ConfigServer Community Forum

I looked around and couldnt find the answer.
How can I setup csf to allow only the ip address i select to access ssh and deny all others ? I am using centos 7

Hello,

I'm using this regex to block wp-login.php POST requests on /etc/csf/regex.custom.pm:

if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] POST \/wp-login\.php.* 200/)) {
return ( Failed WordPress login from ,$1, wordpress , 5 , 80,443 , 3600 );
}

My CUSTOM2_LOG point to the access_log file in csf.conf correctly.
I restart csf after making the changes
csf -r

Still POST...

Hi, I am trying to exclude a few process in the /etc/csf/csf.pignore script with some simple regex rules, but I am still getting alerts. The rules I am trying are;

pexe:/opt/cpanel/ea-php*/root/usr/sbin/php-fpm
pexe:/opt/cpanel/ea-php*/root/usr/bin/php-cgi

However, if I enter these each manually as follows, they do work.
#exe:/opt/cpanel/ea-php54/root/usr/bin/php-cgi...

Hello

I´m using CSF in all my servers with WHM/cPanel since LOT years ago.
I not had any problem in all these years. Now..

the CSF page in WHM take a LOT time to load.
Any action i make there (block an IP, unblock an IP, open the config, restart CSF, etc.) take LOT tme.

The servers itself are OK,, low load, etc.

Any clues?.. some config issue?, some WHM version compatibility issue?

Thanks...

Hi Everyone,

I've been receiving a lot of these recently and wondered about your suggestion?

Time: Mon Nov 12 00:05:08 2018 +0000
File: /tmp/pma_template_compiles_alnwickc/twig/ba/baac82815d6e45dde565a5232c86fddb501004d0855c31381257e419e482f2a8.php
Reason: Script, file extension
Owner: alnwickc:alnwickc (1172:1174)
Action: No action taken

Hello!

I'm getting this log spamming on my new server:

USER yyyyy: no such user found from 107.150.xxx.xx

My configuration of LF_ is:

LF_TRIGGER = 5
LF_TRIGGER_PERM = 3600
LF_SSHD = 5
LF_SSHD_PERM = 3600
LF_FTPD = 1
LF_FTPD_PERM = 3600
LF_SMTPAUTH = 1
LF_SMTPAUTH_PERM = 3600
LF_EXIMSYNTAX = 1
LF_EXIMSYNTAX_PERM = 3600
LF_POP3D = 1
LF_POP3D_PERM = 3600
LF_IMAPD = 1...

Hi

I've got a customers IP that has been blocked multiple times due to trying to set up their email with the wrong password. I've unblocked them multiple times and added them to the allow list so that they have time to sort things out their end. However they are still unable to access it.. When I do a search for their IP it brings up the following, which I do not appear to be able to unblock or...

Only a certain reseller does not have access to the Configserver Firewall plugin.
As I did not find any problem that could cause this, I contacted cPanel support. And it looks like there's a bug. Here is the answer from cPanel support:

At this time, all reseller privileges for ablhostc are configured correctly to allow access to the ConfigServer interface, however I do see that ConfigServer is...

Hi guys. Been using CSF/LFD for quite a while now and am a big fan, but I have an issue I need help solving.

I have quite a few resellers that find themselves with clients that frequently have incorrect login credentials for either Imap or POP3 services. Since I don't want to disable this protection (obviously) I would like to know any workarounds where the clients will still be able to make it...

Hello,

I've been using CSF & LFD for years and it's done very well for me. However I'm attempting something I haven't done before and am having trouble getting it to work. I am trying to block IP addresses that are attempting to POST command lines (nohup, wget etc) into perceived Drupal vulnerabilities. The vulnerabilities are long gone but these attempts are generating significant traffic....

Just to let you know, all the free script .tgz packages are double compressed. So they're not gz->tar, but gz->gz->tar.

This applies to csf, cmc, cmm, cmq and cse.

This might fail to extract, for example when using a multithread program with tar:

bsdtar --use-compress-program pigz -d -xf csf.tgz

It was spotted here:

Greetings,

I am trying to accomplish the same function as SSH and SU alert but with my custom log.

I am wondering, how do I get CSF to just send a email, but no IP blocking.

Thank you for your help,
Chris

Hello,
after installing csf and starting the lfd daemon, I can not reach the web ui at the address
my_ip: chosen choice
Thank you
root@ubuntusw01:~# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain...

Hi to everyone,
i am looking for an official reply or a secure response ;D

On my server i discovered that the default SSH port comport a lot of attack to guess password ... this made CSF alerting me with a periodic frequency.

Is safe to change SSH port?
CSF will still monitor for SSH failed access? Because if i change port all alert stop.

My doubt is... changing the SSH port made CSF do not...

Hi

I want to make a ssh connection from a VPS (centos 7 & CSF)
But it seems that csf is blocking the ssh port (not 22)

ssh user@xxx.xxx.xxx.xxx -p nnn -vvv
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving xxx.xxx.xxx.xxx port nnn
debug2: ssh_connect_direct:...

Hello,
i have two line code for iptables for allow just a range ip for able check my port, cause i have a backend ip (reverse proxy), and i dont want anyone able detect it (for secure against ddos and etc)

its below, but when i installed CSF, iptables disabled, so i want know how i can run this two command on CSF?

iptables -I INPUT -p tcp -m multiport --dports http,https -s 186.2.160.0/24 -j...

Hi,

Every so often, outgoing mail gets blocked on my cPanel server. All messages are bounced back with following error:

550-Please turn on SMTP Authentication in your mail client.
550-xxxxxx.com :53492 is not permitted to relay
550 through this server without authentication.

When I restart the CSF firewall, it works again, but the same issue could occur several hours later, sometimes, days or...

How can i disable email SSH login alert for user root from
please.
I have a program that automaticlly downloads files through ssh every 30 minutes & am getting emails each time.
Thanks

Hi

My Internet Provider has started using DHCP for all domestic users which means I have to keep changing my IP entry in csf.allow or pay a premium to get a fixed IP.
I try and and catch when the IP address change sos that I can whitelist it in csf but it not so easy keeping up and I find my IP is getting blocked by the firewall on a weekly basis now.

I'm not IP savvy, but from what I can see...

I get the following error in the lfd log.

Sep 28 12:57:30 kilo lfd : Main Process: Can't locate ConfigServer/cxsUI.pm in @INC (you may need to install the ConfigServer::cxsUI module) (@INC contains: /usr/local/csf/lib /usr/local/cpanel /etc/cxs /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.20.2 /usr/local/share/perl/5.20.2 /usr/lib/x86_64-linux-gnu/perl5/5.20 /usr/share/perl5...