I get people trolling I guess looking for scripts on the server to try to exploit.
I did change the username and domain name.
What I am wondering is how can I block and/or ban the IP address of the person after xx amount of hits?!?!
Scanning web upload script file...
Time : Mon, 4 Sep 2017 11:12:56 -0700
Web referer URL :
Local IP : 123.123.123.123
Web upload script user : nobody (99)
Web upload script owner: ()
Web upload script path : /home/user/public_html/domainremoved.com/chat
Web upload script URL : http://www.domainremoved.com/chat/chat/upload.php
Remote IP : 173.208.148.218
Deleted : No
Quarantined : No
NOTE: This alert may be a ModSecurity false-positive as /home/user/public_html/domainremoved.com/chat does not exist
cxs Scan on xxx.xxx.xxxx (Hits:1) (Viruses:0) (Fingerprints:1)
Re: cxs Scan on xxx.xxx.xxxx (Hits:1) (Viruses:0) (Fingerprints:1)
See the section "cxs and csf Integration" in the cxs documentation which can be found in WHM > ConfigServer eXploit Scanner > Documentation.