#RBN|86400|0|
I went through the EmergingThreats website and found these links which may be of interest:
Detail: - lists a number of links to text files which contain ips.
- last update seems to be February 2012 so not sure how accurate this list would be over two years on. There's no date in the list itself so I don't know if the list is...
Currently one of the problems with enabling email alerts on the application triggers is the number of alert emails an administrator gets. On our servers 95% of them are from Asia and Europe (areas that we don't even service or care about).
I propose a new setting that basically says send out an alert only if the IP address being blocked is from one of these countries.
it will be really nice if we could detect massive pure-ftpd non TLS connection, yesterday i had log file of about 25k login attempts trying to login using non TLS connection which i disallow, is there any chance that you may make a an option to track those messages and block the ips if they exceed certain number of error messages such as 20.
Have you consider to implement in CSF Firewall an option to remove IP entry from temporary/permanent block using captcha ?
For e.g. environment like hosting server with CPanel such cases like webmail block or control panel block could be easily been maintained by this type of solution.
There is already messenger service which is giving now information about IP block so it could be done...
Hi,
is not a big issue, but when an IP is written into the search box, if the IP comes with spaces before or after (when copy and paste), csf shows an error.
It will be great if that spaces could be trimmed off.
I've been using CSF for a while now, it's been very useful and it's great at doing its job, but my server also has IPv6 addressing that it needs to have a firewall for. I have CSF's IPv6 firewall enabled and configured, that's working, but I'm having trouble adding IPv6 addresses into its config files.
It's possible to see port reference by all IPs in View iptables log but ti would be much quicker to have it right in Temporary IP Entries , sometjong like this:
Instead of:
DENY 222.189.238.144 * in 23h 55m 58s lfd - *Port Scan* detected from 222.189.238.144 (CN/China/Jiangsu/Nanjing/-). 3 hits in the last 135 seconds
Add the port number for easy understanding which port was accessed:
DENY...
I think it would be very very good if CSF could be configured to let to block some manually defined IPs, that are found on the local interface.
Imagine you have 10 IPs in your eth0-range0. You use all of them as intended but one. Imaging that you initialize Proxy Server on one of that IPs. It means if you (or anybody else) will try to do something against the server, like port scan or...
I periodically get hammered by distributed attacks, usually against FTP and SMTP, where the bulk of the attempts are using accounts that don't exist on my server. It would be helpful, primarily to control resource consumption, to have an option to block these attempts on the first try while these distributed attacks are happening, without affecting the default settings for valid accounts.
It would be absolutely great to be able to set ASC or DESC order of the IP that are at Temporary IP entries.
For me, it makes more sence, when I go to Temporary IP entries to see newly blocked IPs not the old ones. Now in order to see new IP address you would have to scroll to the very bottom.
I think the IPs should be sorted DESC based on TTL, so when you go to Temporary IP entries, you see...
We use your product on a large number of machines (cPanel, Plesk, no-cp, etc). I'm very happy with the 'Check Server Security' option from the CSF menu in cPanel. As a suggestion for the (distant) future, it would be cool to be able to pass the csf binary a flag and have it output the security dialog (in plain-text) that cPanel users enjoy. As an addition, it could possibly strip out the...
It would be great if CSF supported wildcards for LFD log file locations:
Eg. /var/www/vhosts/system/*/logs/error_log
Some platforms like Plesk have separate log file locations per virtual host. I know that fail2ban supports wildcard log file locations when creating jails.
I believe that Perl supports glob functions so it shouldn't be that hard to add:
The current modsec Regex is in this file /usr/local/csf/bin/regex.pm:
$line =~ /^\ \ (\ )?\ ModSecurity:(( \[ ]+\])*)? Access denied with (code|connection)/)
This regexp fails to trigger on logged ModSec events when MPM_EVENT is installed, because the block changes to include the tid.
From:
To:
As a result, its necessary to manually update the regex in the indicated file for...
Currently it appears that RT_AUTHRELAY_ALERT is tracking relayed emails by IP address.
However, most of the time when large amounts of email are coming through, it is due to spammers compromising a user account and sending from many different IP addresses. Because of the multiple IP addresses, RT_AUTHRELAY_LIMIT rarely ever gets exceeded and lots of spam gets through unnoticed.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum