Infopro
Well-Known Member
for example, if a user try login with [email protected] on webmail login form and wrong ten times csf block their ip, is possible see that is user myemail that made the mistake?
Infopro
Well-Known Member
You should see the IP that's been blocked. And you know the email account that the IP attempted to login to. What else are you looking for?
If I read this right, I think he's wondering if you can see what e-mail address a blocked IP was trying to log in to.
First off, modsec isn't going to parse cPanel access logs, where webmail access is logged.
If you want to see what e-mail address and IP was trying to log into, check the cPanel access log. Say the blocked ip is 123.123.123.123 then you would run this at a root shell:
The information could also be logged in /var/log/maillog since I think the webmail apps try to use an imap type login, and failed imap/pop logins are usually in maillog. You could check with something like:
I hope this helps.
First off, modsec isn't going to parse cPanel access logs, where webmail access is logged.
If you want to see what e-mail address and IP was trying to log into, check the cPanel access log. Say the blocked ip is 123.123.123.123 then you would run this at a root shell:
Code:
grep 123.123.123.123 /usr/local/cpanel/logs/access_log
Code:
grep 123.123.123.123 /var/log/maillog| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| R | I need some help in custom CSF regex | Security | 3 | |
| J | Excessive resource usage and csf default install | Security | 3 | |
| R | CSF processing order of permit/deny lists? | Security | 3 | |
| A | SOLVED csf not blocking IPs | Security | 2 | |
| M | Very high CPU loads from brute force attempts - CSF/LFD | Security | 14 |