Search found 1048 matches
- 15 Oct 2023, 19:20
- Forum: MailScanner
- Topic: Use Mailscanner to Filter Subject Text
- Replies: 11
- Views: 14055
Re: Use Mailscanner to Filter Subject Text
If you want, you can do rules like this, per example for bitcoin scams: body __SERGIO_BITCOIN01 /bitcoin address can\'t be tracked/i body __SERGIO_BITCOIN02 /central intelligence agency/i body __SERGIO_BITCOIN03 /do not get money from you/i body __SERGIO_BITCOIN04 /forum in the deep web|bought from ...
- 09 Oct 2023, 22:19
- Forum: MailScanner
- Topic: Use Mailscanner to Filter Subject Text
- Replies: 11
- Views: 14055
Re: Use Mailscanner to Filter Subject Text
Hi @andyhans, in your rule you use the or command "|" (the pipe sign means "or") and add two or more subjects in the rule, per example: header SUBJ_XAMPLE Subject =~ /subject one|subject two|subject three/i score SUBJ_XAMPLE 11 describe SUBJ_XAMPLE Subject XAMPLE Or you can use t...
- 25 Sep 2023, 23:25
- Forum: General Discussion (csf)
- Topic: Regex not working in custom log
- Replies: 7
- Views: 1685
Re: Regex not working in custom log
Yes, I wanted to know exactly what you want to do.
Here is the regex that will help you:
Sergio
Here is the regex that will help you:
Code: Select all
/(\S+)\s\-\s\-\s\[\d+\/\S+\d+\s\-\d+\]\s\"\S+\"\s400\s\d+\s\"\-\"/i
- 25 Sep 2023, 21:07
- Forum: General Discussion (csf)
- Topic: Regex not working in custom log
- Replies: 7
- Views: 1685
Re: Regex not working in custom log
ok,
on that log line what are you looking for to be triggered?
Also, on that log line what do you want to receive?
on that log line what are you looking for to be triggered?
Also, on that log line what do you want to receive?
- 25 Sep 2023, 20:01
- Forum: General Discussion (csf)
- Topic: Regex not working in custom log
- Replies: 7
- Views: 1685
Re: Regex not working in custom log
Write a full log line of what you want to block and I will help you to do the regex.
Sergio
Sergio
- 25 Sep 2023, 19:49
- Forum: General Discussion (csf)
- Topic: Distributed IPs attack over large timespan
- Replies: 1
- Views: 1062
Re: Distributed IPs attack over large timespan
One option could be to use cPhulk to block those attacks.
Also, you can create your own script to block a 0/24 if more than 10 different IPs from the same 0/24 range are attacking your server.
Also, you can create your own script to block a 0/24 if more than 10 different IPs from the same 0/24 range are attacking your server.
- 07 Sep 2023, 16:56
- Forum: General Discussion (csf)
- Topic: How to force to reload a blocklist?
- Replies: 4
- Views: 1759
Re: How to force to reload a blocklist?
You're welcome.
- 06 Sep 2023, 15:00
- Forum: General Discussion (csf)
- Topic: How to force to reload a blocklist?
- Replies: 4
- Views: 1759
Re: How to force to reload a blocklist?
yes, in CSF are the instructions for this:
# After making any changes to this file you must restart csf and then lfd
#
# If you want to redownload a blocklist you must first delete
# /var/lib/csf/csf.block.NAME and then restart csf and then lfd
- 06 Sep 2023, 05:51
- Forum: General Discussion (csf)
- Topic: Custom REGEX rules for CSF.
- Replies: 93
- Views: 2030924
Re: Custom REGEX rules for CSF.
Are you suffering phishing attacks with the email subject "I RECORDED YOU!" or "your account is hacked"? If you have ConfigServer MailScanner FE in your server then create an spamassassin file at: /etc/mail/spamassassin/ With the file name: blacksubjects.cf Write on that file the...
- 23 Aug 2023, 14:27
- Forum: General Discussion (csf)
- Topic: How to stop logging ICMP_IN, UDP_IN, UDP_OUT blocked messages in kern.log?
- Replies: 5
- Views: 1438
Re: How to stop logging ICMP_IN, UDP_IN, UDP_OUT blocked messages in kern.log?
ok, for me is that this will be no logged and not reported to you, that is what you asked for on your first message:
"How can also block the logging of the above messages?"
My fault if I miss understood your request, sorry.
"How can also block the logging of the above messages?"
My fault if I miss understood your request, sorry.