I think I am looking at a solution for this...kind of backward, but is there a way to tell CSF to only let IP addresses from USA log into WHM, CPanel, Email etc??
I really need to read up on CSF and understand it, but I am trying to calm a company down who is worried about the number of attempts they have had with people trying to log into their site.
I'm just using the new option for using wildcards in logs as followed:
HTACCESS_LOG = /var/log/httpd/error_log /var/log/httpd/domains/*.error.log
Now we have a regexp.custom.pm like this:
if (($config{LF_HTACCESS}) and ($lgfile eq $config{HTACCESS_LOG}) and ($line =~ /^\ \ \ My protection (.*) banned IP: (\S+)/)) {
return ( Mytrap triggered ,$1, bottrap ,1, 80,443 , 3600 );
}
Probably something simple that I missed here, but I'd love some insight.
I changed the default FTP port on my host, and notified my members of the change. For the sake of conversation, I'll say I changed it to 888. I'm running Pure-FTPD, and change the bind port in pure-ftpd.conf.
I can FTP right in because my client is in the allow file, but nobody else can. I added the new port to csf.conf...
i have noticed my log files are filling up with wp-login.php attacks. my wordpress site itself is secured with a 2 second login-delay along with two separate captchas (yes its overkill but it helps me sleep at night)
however, there are thousands and thousands of attacks, most taking place between 4 and 6am (eastern standard time).
I write this post because I have a problem I can not solve despite having made the changes proposed in many other posts on the forum.
My server is set up to work in pure-ftpd
Some users are blocked firewall of some not
The changes that I have made I have taken from this post:
viewtopic.php?f=6&t=4091&hilit=ftp+connection+tracking
Does anyone have the same problem or has found a way to...
Hello in my server i change the ssh port from 22 to 4176
i also open the tcp_in and tcp_out this port and delete the 22
I can login to the ssh. I also try from another ip to be blocked or alerted.
Nothing happened
In the allow ips this ip it is not stated there
also in deny
so what can i do to be informed or even alerted whenever someone tries to login in this port??
Hi.
I have many blocked IPs in csf with do not delete comment. But every day I got notifications from server about new brute force attacks via some of these IPs.
What's the problem ?
Could you please recommend how to make LFD watch one of the IP that is on my interface (local).
I use Squid to connect to my proxy server. When I try to login to webmin and fail on purpose (to check), LFD does nothing? From other IPs it works fine!
I can't believe that I am writing about this matter again! I don't know if it a bug or it's me (most likely) but this time it doesn't seem that obvious!
I have to detect failed logins to my XMPP server (Prosody). The log line (with spaces as it is):
Feb 19 15:02:04 domain.ru:log_auth warn Failed authentication attempt (not-authorized) from IP: 1.2.3.4
I have a email server being dictionary attacked by a botnet of over 1000 bots and am trying to find a permanent solution .
I tried limiting port 25 to only AU and GB it stopped the botnet but it also stopped mail from other countries so had to remove it this morning and the bots are now back.
is there a way to limit email login to only those countries without affecting mail received....
I've changed the ssh port as a default practice. On two new servers, both running cPanel & cPanel DNSONLY, CSF reports Check SSH on non-standard port
22 is no longer the sshd_config Port setting and is working correctly, what am I missing?
I have another older cPanel server and two non-cpanel hosts that report correctly, all are similarly configured. I do use a port < 1024, is this an issue?...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum