Search found 36 matches
- 05 Jul 2021, 11:45
- Forum: General Discussion (csf)
- Topic: Block countries but allow port 53/dns
- Replies: 3
- Views: 3086
Re: Block countries but allow port 53/dns
I would say maybe using something like this unless someone else has a better idea. You could deny services, port access to many countries attacking your server by just using their country codes. # This option denies access from the following countries to specific ports # listed in CC_DENY_PORTS_TCP ...
- 26 Mar 2021, 19:57
- Forum: General Discussion (cxs)
- Topic: Is there any problem increasing filemax?
- Replies: 1
- Views: 2839
Re: Is there any problem increasing filemax?
Nope - just uses more resources and at times creates more watches.
So if you have enough resources and fast cpus and SSDs you should be fine.
So if you have enough resources and fast cpus and SSDs you should be fine.
- 26 Mar 2021, 19:55
- Forum: General Discussion (cxs)
- Topic: Trace how malware was uploaded to server
- Replies: 1
- Views: 2623
Re: Trace how malware was uploaded to server
Do you use modsecurity? If not consider installing OWASP rules or Comodo WAF ruleset both which are free. Usually they upload via a outdated plugin or some flaw in one. If not that then if you have no modsecurity then your server is vulnerable. Best to have Firewall + Modsecurity + CXS + ClamAV with...
- 19 Mar 2021, 17:56
- Forum: General Discussion (csf)
- Topic: csf causing excessive load averages
- Replies: 1
- Views: 1387
Re: csf causing excessive load averages
Not entirely sure what the cause could be. But I would recommend you go through each setting in your csf.conf. Also are you using ipset? if not then if you have alot of blocklists enabled that could cause some slowness. Also is CSF monitoring alot of CUSTOM log locations? May be too many logs to be ...
- 22 Feb 2021, 18:25
- Forum: General Discussion (cxs)
- Topic: STICKY rules for CXS.XTRA regs.
- Replies: 71
- Views: 208582
Re: STICKY rules for CXS.XTRA regs.
Noticed tons of files with kindex.php and windex.php and wikindex.php plus many more. Created a list and here are the md5sum and regex. Add and try out if you like. # Added 22/02/2021 regall:quarantine:Pwnd By NekoBot! md5sum:quarantine:e421e55e907fcbafe575c918214140b8 md5sum:quarantine:4355572862fb...
- 31 Jan 2021, 15:39
- Forum: General Discussion (cxs)
- Topic: Ignore wp-content/cache/wp-rocket/domain suspicious directory
- Replies: 3
- Views: 7932
Re: Ignore wp-content/cache/wp-rocket/domain suspicious directory
I think you add
hdir:*/wp-content/cache/
to cxs.ignore
I stand to be corrected. Test it if you like and see?
hdir:*/wp-content/cache/
to cxs.ignore
I stand to be corrected. Test it if you like and see?
- 31 Jan 2021, 15:36
- Forum: General Discussion (cxs)
- Topic: How to override IP Reputation blocked IP
- Replies: 1
- Views: 2848
Re: How to override IP Reputation blocked IP
I think we experienced a similar issue before using the CC_IGNORE feature where we would like a country and customers IPs would still be blocked I think if they existed in those CXS lists.
I am not to sure if there is way but hopefully someone has an idea how to do so.
I am not to sure if there is way but hopefully someone has an idea how to do so.
- 31 Jan 2021, 15:28
- Forum: General Discussion (csf)
- Topic: wp-login.php ban : NCSA extended/combined log
- Replies: 4
- Views: 5067
Re: wp-login.php ban : NCSA extended/combined log
I use the following on our cpanel servers. Not sure if it is the same for you but it definitely helps us and stops tons a day: # XMLRPC if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) { return ("WP XMLPRC Attack",$1,"XMLRPC...
- 14 Jan 2021, 13:51
- Forum: General Discussion (cxs)
- Topic: STICKY rules for CXS.XTRA regs.
- Replies: 71
- Views: 208582
Re: STICKY rules for CXS.XTRA regs.
Here are some MD5sum fiels we added yesterday. Mostly uploaded mailer scripts trying to spam from server but a few were also wordpress hacking scripts. The filenames were wpz-load.php, mindex.php, ROOT.php, and many weird russian filenames I can't remember. md5sum:quarantine:0b138d902d6aea94ff386a70...
- 12 Jan 2021, 19:44
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 93
- Views: 2027135
Re: Custom REGEX rules for CSF.
Today we had two servers blacklisted due to spam originating from contact is pages on Joomla websites that are not using captchas. Now informing customers to do so sometimes takes time and they done even do it. So we decided to look into a way that will stop it from happening all servers without the...