Search results

@Peter Debik There is no way that this should be enabled by default on new installs. This breaks all Apache modsecurity attack triggers and any Apache log statistics programs as the client address only reports 127.0.0.1 as the client address after enabling it.

That's exactly what the KB is for. Everything is there on a single page: https://www.danami.com/clients/knowledgebase/6/Juggernaut-Security-and-Firewall

I understand that Juggernaut can be a bit daunting for new users as it has a lot of options. For most new users I recommend going though the getting started guide: https://docs.danami.com/juggernaut/basics/getting-started That will get the majority of everything configured and shouldn't take...

They are probably sending those out from any requests from the last month. CSF just pushed their fix a few weeks ago. All our extensions use https:// and download.maxmind.com as they recommend.

My recommendation is to open a support ticket and have a support tech help you.

If you search for the IP address in the dashboard search and it doesn't come up with any results, then it's not blocked on the firewall. It's not a firewall problem.

> So by default, Juggernaut offers no way to see what IPs are being dropped? We follow the same defaults for logging that CSF uses for all Cpanel servers. Just enable Drop incoming logging as I mentioned if you really want them logged.

If you really want to log dropped connections from ipset then you can enable drop logging under Settings -> Firewall Settings -> Logging Settings -> Drop IP logging then dropped IP address will show up under Logs -> IPtables log. Just be advised that you will have to turn off Settings ->...

You can easily whitelist your developers IP addresses on the firewall so they never get blocked (even if they have a dynamic IP address). They can sign up to any dynamic DNS service (most routers have this now too). Then the login failure daemon will check if their IP address changes and update...

>That said, even if that would work, I still need a way to see what IPs where blocked in a log when I don't know the IP address to use for a dashboard search. The only way to see if an IP address is being blocked is to know the IP address. Just blocking a single country might have thousands of...

The ipables log and the dashboard search are not the same. Like I told you before you have to use the Juggernaut dashboard search (Internally it will run the csf --grep command). A country block might have thousands of different subnets in it so CSF has to use ipset NOT iptables . If you use the...

No there is nothing that you need to do. CSF updates automatically by default so you already have the fix. You can search for the IP address in the IPtables search on the dashboard. If it's being blocked by one of the firewall country blocks then it should tell you. You can also use the...

Yes the fix was pushed automatically last week.

@Peter Debik We were able to sort this for him so this thread can be marked as resolved.

Yes, that's what the CSF team said.

If you want to apply the fix before the CSF team pushes their own fix then edit the file /usr/local/csf/lib/ConfigServer/Config.pm and change lines 336 to 338 changing http:// to https://: Before: $config{cc_country} =...

@MacGyver You can see the CSF team reply here: MaxMind DB must be HTTPS starting October - ConfigServer Community Forum

@Hangover2 I'm curious have you gone though the Warden getting started guide to make sure that Warden is configured properly? Normally you should never need to set the spam level to such a low level. I recommend going though the guide: https://docs.danami.com/warden/basics/getting-started I've...

@Hangover2 Take a look at the new spam kill option that was added in Warden 4.0. It can reject spam over a certain spam level so the redirect would be rejected before it gets forwarded. You can read about it here...

The delay is caused from providers that send from multiple IP address. I do agree that greylisting is less useful now. If you really want to use greylisting you can solve any delays by using the Plesk greylisting CLI tool: Example: You might see the same email in the mail log coming from...