We have noticed when configserver.com is down it takes an extended amount of time to bring up any of the CSF tools that check for possible upgrades when you click on them (Firewall, Mail Queue, Mail Manager, etc.)
Is it possible for CSF tools to see that their server is down and set some type of flag that bypasses this check for x minutes?
This would allow the screens to come up quickly verse...
I haven't found/seen a way to do this yet. It would be nice for some annoying bots to be able to block an IP based on the User-Agent string found in the packet.
Can this be done currently? If not, would it be easy to implement into the code or quite complex?
I'm thinking that if available, it could have a port # option, a destination IP option (if you want to limit checking to certain IP...
in my /var/log/messages i found lots of entry's (about 20 requests a second):
Aug 18 11:17:14 Player named : client 81.27.102.20#64048: query (cache) './NS/IN' denied
Aug 18 11:17:14 Player named : client 81.27.102.20#32688: query (cache) './NS/IN' denied
Aug 18 11:17:14 Player named : client 81.27.102.20#27528: query (cache) './NS/IN' denied
Aug 18 11:17:14 Player named : client...
Hi:
I know there is a script that send an email when someone log in into WHM (as root) i would like to know if its too much dificult to make a script that send an email when a user login to cpanel (yes i know there will be a lot of emails, i only want to be notified of 1 or 2 accounts).
Can you please add a feature where was can add a list of IP's, which when that IP logs into the server, LFD won't send out an email saying root was logged in succesfully.
We have many servers running on CloudMin, which monitors the server every 5 minutes (uptime, disk / RAM / CPU / IO / etc usage) so every server generates an email saying root was logged into.
One of my favorite methods of getting into a firewall once something has gone wrong -- and the easiest method I've found for locking *everything* down yet allowing an administrator access from a dynamic location ... is port knocking .
I run knockd , a daemon that watches for a unique sequence of port requests. Any other port request in any sequence other than what I require, will fail. However,...
Chirpy, thanks for implementing X-ARF, though as it is not yet a standard, and is therefore more likely to be read by humans than machines for now, may I suggest the following minor changes to the default x-arf.txt ?
From: root
To: root
Auto-Submitted: auto-generated
X-ARF: YES
Content-Type: multipart/mixed;
boundary= csf-
MIME-Version: 1.0
Subject: abuse report about -
I understand the need to move away from colons (:) as a separator for denying and allowing rules due to upcoming IPv6. Just wondering why pipe (|) was chosen as the alternative? I believe this was introduced in version 5.04.
Reason being, to add a rule to the csf.deny file via the command line you can use the:
Latest version of CSF warns about ServerSignature and ServerTokens when settings are On and non-ProductOnly respectively. However for ModSecurity SecServerSignature setting ServerTokens directive must be full. Could CSF take this into account?
Hello Chirpy,
it will be great if we could have a Button to Remove an IP from any IPTABLE group, right now we only can remove IPs that are in the CSF.DENY file, but it could be the case that we have added an IP that is not there and we need to remove it.
I know that we can enter as root and delete it from there, but it will be easier if we have that option in CSF.
Hi,
Not sure if this is already part of csf .. logwatch is sending me daily reports about possible intruders trying to access popular scripts like phpmyadmin (/PHPMYADMIN/config/config.inc.php?p=phpinfo();, /dbadmin/config/config.inc.php?p=phpinfo();) from 193.170.124.252 or /admin/phpmyadmin/main.php, /phpMyAdmin-2.5.6/main.php etc... from 173.203.72.5. and /w00tw00t.at.ISC.SANS.DFind from...
i would like to see a option to remove a ip address in the allow list.
same whay as deny ... also in cluster env..
i have some ip addresses in the allow list (several servers).. client has other ip address and now i can easy add his new ip address, but to remove the previues ip address i have to go every CSF server by hand..
basicly al features to add a ip address also a feature to remove...
At the moment when PT_USERMEM or PT_USERTIME are exceeded you just get a message telling you which process has exceeded the limit.
Could more debugging info be included such as a trace of the process causing the memory limit to be broken?
For example, I've had a couple of users go past a 200MB limit with a particular Joomla/Virtumart install. Normally it runs in less than 15MB but very...
When can we expect IPv6 support in CSF?
All our servers are already IPv6 enabled and running CSF. Because CSF is not IPv6 aware we have created our own ip6tables script. But it's definitely not an ideal situation.... :(
I know there are a lot of other CSF users that are looking forward to IPv6 support in CSF.
Whe are using Nagios to monitor our server and services.
I like to see that CSF can be monitored also.
Think about
- status
- blocks
- ssh logins
- update's
- cluster status
- notifications of mail (lfd etc)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum