Search results

Great ! Thanks :) Let me know when to update.

Seems like it was Comodo in the subject that our spam server didn't like, thought it was a phishing attempt, your Google antispam might have thought the same. I see your Google MX servers recieved it about 6 minutes ago but I don't know if it was delivered. I'm going to send it again without...

It defenetly went this time, if it got stuck by my antispam maybe it also got caughty yours. I've reworded it and hopefully this time you will recieve it.

Sorry, it was blocked by our outgoing antispam:)

Hello, not sure what I'm exactly allowed to publish here, I will e-mail what I can to the bugs email address. Thanks

Just opened a bug report about this so not to fill up this thread : http://www.litespeedtech.com/support/forum/threads/comodo-waf-brute-force-rules-issues.9292/

Hello, Comodo brute force rules work once then stop working. If I have an ongoing brute force and I restart litespeed their rules add one entry then stop adding entries and don't filter anything. On their forum their final anwser was : Any chance you could look into it with them to try and...

I had issues getting the rules to detect anything, that's when I noticed that the following line in modsec2.conf : LoadFile /opt/lua/lib/liblua.so was commented. I uncommented it and restarted litespeed. It imediatly detected the ongoing brute force for wordpress that I had noticed but just...

Hello, With no rules in mod_security and Block Bad Request set to "No", I get the following entries in my error_log file : 2014-08-11 12:05:44.019 [NOTICE] [112.208.14.97] bot detected, close connection! 2014-08-11 12:06:01.848 [NOTICE] [121.54.54.224] bot detected, close connection...

Hello, I need to enable request filtering to filter with modsecurity rules but I don't want litespeed to filter bots. How can I turn off the bot filtering function ? I'm getting false positives because of this, the current one being a clients PHP script that is beeing detected as a bot, the...

Hello, I've just installed Comodo WAF rules and have disabled all groups except the one that contains the 4 brute force rules. I'm now watching for Joomla and Wordpress brute force attacks (haven't got any at the moment) and also for false possitives. I will update this thread in a few days...

That will be alot of logging to just be able to block modsecurity ip's. Any chance of add something in afuture release to be able to set just mod security to notice and not everything else ? Or maybe je be able to specify that the audit logging is single line ?

Hello, Sorry to up this but I haven't been able to find out how to tell litespeed to add a line to the error_log file when attacks are blocked by litespee's mod_security. I'm thinking about installing Comodo WAF and just enabeling the brute force rules but before this I need to be able to block...

I don't suppose we could make use of args ? I haven't checked what joomla's variables are named or even if they always have the same name, but I'm thinking of something along the lines of checking if ARGS.password and ARGS.username are set ?

Nothing is logged in stderr.log, it's all logged in error_log, stderr.log's date is in 2013.

Hello, was this 4.2.4 or 4.2.14 ? I'm running 4.2.12 which is the latest stable release.

Hello, The rule mentionned above created false positives. I'm now trying the following rule that's closer to wordpress's one : SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:10011 <LocationMatch /administrator/index.php> # Setup brute force...

It shouldn't log at all as the option to log these errors is disabled. I'm not worried so my by performance here, more that it makes the error logs much less readable. I've noticed this problem for a long time (since the beginning) so unless litespeed have released a specific fix for this I...

Hello, Stderror is disabled in litespeed : https://www.dropbox.com/s/3xw1z3qetp99n10/Capture%20d%27%C3%A9cran%202014-08-03%2011.50.29.png If I set log level to warning I get stderror's logged, not if I set it to Error...

Hello, I've configured mod security to block bruteforces on Joomla and on Wordpress, and it is filling up nicely /usr/local/apache/logs/modsec_audit.log but this is the detailed log format. I want to detect modsec blockages and block them with CSF. CSF needs theses errors to e stored in a...