ConfigServer Community Forum

I've decided to start a new thread because I haven't seen any current working solution, or activity on older threads regarding this issue.

I have spent countless hours over the last 3 months trying to solve this issue with email that is getting blocked which comes from Gmail:

DNS Error: 91335 DNS type 'mx' lookup of localinternetads.com responded with code SERVFAIL

I've read through 3 dozen...

I have csf firewall up and working on a centos 7. I have a web control panel that i only want access from a certain ip address. I am not certain about how to do this.

So I know the port is open on the csf.conf. I know I am supposed to add the port and ip address in the csf.allow.

But I am not sure how to do this. Do i remove the port from the csf.conf file ? Then add only the port and ip...

I contacted the support CPANEL , following the return mail :

I apologize for the confusion, but we cannot update CSF for you, despite the offer made by the previous analyst. CSF is not our product, so we do not provide support for it, including updating it or changing its configuration. You will need to update CSF yourself. You can update CSF in the plug-in in the WebHost Manager, or in the...

I want to ask about the exception of domain access or send an email where I previously made a block for regional China via CSF, but there is one of our customers who objected because of many relations (consumers from that country).

Is there a way of excepting for one of the domains to keep escaping but I still block the region of China.

In essence, I want only one domain to be able to escape or...

Hi All,

I'm using CSF and LFD on one of my WHM servers and have been getting about 6 of these alerts every hour:

Time: Wed Nov 14 06:05:24 2018 -0400
File: /tmp/.xcloner-cc30b
Reason: Suspicious directory
Owner: : (538:538)
Action: No action taken

All 6 are always the same content with the exception of the 5 characters after .xcloner-

Anyone have any suggestions on how to stop these? The...

Hello,

I need to ask for advice about a wierd constellation:

on a directadmin-server with csf i experience that albeit csf.conf states:

TCP_IN = 20,21,25,30,53,80,110,123,143,443,465,587,953,993,995,1935,3000:3039,3478,3479,5001,5060:5099,5222,5269,5275,5349,7443,7070,7777,10000:20000,49160:49300

i find port 3306(TCP) accessible from outside unless mysqld is bound to 127.0.0.1-interface...

I would love to be able to use an allow list to retrieve the CloudFlare IP addresses regularly at these URLs, then apply my own advanced allowed rules to these IP addresses.

Similar to the feature of the Block Lists text file, where one can configure a URL to retrieve IP addresses from to be downloaded regularly and blocked in the firewall, is there currently a feature for an allow list? If...

Hi,

Looking for some help from people if anyone has any idea.

Shortly before and during an inbound syn DDOS attack on https on my server yesterday I notice some weird alerts from CSF Firewall reporting weird outbound traffic.

The IP address is included in the logs as this is null routed and no longer in use.

I interpret the logs as my server was trying to make outbound connections to...

I looked around and couldnt find the answer.
How can I setup csf to allow only the ip address i select to access ssh and deny all others ? I am using centos 7

Hello,

I'm using this regex to block wp-login.php POST requests on /etc/csf/regex.custom.pm:

if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] POST \/wp-login\.php.* 200/)) {
return ( Failed WordPress login from ,$1, wordpress , 5 , 80,443 , 3600 );
}

My CUSTOM2_LOG point to the access_log file in csf.conf correctly.
I restart csf after making the changes
csf -r

Still POST...

Hi, I am trying to exclude a few process in the /etc/csf/csf.pignore script with some simple regex rules, but I am still getting alerts. The rules I am trying are;

pexe:/opt/cpanel/ea-php*/root/usr/sbin/php-fpm
pexe:/opt/cpanel/ea-php*/root/usr/bin/php-cgi

However, if I enter these each manually as follows, they do work.
#exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi...

Hello

I´m using CSF in all my servers with WHM/cPanel since LOT years ago.
I not had any problem in all these years. Now..

the CSF page in WHM take a LOT time to load.
Any action i make there (block an IP, unblock an IP, open the config, restart CSF, etc.) take LOT tme.

The servers itself are OK,, low load, etc.

Any clues?.. some config issue?, some WHM version compatibility issue?

Thanks...

Hi Everyone,

I've been receiving a lot of these recently and wondered about your suggestion?

Time: Mon Nov 12 00:05:08 2018 +0000
File: /tmp/pma_template_compiles_alnwickc/twig/ba/baac82815d6e45dde565a5232c86fddb501004d0855c31381257e419e482f2a8.php
Reason: Script, file extension
Owner: alnwickc:alnwickc (1172:1174)
Action: No action taken

Hello!

I'm getting this log spamming on my new server:

USER yyyyy: no such user found from 107.150.xxx.xx

My configuration of LF_ is:

LF_TRIGGER = 5
LF_TRIGGER_PERM = 3600
LF_SSHD = 5
LF_SSHD_PERM = 3600
LF_FTPD = 1
LF_FTPD_PERM = 3600
LF_SMTPAUTH = 1
LF_SMTPAUTH_PERM = 3600
LF_EXIMSYNTAX = 1
LF_EXIMSYNTAX_PERM = 3600
LF_POP3D = 1
LF_POP3D_PERM = 3600
LF_IMAPD = 1...

Hi

I've got a customers IP that has been blocked multiple times due to trying to set up their email with the wrong password. I've unblocked them multiple times and added them to the allow list so that they have time to sort things out their end. However they are still unable to access it.. When I do a search for their IP it brings up the following, which I do not appear to be able to unblock or...

Only a certain reseller does not have access to the Configserver Firewall plugin.
As I did not find any problem that could cause this, I contacted cPanel support. And it looks like there's a bug. Here is the answer from cPanel support:

At this time, all reseller privileges for ablhostc are configured correctly to allow access to the ConfigServer interface, however I do see that ConfigServer is...

Hi guys. Been using CSF/LFD for quite a while now and am a big fan, but I have an issue I need help solving.

I have quite a few resellers that find themselves with clients that frequently have incorrect login credentials for either Imap or POP3 services. Since I don't want to disable this protection (obviously) I would like to know any workarounds where the clients will still be able to make it...

Hello,

I've been using CSF & LFD for years and it's done very well for me. However I'm attempting something I haven't done before and am having trouble getting it to work. I am trying to block IP addresses that are attempting to POST command lines (nohup, wget etc) into perceived Drupal vulnerabilities. The vulnerabilities are long gone but these attempts are generating significant traffic....

Just to let you know, all the free script .tgz packages are double compressed. So they're not gz->tar, but gz->gz->tar.

This applies to csf, cmc, cmm, cmq and cse.

This might fail to extract, for example when using a multithread program with tar:

bsdtar --use-compress-program pigz -d -xf csf.tgz

It was spotted here:

Greetings,

I am trying to accomplish the same function as SSH and SU alert but with my custom log.

I am wondering, how do I get CSF to just send a email, but no IP blocking.

Thank you for your help,
Chris