ConfigServer Community Forum

HAPPY NEW YEAR EVERYBODY!!! I want to share an SPAM ASSASSIN Rule that I am sure you will like it, I know here is not the place to add SPAMASSASSIN rules as this forum was for CSF REGEX rules, but I am sure you will like it. Details: A lot of spam have entered into my servers coming from OUTLOOK IP ...

Hi.
One way to find what is bloking that computer is to check log files searching for computer name not by the IP, give it a try.

Sergio

You can add rules for CSF on the file: /usr/local/csf/bin/regex.custom.pm and after you add your rules you have to restart LFD in order for them to start working. Be very carful adding rules in there as a bad written rule can make your server down. Please read CSF readme file to know about this. Ser...

Yes, you can create your own CSF rule to block modsecurity attacks. Please read my post at: https://forum.configserver.com/viewtopic.php?p=32708#p32708 In that post I wrote a rule that you can use to block ModSec attacks, you will need to write the rules that you want to block and CSF will block the...

Francisco, CMC does not block any IP, the one that should block the IP is CSF, check the following options: [*]Enable failure detection of repeated Apache mod_security rule triggers LF_MODSEC = Default: 5 [0-100] LF_MODSEC_PERM = Default: 1 [0-604800] Also, in WHM you should check that the ModSecuri...

Ohhh, that is why.

Thought I was doing something wrong, thanks for telling, appreciated.

Best Regards,
Sergio

Hi, Sarah. Would you be kind to tell me what I am doing wrong on the following rule that I have created on CXS? InmunifyAV+ is detecting the following code as malicious, so, I have added the rule in cxs.xtra to quarantine the file but is not working. This is the code that I want to block: <?php eval...

Great to know it worked for you, your welcome.

Try this instead: Sergio

This rule blocks any connection from census.shodan.io. (I really don't like attacks from these servers) # BLOCKING CENSUS SHODAN if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s\S+\sSMTP\s\D+from\s\S+(?>\.census\.shodan\.io|\.censys\-scanner\.com)\s\[(\S+)\]/i)) { return ("",$1,...