ConfigServer Community Forum

Hi,
I have some client with about 20 stations
one of the sation try to connect to the smtp with incorrect login details
on CSF, I got the next message:
1.1.1.1 # lfd: (smtpauth) Failed SMTP AUTH login from 1.1.1.1 (US/Usa/-): 5 in the last 3600 secs - Sat Nov 03 02:32:40 2013
there is any possible to add the username to this message?
for example, 1.1.1.1 # lfd: (smtpauth) Failed SMTP AUTH login...

Hi

I've read through quite a few posts on this forum and no one else seems to have the issue I'm having. I can't even get csf to register the postfix sasl attacks.

Centos 6.3
/etc/csf/regex.custom.pm
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\ : warning:.*\ : SASL *? authentication failed/)) {
return ( Failed SASL login from ,$1, mysaslmatch , 3 ,...

Dear All,

May i know what the cause of this. i install csf on Centos 7:

root@colo130 # csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
open3: exec of is-active firewalld failed: No such file...

Hi there,

I have enabled login failure protection but it is letting a lot of attempts through:

# Enable login failure detection of sshd connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_SSHD = 5
LF_SSHD_PERM = 1

# Enable login failure detection of ftp connections
#
# SECURITY NOTE:...

Hi,

We are currently testing messenger with reCAPTCHA activated to allow our customer to unblock their IP when blocked.
So far, the HTML service is running and we are able to get the web page.
The reCAPTCHA is able to validate if the visitor is a bot or not but for some reason, once reCAPTCHA has been validated, the IP still remains blocked even tho we are seeing the following message:

Passed...

Hi,

when I click on Firewall Configuration , I see a page with Preconfigured Profiles and the option to Backup/compare different settings & profiles.

How do I get back to the settings page?

Rgs,
Chris

Hi all,

In WHM when the CSF Firewall is enabled and Backups are triggered, there is a huge amount of softIRQs triggered (see screenshot at the bottom). When disabling the CSF Firewall: those softIRQs are a lot lower.
We have other servers elsewhere (VPS, not dedicated) and while there are some softIRQs, it is not as much as the screenshot attached.

I have made sure that the server is running...

Hi to all
please i need your help as what is happening is impossible

I have a server with csf (as all of us here...)..

All the sites stop loading after some time from SPECIFIC IPs that login to WHM or wordpress admin..

So if x person is working on this site to make it, after some time he looses access as csf blocks him.

The same from the corporate network, probably after much conections its...

Hi Guys,

I'm trying to setup a custom regex for nextcloud login failure detection. It is not working (triggering when I try to login >5 times with incorrect credentials):

I have setup /var/www/nextcloud/data/nextcloud.log as CUSTOM1_LOG. lfd says it is watching the file, and entries look like this:

{ reqId : jh3hXB9cFRzocSjYGbPL , level :2, time : 2018-01-26T09:09:31+00:00 , remoteAddr :...

Hi all,
It might be that Christmas is coming and my brain is more focus on Santa stuff instead of being able to read and understand the instructions, or that I am just TAU (tired as usual).

My problem is that I can't figure out if LF_INTERVAL is doing one or 2 things:
1) limiting the number of triggers accepted during the LF_INTERVAL number of seconds
2) setting the time between checks

Will...

Hello, i've been receiving these emails daily for over a month.
Oops: Unable to download: Can't connect to download.configserver.com:443 (timeout)

What can I do to fix the download issues?
thanks

Jan 23 05:12:05 server lfd : Watching /var/log/exim_mainlog...
Jan 23 05:12:05 server lfd : CCL: Retrieving GeoLite Country database
Jan 23 05:12:07 server lfd : CCL Error: Unable to retrieve GeoLite Country database - Unable to download: Can't connect to geolite.maxmind.com:80
Jan 23 05:12:10 server lfd : *WHM/cPanel root access* from xx.xx.xx.xx
(END)

How can i get CSF to work whit proxy? I have add the IP-address that the python script that i use connect whit but i end up whit time out error. But when i disable CSF everything is working and i have add the ip address to the csf.ignore and csf.allow file but it dont help.

What can be the problem?

As the title, disabling Faststart killed my server.

Was getting this error: -

csf: FASTSTART loading Packet Filter (IPv4)
Error: FASTTART: (Packet Filter IPv4) [] . Try restarting csf with FASTSTART disabled, at line 3777

So done this, found on support geek: -

Edit csf config file located at /etc/csf/csf.conf and disable FASTSTART by editing FASTSTART = 1 to
FASTSTART = 0 .

Once the change...

Hello,
I am using MESSENGERV2. I have SSL enabled on domain but I not have any virtual host directives for domains or SSL certificates in csf.messenger.conf.
Only certificates in csf.messenger.conf is:
SSLCertificateKeyFile /var/lib/csf/ssl/keys/hostname.key
SSLCertificateFile /var/lib/csf/ssl/certs/hostname.crt
and
SSLCertificateFile...

Can not restart LFD anymore. The same problem on 2 servers:

root@server~# /etc/init.d/lfd restart
-su: /etc/init.d/lfd: No such file or directory

Tried:

root@server:~# lfd restart
root@server:~#

When I check /var/log/lfd.log file I see this line:

Jan 16 12:23:26 server lfd : *Error* attempt to start lfd when it is already running, at line 173

How do I restart LFD?

I'm hoping someone can help me with an issue with SSL from letsencrypt and CSF. Basically, I get an error as shown below whenever a site with SSL on my server is accessed.

(70007)The timeout specified has expired: AH01974: could not connect to OCSP responder 'ocsp.int-x3.letsencrypt.org'
AH01941: stapling_renew_response: responder error

I've ruled out issues with Apache and made sure the...

Hello,

I noticed that CSF now supports blocking at the CloudFlare level which is great, however I'm trying to use a custom log with a custom regex to trigger a block in CloudFlare and this doesn't seem to be working.

I've tried with it set as a permanent block and a temporary block but neither of these are triggering the API call to CloudFlare. I'm not using cPanel, just plain CentOS.

I have...

Hello,

I use CSF on my new CentOS 7 VPS server.

I have ran the firewall check and I see following warnings:

1. Check MySQL LOAD DATA disallows LOCAL
my.cnf file contains the following:
!includedir /etc/my.cnf.d

in that directory I have several files. in the file etc/my.cnf.d/server.cnf I have following

local-infile = 0

2. Check dovecot weak SSL/TLS Ciphers (ssl_cipher_list)
my...

Hello,

Excuse me if this is documented or been asked before.

Currently, when CSF block IPs, it is a blanket block (all ports). Is there a setting to block just the port that the bad guy/girl is attempting to brute force? I'm not keen on clients mistakingly entering, say, a wrong email password, get their IP blocked, and find out they are unable to access anything.

Thank you.