ConfigServer Community Forum

I have a web site that I do not want to be accessed from outside of our local network. It resides on it's own IP address, so I used the "Deny Server Ips" feature to block all traffic on it's public IP. But I can still access it from anywhere. I notice that the purpose of this feature is &q...

We've updated our PHP and now nothing I do suppresses these notifications. I've tried - pcmd:/opt/cpanel/ea-php83/root/usr/bin/php-cgi -f /path/to/script pcmd:/opt/cpanel/ea-php83/root/usr/bin/php -f /path/to/script pexe:/opt/cpanel/ea-php\d+/root/usr/bin/php-cgi -f /path/to/script Interestingly, ev...

Nope that didn't work.

Maybe I can just make a rule to delete the hundreds of emails when they arrive.

They've come back again.

I've found that the path to the PHP CGI has changed, so I've updated csf.pignore to use
exe:/opt/cpanel/ea-phpnn/root/usr/bin/php-cgi /path/to/php/script.php

I'll update this thread if that works

The warnings have stopped, but it's so long ago, I don't know what finally fixed it.

I can see I have entries in /etc/csf/csf.signore

Maybe these finally worked.

Hi Guys I've been trying for a month to stop LFD warnings from legitimate PHP scripts that are run from cron, but none of the suggestions I've found are working. I've tried ... In /etc/csf/csf.signore /path/to/script.php In /etc/csf/csf.pignore cmd:php /path/to/script.php exe:/path/to/script.php exe...

Nevermind, I worked it out.

The Log View plugin had created a file called "apps" at /var/cpanel/apps

CSF expects "apps" to be a folder.

So I uninstalled Log View, deleted the apps file, uninstalled CSF and re-installed CSF

Problem solved.

I'm having the same problem.

How do I "run a Check Server Security scan" ?

That's a good idea Sergio. I tend to do that any time I get multiple Chinese IPs blocked within a single range.

At the moment I'm looking at what can be done in Exim. The acl_smtp_connect rule might be helpful, but I don't know what it's full capabilities are yet.

CSF does it's job by blocking the source IPs of these brute force hacking attempts. As a result, it's continually blocking dozens of IPs.

Does anyone know a way (via CSF, mod_security or some other means) to block all SMTP traffic that originates from computers named "ylmf-pc"?