Hi, i'm getting tens of thousands emails per month from cxs and the subject for most of them is in the form of :
cxs on server.server.com (Hits:1)(Viruses:0)(Fingerprints:0)
Is there a way to get this reports only when a virus is detected ?
The command that is shown in the email body is :
(/usr/sbin/cxs --allusers --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan...
I originally posted on to but realised it was marked as
We have the reCaptcha working on all servers except one. The one server shows Failed to pass human test. Please try again.
I can see that on all the other servers there is an unblock.txt file in eacg /home/csf/ directories. This non-working server does not have this file. I've checked that the csf user has permission to write to...
We have a CentOS 7 server where we are running CSF v10.04.
On this server we have Qmail as the MTA (part of Plesk 12.5) and it logs to rsyslog via the 'root' user.
I checked /etc/csf/csf.syslogusers and root is already included in the file by default. However, root does not get added to the mysyslog group as confirmed by the following command:
I've been getting numerous suspicious process alerts each day, listing /usr/bin/php as the suspicious process but no actual process beyond that. I'm not sure if this is a false positive or not - and even if it is I don't know how to block it because it doesn't seem wise to ignore everything under php.
Can anyone help interpret this? I've searched high and low in this and other forums...
I'm trying custom regex to prevent Joomla Brutefoce login base on Wordpress Bruteforce login.
But it's not working. Somebody help me where i'm wrong ?
This is my regex
# joomla
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] POST \/administrator\/index\.php.* 200/)) {
return ( Failed Joomla login from ,$1, joomla , 2 , 80,443 , 3600 );
}
Hello,
I want to know that geoip database is on auto update or I need to update it manually?
If I need to update it manually, how should I do that? (please explain it briefly)
Thanks
My VPS (CentOS6 with CWP) logs failed logins in /var/log/dovecot-info.log:
May 05 15:20:13 pop3-login: Info: Disconnected (auth failed, 1 attempts): user= , method=PLAIN, rip=IP, lip=IP
but they are not blocked by CSF.
I've added this custom regex but still doesn't block them:
if (($lgfile eq $config{CUSTOM3_LOG}) and ($line =~ /^\S+\s+\S+\s+\S+ pop3\-login.*auth failed.*rip\=(\S+)/)) {...
I am trying to understand what the Exceeded number below actually means. I am assuming that it means the process has run for 219,000 seconds, which exceeds the threshold of 1800.
Isn't it a good thing that MySQL is running all the time.
So what does the code expect that monitors process time? I guess the logic is if something runs for more than 1800 seconds, it's run too long. It seems that,...
My LFD web UI was working fine. I clicked disable firewall and it stopped responding. I then enabled the firewall with csf -e as root, and the firewall was enabled (apparently)... but now I get connection refused when I try to connect to the LFD web UI. I've tried rebooting the machine and I get the same problem. I tried connecting from localhost and it still gives me connection refused . There...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum