ConfigServer Community Forum

Hi,
recently I get emails like the following email, There are blocked UDP_OUT with different ports to some IP addresses which those are blocked
How can I trace where is the problem and which accounts do such connections?
It seems there are some scripts which try to connect to the output, but I couldn't find which accounts do this
Appreciate for any help

Title: lfd on XXXXXX.com: UID 25 (named)...

Hi, I make a block of /24 IP address on my server but this block still acessing my sites, I already try restart csf, apache and the problem persists, I runn csftest.pl too!

# ./csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing...

Hello!

I'm not sure if anyone else is seeing the same trend, but i am noticing a massive increase in wp-login attempts lately. This is something i see in the logs of most domains across most, if not all my hosting servers. The originating countries are all over the world; USA, UK Germany Vietnam, Indonesia to Brasil.

Some domains have login attempt from a staggering 5000~6000 unique IP...

how to reset server??

I am trying to use CT_LIMIT to block IPs connecting to my jetty server on port 8443, the connection from specific IP keep in CLOSE_WAIT status and keep opening new connections in CLOSE_WAIT, I configured CT_LIMIT=30, on port 8443 but CSF did not catch this IP and block it,
CSF test script shows Testing xt_connlimit...OK,
how can I figure why CT LIMIT is not working and how to configure it...

I am a very happy user of csf for many years on dedicated and VPS systems.
I have recently setup a dedicated server within my own network and installed csf successfully.

Problem is when I receive emails about logins or check any of the logs, it is only ever reporting the gateway internal IP address.
Scenario:
From a different physical location, using an internet connection not related to my own...

Our CSF don't block udp ddos attacks.
OS: Debian10 buster.
Last version CSF has been installed.
csf.conf link:

Hello,

I have use VPS with CPanel I receive this message continuously.
I receive between 150-200 messages a day.

Time: Sat Jul 27 16:00:43 2019 +0200
Account: mailman
Resource: Process Time
Exceeded: 986557 > 1800 (seconds)
Executable: /usr/bin/python
Command Line: /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
PID: 31036 (Parent PID:31029)
Killed:...

I want to allow all ports to the US
but I want to only allow certain ports to the world. ie port 80 http, & https. incoming mail, etc

thanks
Robert Harvey

I'm trying to come up with a solution to get a developer that has a dynamic IP through the firewall whenever he tries to access the server. I thought I could give him access to the web UI so he could add his IP whenever it changes but that requires his IP to get access in the first place. Is there some other solution?

Hi,

I rebooted my server and the boot is stuck as CSF failed to start.

When I tried restarting the following error is shown.

# csf -x
Error: csf is being restarted, try again in a moment: Resource temporarily unavailable at /usr/sbin/csf line 176.

When checked what is stopping from server to completely boot we found the following.

# systemctl status | head -5
● server.sastaservers.com...

Hello;
I have new Centos 7.4 Pure VM and after installing csf getting this Warring:
*WARNING* Cannot use DROP_OUT value of [] on this server, set to DROP
Can anyone help me.
BR

Hi i recently installed CSF on my new webuzo server , after installing all the requirements i have one error still remaining .

When i do a restart csf -r i get the following error

*WARNING* Cannot use DROP_OUT value of [] on this server, set to DROP

What does this mean? and if this is a problem i should worry about, how can i fix ?

Thank you.

This option can mask a users real IP address and hinder security. You should disable WHM > Tweak Settings > Proxy subdomains

This option in WHM doesn't seem to exist anymore or has since been renamed because I'm not able to find it. Very few results for proxy with none of them to do with what I'm actually looking for.

Any ideas?

Hello,

Since csf/lfd is very important for my server security, I would like with a monitoring script to ensure that csf and lfd are both running and operational. Is there a recommended way to do this ? I am running CentOS 7.
I am thinking about:
- either parsing the output of command systemctl status csf lfd and detect that they are active, and also running for lfd.
- either parsing the output...

Hi,

it seems that port knocking stopped working after updating to version 13.00 of CSF?

Rgs,
Christian

I have a site on a WHM/CentOS dedicated server using CSF. This 144.x.x.x server has a client who has a remote database on a different server (37.x.x.x) and he needs to connect his script from the local server over to that 37.x server using a remote MySQL connection.
Up until now all he gets when we try to connect is the error:

IP Be 144.x.x.xFailed to connect to MySQL: (2002) Connection...

An IP just got blocked by CSF

Temporary Blocks: IP:xx.xx.xx.xx Port: Dir:inout TTL:86400 (lfd - **(eximsyntax) Exim syntax errors from xx.xx.xx.xx** (US/United States/ipxx.xx.xx.xx.net): 10 in the last 3600 secs)

The to address in a recipient contains single quotation marks which seems to be the reason for blocks.

SMTP call from (user) :3312 dropped: too many syntax or protocol errors (last...

So I'm running the owasp modsecurity rules, but for some reason I cannot get CSF to block those IP's triggering the rules anymore.

I have LF_MODSEC set to 5, and I've even tried setting LF_CXS to 1, but the IP's just aren't getting blocked. Am I possibly missing something?

The server is receiving repeated connections which are like DOS attempts which seem to be generated from some exploit, possibly Android Stagefright, blocking IP addresses does not seem to help as new IPs appear everyday, this is resulting in heavy use of bandwidth. See sample logs below. Please advise how such connections can be blocked based on user agent or any other way. (i have disabled the...