I have a regex that I'm trying to modify for regex.custom.pm so when the server (not a user clicks) redirects to a specific page (which is logged in /var/log/apache2/access.log), after x number of attempts, it blocks that IP.
The purpose is to block bots attempting to hack a token entry form and currently, due to the software used, a failure with the form does not get logged in error_log...
Hello folks,
I notice when i'm scanning my hosting server with nmap inside of msfconsole , it put the ip of attacker in whitelist even if this ip is in blacklist.
please how to solve that???
thank you
Suddenly today I have been unable to perform a CURL command to api.stripe.com. I am able to curl to example.com (both http & https).
This is what happens on the SSH command line:
curl -v
* About to connect() to api.stripe.com port 443 (#0)
* Trying 52.62.14.35...
* Connection timed out
* Trying 13.55.5.15...
* After 86364ms connect time, move on!
* Failed connect to api.stripe.com:443;...
Can i ignore user or mailbox when RT_AUTHRELAY_LIMIT is reached?
BACKGROUND:
i am sending an e-mail from a PHP script from server A from a domain protected by cloudflare. The e-mail is sent from a PHP script via SMTP which is locared on server B
on server B is CSF
RT_AUTHRELAY_ALERT = on
RT_AUTHRELAY_LIMIT = 49
RT_AUTHRELAY_BLOCK = 1800
Not sure if this is in the right forum or not, sorry!
Basically when I am checking the server security with CSF it states 'Check nameservers Unable to resolve nameserver ' under the 'WHM Settings Check' section. This only appears on running the 'Run again and display all checks' report but under the 'Run again' report it doesn't appear. The nameserver ns1.yourdomain.com (I'm using...
Searched the forum but could not find any answer to the following question:
Would an allow ip superseed a country block?
Scenario: We have actively blocked DE (Germany) through a country block, but want to allow one static ip from Germany to be allowed using Firewall Allow IP .
Hello everyone,
I'm trying to configure csf so that only IPs from my country can access port 22.
I fill the 2 following configurations with the country code and port 22, like so:
CC_ALLOW_PORTS = GB
CC_ALLOW_PORTS_TCP = 22
And removed port 22 from TCP_IN
But i'm still getting locked out after restarting CSF.
How can I know what's the reason for this? I saw that a service called geoIP is...
I have 2 cpanel servers. One is constantly blocking my IP address. I have my WiFi IP whitelisted. But, if for any reason, like a recent power outage, the router gets rebooted and it gets assigned a new IP, that one gets blocked and I have to have someone in another network login and white list that one. This gets really irritating when I am out of the office and my Phone's Verizon IP gets...
A bit of a general question, I was wondering if when an IP is blocked in CSF (or by LFD), does it block incoming DNS queries by default or do I need to allow them to make queries?
Hi Everyone,
My Deny IP List is really starting to grow now and nearly on 1500, how high can i go with this before it starts impacting my servers performance etc?
I'm having a bit of an issue with csf/lfd blocking cPanel webmaild logins. I just checked my log in /var/local/cpanel/log/login_log and there's hundreds if not thousands of attempts to login to accounts on the server which haven't been picked up by LFD (and subsequently blocked by CSF)
I'm wondering how I would go about adding these entries to be scanned by LFD?
Hello, CSF is blocking ftp upload to my OVH remote backup destination. Backup transfer is set as ftp on port 21.
Destination is validated and working when csf is disabled. Any clue how can I fix this?
Thanks!
All of the sudden we started experiencing this same issue on 2 different servers.
When CSF is enabled, it breaks connection to port 80 for many of our customers.
Doing a tests on a websites like: when CSF is enabled , tests fail from many locations, where when CSF is disabled all tests go through just fine, no times outs.
Running latest version of csf 13.7 , CentOS 7 (cPanel) with...
After looking at some fresh csf.conf file I detected I was missing some stuff in my own csf.conf files.
Some were logical because they were only for cPanel.
Somewhere on the forums in a very old topic, I read that queue alert/interface was also only for cPanel because this worked with exim.
However, Directadmin is also using Exim mailserver.
Next to that I think script alert could also...
i need to do some thing after a csf update was successful.
Therefore i disabled the autoupdate and call the update by hand with csf -u.
Is it possible to get different return codes or something like this to know if there where no update (because latest version is installed) or if a new version was installed?
As alternative solution it would be great if i can configure an...
As a theoretical question assuming:
1) regex.custom.pm is properly formatted and without errors;
2) a log file in text format exists with one entry per line of failed logins;
3) csf has the proper log file identified as CUSTOM1_LOG in csf.conf;
4) Am I missing something?
Then csf should be able to block at the firewall a malicious user hammering away at an application login screen, said...
I've been reading the forums and the readme and I cannot get this sorted out. I have a server running Ubuntu Landscape and the following four command line items keep triggering CSF for excessive research usage:
We use CSF+LFD on all of our Linux based servers of which are endpoints, in that they are not required to do any IP forwarding/routing. (We'd use Shorewall for that.) This includes our internal office servers.
We also use two Unbound instances as our office DNS resolver, particularly as we have various internal only DNS mappings we need to establish.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum