Recently one of my shared servers received several hits from 2 or 3 IP addresses, these hits increased server load average to a huge number, I will paste the output kernel messages I got at the console while under this attack, what csf option would help me prevent this kind of attack? (ports 585 and 1270 are not allowed under tcp in csf configuration option):
I had a Joomla site hacked last night, they relayed some emails. Trying to figure out how they got in. Looks like they used sendmail. Here are the CSF notifications (without actual domain name or email addresses). The configuration.php file referred to as possible script is the Joomla file last updated 2016. Don't think that was part of issue, but they probably used it to pull the title of the...
I have a very weird problem on a server which has CSF/LFD installed. For long CSF/LFD just worked very fine. But today, while watching some logs, I noticed that countries which are in CC_DENY were not blocked anymore.
Trying to understand this problem, I 1st blamed GeoIP. but no, GeoIP data is updated and my geoiplookup responses are correct.
Then, to my surprise, I think I found out why...
In our WHM (CPanel) lfd service is down (after we have root partition full problem, few days ago)
As soon as fix the partition (free up some space) problem, lfd didnt start up and we cannot start it out yet.
At lfd.log file we have only this error (repeatable):
Apr 13 15:37:16 cpanel1 lfd : *Error* LF_DAEMON not enabled in /etc/csf/csf.conf, at line 82
Apr 13 15:37:16 cpanel1 lfd :...
This morning I received an email with error output from a cron job which ran the command /usr/sbin/csf -u
Upgrading csf from v12.03 to 12.04...
Retrieving new csf package...
...5%
Unpacking new csf package...
gzip: stdin: unexpected end of file
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
sh: install.sh: No such file or directory...
I recently started receiving email notifications about Excessive resource usage by mysqld_safe. I did some forum research and couldn't find the root cause of that. Everyone has suggested to disable the notifications by modifying /etc/caf/csf.pignore file.
At the same time, I have also been receiving email notifications every time I log in via SSH or cPanel / WHM. Does anyone know what's causing...
Hello. Since a few weeks ago, the automatic RBL check (once at hour in our server), outputs always this at email:
Checked 31.2xx.xxx.xxx (PUBLIC) on Sat May 19 17:00:01 2018
short.rbl.jp
TIMEOUT
virus.rbl.jp
TIMEOUT
OK
These 2 lists short.rbl.jp and virus.rbl.jp always output TIMEOUT. It's a common problem for all Configserver users?. Can I resolve this?. If not, can I disable these 2 list to...
Do anyone know that..is there way i can install software firewall on physical server ?
we have receive some attack 1-2 months, i know that suspend the vps will be solved, but we have 10 clients for different server, it is hard for us monitor every physical server, as we don't know when will the attack come.
but the attack come, we may very busy on another stuff, we can't solve that...
I am using cPHulk Brute Force Protection to blacklist some countries. This is working fine, but I still see IPs from blacklisted countries appearing in csf.deny. These are logged as Failed IMAP login, Failed SMTP AUTH & Failed FTP login.
Should cPHulk Brute Force Protection for blacklisted countries not stop these even getting to Configserver?
I see in my logs a small number of failed logins from an IP, which is blocked in CSF at 00:04am
xxxx.xxx.xxx.xxx # lfd: (smtpauth) Failed SMTP AUTH login from xxx.xxx.xxx.xx. (AU/Australia/New South Wales/Sydney/xxx.xxx.xxx.xx.static.exetel.com.au): 1 in the last 3600 secs - Mon May 14 00:04:44 2018
If I look in my exim reject log, I can see that the logins continued after this time.
How could...
I have a Xen host running CentOS 7. The NICs in use for the wan are p1p1 and xenbr0. I installed CSF but am not achieving any level of protection for the host. I've tried setting the NIC to both p1p1 and xenbr0 one at a time.
With the NIC set to p1p1, the guest OSes are still available.however the host os is completely unreachable. Switching the NIC to xenbr0, nothing is blocked.
Hi,
I have an ubuntu 12.04 kvm host/guest bridged network environment.
The host machine has a bridged interface br0 having ip A.
The guest vm machine uses the br0 interface having ip B.
CSF is working on both interfaces. FYI, for those wondering how to not break the bridge when using CSF on the host machine, create a /etc/csf/csfpost dot sh:
iptables -A FORWARD -i br0 -o br0 -j ACCEPT
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum