ConfigServer Community Forum

Hello,

The following happens every day and I'm not sure why. Could someone explain the purpose of this? Is this intended, or is it an error?
How can I prevent it from happening, and is that recommended?

Daily in /var/log/cron:

Jan 19 00:00:01 CROND : (root) CMD (/usr/sbin/csf --lfd restart > /dev/null 2>&1)

Daily in /var/loq/messages

Jan 19 00:00:01 systemd: Cannot add dependency job for...

Returning to work today, I see multip[le attempts over a number of days of someone trying to log in to cpanel.

Dropping connection from xxx.xxx.xxx.xxx because of tcp_wrappers at cpsrvd.pl line 3622

Is anyone able to help me write a custom rule which will block the offending IP.

I'm not sure how LFD is doing its calculations but I noticed this in the LFD log on one of our Plesk servers. There are only 329 domains registered in Plesk:

Messenger HTTPS Service died, restarted
Messenger HTTPS Service started for 850 domains

Such as [url ....

I have some case but with csf.ignore .

When setting up CIDR, like /24, /19 etc.. and restart lfd and csf and after that I trying to login in myhostname.com/cpanel with wrong user/pass - lfd block my ip addrss (that it part from ignored CIDR) - like a boss :)

Mar 29 22:58:38 myhostname lfd : (cpanel) Failed cPanel login from 192.168.1.12...

Some time ago I submitted a thread Blocking IP ranges does not have any effect -
but didn; t get any comment.

Today I noticed that CC_DENY option doesnt work either.

I have:

CC_DENY = CN,BR,CA,HK,TW,RO,UA,MD,KZ,KR,VN,TR,RU,PA,LB

However today I noticed a visitor on my website from IP address: 37.20.161.96.
CSF/LFD uses Maxmind database to detect country, right? So, the Maxmind database...

Hi,

I am seeing an attack on exim port 25, as per:

2017-06-22 19:43:43 SMTP connection from :13855 (TCP/IP connection count = 84)
2017-06-22 19:43:43 SMTP connection from :18356 (TCP/IP connection count = 85)
2017-06-22 19:43:44 SMTP connection from :55947 (TCP/IP connection count = 86)
2017-06-22 19:43:45 SMTP connection from :16467 (TCP/IP connection count = 85)
2017-06-22 19:43:49 SMTP...

Hello,
we have a lot of this kind of email from firewall,
can you help us to do something?

-----Original Message-----
From: root@server8

Sent: Tuesday, January 15, 2013 9:33 AM
To: firewa
Subject: lfd on server8: Suspicious File Alert

Time: Tue Jan 15 09:32:44 2013 +0200
File: /tmp/sh.php
Reason: Script, file extension
Owner: catalog:catalog (1546:1539)
Action: Moved into...

Hello how can I fix path to Apache?
When I run the command csf -m, wrote:
Apache Check
HTTP Binary: /usr/local/apache/bin/httpd not found or not executable

Is this normal or should change path to the folder that is /usr/local/apps/apache.
Can you help me set it up?

Web Panel: Webuzo

Hi,

In our server firewall csf not start. Please assist with us to resolve this issue.

Also got given below error log.

==========================================
Mar 20 01:21:07 citrus lfd : *Error* You have an unresolved error when starting csf. You need to restart csf successfully before restarting lfd (see /etc/csf/csf.error). *lfd stopped*, at line 1037
Mar 20 01:21:07 citrus lfd : daemon...

Hello Guys,

I was wondering if it's possible to add an additional list of IP's in existing csf allow, ignore or block list. For example:

Include /etc/csf/office-ips

Something like that. I am not sure that these kind of configuration actually works or not. I would really appreciate it if anyone can tell me if such configuration line exists. It would be a BIG help :)

Best regards,

Abir

I have installed csf on a centOS 5.9 server which I had installed WHM/Cpanel on it before
but it shows me blank page and I can not modify it in whm
and I have lots of emails which says lfd is down.

is there any solution for thi issue?
thank you in advance

Hi,
how to solve this:

*WARNING* The MaxMind Geolite databases will soon be deprecated, disable CC_OLDGEOLITE to start using the new Geolite2 databases

can you tell me how I can fix this warning? Steps?

Thanks so much

I am having trouble getting csf.ignore to work. Have entered both ipv4 & ipv6 addresses in both files & restarted lfd & csf. There is a cron job that backs up data to this server every 4 hours and each time it sends me an email.
Have set csf.conf IGNORE_ALLOW to 1 but still same results.

Hi all,

I've discovered a strange problem with all my Debian 9.3 servers with CSF/LFD latest version. I cannot ping via IPv4. It does ping via IPv6 though. Settings are as below. I also still can't ping when both servers are in the csf.allow and csf.deny files.

ICMP_IN = 1
ICMP_IN_RATE = 1/s (also tried other variables)
ICMP_OUT = 1
ICMP_OUT_RATE = 0
IPV6_ICMP_STRICT = 0

What am I doing...

i just changed some things as per csf security checkup. After that no one is able to use things like : SitePad, let's encrypt etc.

SitePad told me to allow there IP & i did it worked fine. what feature disallow outgoing IP request & how to solve that. I am in big danger kindly help me out. :(

Greetings,

CSF is having this error when it was restarted

Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
Another app is currently holding the xtables lock. Perhaps you want...

Hi guys,
I just installed csf for my ubuntu server and i think it is really big for me as csf provide a lot of settings compared to ufw.
There are several questions that i wanted to ask.
1) I dont provide dns server service and im using dynamic ip with dyn dns. Do i need to open port 53?
2) Can someone guide me or can i get a really deep guideline on how to conifgure csf from the initial.
3)...

Hi all,

Is there a log anywhere that would store information if an IP address was blocked but only temporary? Just trying to trouble issue a connection problem last night. They can now access everything again so I was just wanting to see if they were blocked by CSF on a temp basis.

Cheers,

hello -

every day or two, i gather up all the IP's from the wordpress security alert break-in attempts, then i report them at:

(example using 79.110.130.145)

then i put a six month (or 222 days) temporary block into csf.

however, the past several mornings i get a message that says:

csf: 79.110.130.145 is already temporarily blocked

i am wondering how an IP number that is temporarily...

hello -

i tried putting 50.18.190.80 into my firewall deny IP list, yet this IP is not being blocked. using browserstack.com, i am still able to pull up this page.

i first checked the IP number in question using which gave me 50.18.190.80

that same IP number was first put into temporarily allow/deny and blocked for 600 seconds, but again the IP is still able

any suggestions what i might be...