ConfigServer Community Forum

hello -

every day or two, i gather up all the IP's from the wordpress security alert break-in attempts, then i report them at:

(example using 79.110.130.145)

then i put a six month (or 222 days) temporary block into csf.

however, the past several mornings i get a message that says:

csf: 79.110.130.145 is already temporarily blocked

i am wondering how an IP number that is temporarily...

hello -

i tried putting 50.18.190.80 into my firewall deny IP list, yet this IP is not being blocked. using browserstack.com, i am still able to pull up this page.

i first checked the IP number in question using which gave me 50.18.190.80

that same IP number was first put into temporarily allow/deny and blocked for 600 seconds, but again the IP is still able

any suggestions what i might be...

I'm have a problem with CSF over access to emails.

The client IP is in csf.allow but even so the client it is being temporarily blocked only to email access.

In other words, even the client ip being in csf.allow the client is being blocked temporarily.

I try to release the IP again but it does not appear as blocked, it seems to be only a temporary block.

The client accesses the site and...

I just got 14 messages all stating that my account logged onto root. But that wasn't me. I quickly logged on and checked and see no evidence of any root logins.

Suspecting that these might be older messages just now coming in (from previous days) I checked the email headers and they show that they came in just a minute ago. The /var/log/exim_mainlog also shows that the messages were just sent....

Hello

In a VPS with Ubuntu 16 & CSF that uses /etc/apache2/sites-enable (etc) and the vhosts......
There is a lot of webpages with user and password fields to use services like:
roundcube
phpmyadmin
and webpages that has login for users to post documents etc....
How is possible to have CSF monitoring those login pages and block ips after X tries?
Best Regards

I just notice i have an error when try to start CSF.

Here output.

ACCEPT all opt -- in eth1 out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt -- in * out eth1 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt in eth1 out * ::/0 -> ::/0
ACCEPT all opt in * out eth1 ::/0 -> ::/0
*ERROR* line:
Command:
Error:
You should check through the main output carefully

*ERROR* line:
Command:
Error:
You should check...

Hi all,

I have a Debian 9 server with all the latest patches and CSF/LFD the latest version. Just a standard configuration with one IP number, no crazy things.

I want to automatically block IPs when they try to break in. I thought CSF/LFD did out of the box, but still I wake up with 600 of the below alert mails:

Feb 6 05:32:48 mail02 postfix/submission/smtpd : warning:...

HI all ,
I get this error today and don't know how to fix it , is there anybody who is in that trouble before , please help .

Error: FASTSTART: (CC_DENY IPv4) [] . Try restarting csf with FASTSTART disabled, at line 5311 in /usr/sbin/csf

Dear all,

I just setup CSF.

My home network works within 192.168.178.0/24 .
My plan was to only (mainly) allow internal connections to and from the server on which CSF has been installed.

Therefore I started with adding 102.168.178.0/24 to csf.allow:
###############################################################################
# Copyright 2006-2017, Way to the Web Limited
# URL:
# Email:...

hello, I keep geeting this email

Time: Thu Feb 8 04:45:17 2018 +0100
Account: admin
Resource: Virtual Memory Size
Exceeded: 544 > 512 (MB)
Executable: /opt/cpanel/ea-php70/root/usr/bin/php-cgi
Command Line: /opt/cpanel/ea-php70/root/usr/bin/php-cgi
PID: 17354 (Parent PID:14362)
Killed: No

I understand that i receive this email when someone is online for a long time but i keep getting...

Hi,
I have some client with about 20 stations
one of the sation try to connect to the smtp with incorrect login details
on CSF, I got the next message:
1.1.1.1 # lfd: (smtpauth) Failed SMTP AUTH login from 1.1.1.1 (US/Usa/-): 5 in the last 3600 secs - Sat Nov 03 02:32:40 2013
there is any possible to add the username to this message?
for example, 1.1.1.1 # lfd: (smtpauth) Failed SMTP AUTH login...

Hi

I've read through quite a few posts on this forum and no one else seems to have the issue I'm having. I can't even get csf to register the postfix sasl attacks.

Centos 6.3
/etc/csf/regex.custom.pm
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\ : warning:.*\ : SASL *? authentication failed/)) {
return ( Failed SASL login from ,$1, mysaslmatch , 3 ,...

Dear All,

May i know what the cause of this. i install csf on Centos 7:

root@colo130 # csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
open3: exec of is-active firewalld failed: No such file...

Hi there,

I have enabled login failure protection but it is letting a lot of attempts through:

# Enable login failure detection of sshd connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_SSHD = 5
LF_SSHD_PERM = 1

# Enable login failure detection of ftp connections
#
# SECURITY NOTE:...

Hi,

We are currently testing messenger with reCAPTCHA activated to allow our customer to unblock their IP when blocked.
So far, the HTML service is running and we are able to get the web page.
The reCAPTCHA is able to validate if the visitor is a bot or not but for some reason, once reCAPTCHA has been validated, the IP still remains blocked even tho we are seeing the following message:

Passed...

Hi,

when I click on Firewall Configuration , I see a page with Preconfigured Profiles and the option to Backup/compare different settings & profiles.

How do I get back to the settings page?

Rgs,
Chris

Hi all,

In WHM when the CSF Firewall is enabled and Backups are triggered, there is a huge amount of softIRQs triggered (see screenshot at the bottom). When disabling the CSF Firewall: those softIRQs are a lot lower.
We have other servers elsewhere (VPS, not dedicated) and while there are some softIRQs, it is not as much as the screenshot attached.

I have made sure that the server is running...

Hi to all
please i need your help as what is happening is impossible

I have a server with csf (as all of us here...)..

All the sites stop loading after some time from SPECIFIC IPs that login to WHM or wordpress admin..

So if x person is working on this site to make it, after some time he looses access as csf blocks him.

The same from the corporate network, probably after much conections its...

Hi Guys,

I'm trying to setup a custom regex for nextcloud login failure detection. It is not working (triggering when I try to login >5 times with incorrect credentials):

I have setup /var/www/nextcloud/data/nextcloud.log as CUSTOM1_LOG. lfd says it is watching the file, and entries look like this:

{ reqId : jh3hXB9cFRzocSjYGbPL , level :2, time : 2018-01-26T09:09:31+00:00 , remoteAddr :...

Hi all,
It might be that Christmas is coming and my brain is more focus on Santa stuff instead of being able to read and understand the instructions, or that I am just TAU (tired as usual).

My problem is that I can't figure out if LF_INTERVAL is doing one or 2 things:
1) limiting the number of triggers accepted during the LF_INTERVAL number of seconds
2) setting the time between checks

Will...