Any ConfigServer Security & Firewall (CSF) Experts Out There?

yavuz · Oct 14, 2013

estranged said:
CT_LIMIT is set to 400 in this file. This setting can trigger false positives especially if keep alive is disabled in your httpd.conf. It can still trigger if you use many services at the same time. Especially ftp clients are connection hungry.

Personally I prefer disabling LF_MODSEC option in CSF due to the high number of false positives and high rate of logging.

I also keep PS_INTERVAL disabled as I have seen it also causes lots of false positives and have no real benefit.

Thanks estranged, now is my server reading the settings from the file you asked me to send you or from the software's WHM page, I'm confused....

MattW said:
The CT_LIMIT value wasn't showing in this post, as this was my initial thought.

I've also seen FTP connections with dodgy FTP software cause CT_LIMIT to kick in as each file is downloaded in a new connection, so you can quickly ramp up a few hundred connections to the server.

Thanks to you also MattW, I always use filezilla as FTP client. Usually I have the sites credentials saved as a profile so login problems doesn't occur.

MattW · Oct 14, 2013

yavuz said:
Thanks estranged, now is my server reading the settings from the file you asked me to send you or from the software's WHM page, I'm confused....
Thanks to you also MattW, I always use filezilla as FTP client. Usually I have the sites credentials saved as a profile so login problems doesn't occur.

FileZilla is the one!

I always recommend FlashFXP (although it's a paid software).

Dad. · Oct 14, 2013

MattW said:
Well why would you want to stop people from accessing a file needed by a theme? The whole point of mod_security is you need to fine tune it to your own site needs if you have it installed.

I can't comment on why it's picking that particular file, but @Audentio would have put it into the theme for a reason.

Yeh that file is just used so I can grab and set cookies easily. Its quite a popular jquery plugin.

Im sure XenForo has a way to grab cookies, I just am not using it, but if that would help we can consider it (for UI.X).

yavuz · Oct 14, 2013

MattW said:
FileZilla is the one!

I always recommend FlashFXP (although it's a paid software).

I use WinSCP for time to time, which also serves as a SSH tool. You can browser you files on the server like you browsing your own computer.

yavuz · Oct 17, 2013

I had reset Mod Security and for a whole day I dind't got locked out from the server but today it started again. It's not just me but also other members as well.

MattW · Oct 18, 2013

and is there anything in mod_security logs again? Is your IP address in there after the block?

yavuz · Oct 18, 2013

MattW said:
and is there anything in mod_security logs again? Is your IP address in there after the block?

No new logs after I reset the Mod Security config. I followed @estranged suggestion in his previous post and changed the etc/csf/csf.conf file

estranged said:
CT_LIMIT is set to 400 in this file. This setting can trigger false positives especially if keep alive is disabled in your httpd.conf. It can still trigger if you use many services at the same time. Especially ftp clients are connection hungry.

Personally I prefer disabling LF_MODSEC option in CSF due to the high number of false positives and high rate of logging.

I also keep PS_INTERVAL disabled as I have seen it also causes lots of false positives and have no real benefit.

Will see if that did the job.

Thanks guys for helping me out.

Any ConfigServer Security & Firewall (CSF) Experts Out There?

yavuz

Well-known member

MattW

Well-known member

Dad.

Well-known member

yavuz

Well-known member

yavuz

Well-known member

MattW

Well-known member

yavuz

Well-known member

Similar threads

We value your privacy