($line =~ /^\S+\s+\S+\s+\S+ pop3\-login.*auth failed.*rip\=(\S+)/)) {...
I am trying to understand what the Exceeded number below actually means. I am assuming that it means the process has run for 219,000 seconds, which exceeds the threshold of 1800.
Isn't it a good thing that MySQL is running all the time.
So what does the code expect that monitors process time? I guess the logic is if something runs for more than 1800 seconds, it's run too long. It seems that,...
My LFD web UI was working fine. I clicked disable firewall and it stopped responding. I then enabled the firewall with csf -e as root, and the firewall was enabled (apparently)... but now I get connection refused when I try to connect to the LFD web UI. I've tried rebooting the machine and I get the same problem. I tried connecting from localhost and it still gives me connection refused . There...
There is an ongoing 404 been logged in the error_log file. This come from different ip at every hour.
May i know does CSF include feature that deal with this kind of attack?
Tue Apr 25 11:28:24 2017] File does not exist: /home/noname/public_html/660
File does not exist: /home/noname/public_html/660
File does not exist: /home/noname/public_html/660
File does not exist:...
I'm trying to synchronize LFD with Cloudflare using these scripts:
It's working as far as the BLOCK_REPORT goes but it doesn't appear that UNBLOCK_REPORT is being triggered. Even if the script is failing should it at least be logged that it was triggered? Here is the LFD log:
Apr 23 09:07:35 cp1 lfd : (cpanel) Failed cPanel login from xxx.xxx.xxx.xxx (xxxxxxx): 3 in the last 3600 secs -...
Can not run CSF I either get page error 500 or a completely blank page.
I have found when logged in through SSH, using top, CSF will be running, even though prior to that only iptables was visible as a running process, not csf/lfd. I have uninstalled and reinstalled several times. csf/lfd will run initially but within a half hour to 45 minutes it will be stopped and iptables will be running...
Since the update to v10 cluster restarts fail for every member. I run csf -crs or csf --crestart and get:
Sent request to , no reply
Sent request to , no reply
Sent request to , no reply
Sent request to , no reply
Sent request to , no reply
Sent request to , no reply
{...}
All other cluster methods that we use regularly work, like --cping, --cfile, and individual bans with -cd
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum