ConfigServer Community Forum

Below is a sample of these recent attacks:
juli 5, 2024 4:58f m 185.190.24.99 (Panama) Blocked for SQL Injection in POST body: Display_FAQ = 1575') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PCCz
juli 5, 2024 4:58f m 185.190.24.99 (Panama) Blocked for SQL Injection in POST body: Display_FAQ = 1575') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- zFlw...

I have this problem, maybe you can help me. I am not able to upload files via FTP with CSF active. If I deactivate it I can upload without problems.

My FTP client is very old and has no options. It is part of custom software. It only connects without SSL and uploads files in ACTIVE mode. That's why I can't put it in PASSIVE mode, which surely works. I already have the range of ports open for...

I am attempting to lower my signal to noise ratio on LFD notices so they don't start getting ignored when I get them. For the most part I have done a decent job with the csf.pignore file for weeding out legitimate processes. However, I just got one for LiteSpeed Enterprise web server process itself, and I think it is too generic. If I ignore it as provided in the notice, I would be allowing...

lfd warns me daily about a process i simply cannot teach csf to ignore:
Time: Wed Nov 1 20:08:44 2023 +0100
Account: www-data
Resource: Process Time
Exceeded: 146435 > 1800 (seconds)
Executable: /tmp/appimage_extracted_a3ed3648c2d4a42fcd239937c53130a2/usr/bin/coolwsd
Command Line: coolwsd --config-file=/tmp/appimage_extracted_a3ed3648c2d4a42fcd239937c53130a2/etc/coolwsd/coolwsd.xml...

Hey guys,

I'm currently trying to block all incoming traffic to my server that does NOT come from my CDN IP addresses, and I'm hoping to do that with some kind of Allowlist, while denying all others.

My only concern is that I use Atomic Secured Linux (Atomic Protector) for my mod_security rules, and I don't want to create any kind of conflicts that might exist when running two different...

Hello,

In CSF, SMTP AUTH FAILURE block the IP of user instead of USER LOGIN.

For example, a company with 10 users, if 1 of them do wrong auth failure, the IP of company is blocked.

I would like to block only the user and not the company.

I have validate an old server and a new server where will be installed update CSF.
It seems CSF regex.custom.pm almost completely blank.

An example:
# SECTION:OS Specific Settings
# Note: File globs are only evaluated when lfd is started
Is it automatic added settings when it is installed and restarted system like Linux and CloudLinux 8?

We followed suggested steps to install CSF:

wget
tar -xzf csf.tgz
./install.cpanel.sh
I see it should be cd csf if you like t install.
/etc/init.d/csf restart is not executed. Which command should be set inside root access for cPanel?

The last steps is not working. How to manage this?

Hi,

I’m looking for some advice on how to achieve a specific configuration using CSF.

I have a server that is currently getting hammered by junk web traffic from a whole load of IP addresses all beginning 18.xxx.0.0/16 (where xxx can be any of about 20 values).

I had initially just blocked those ranges entirely in CSF but with it being such a wide block that’s not really feasible - we have...

Since our servers upgraded to Alma Linux 8.9, each time the servers reboot, CSF does not operate as normal until after its restarted via WHM.

On one server that uses PHPMailer and Office 365 SMTP, any emails that are sent by the cPanel account will fail due to network is unreachable and in the /var/log/messages it shows outgoing connection attempts to port 587 being blocked. This is happening...

Hello,

For some reason on one of our servers the following test of a PCI scan fails:

TCP Source Port Pass Firewall

PCI Severity Level: The vulnerability is not included in the NVD.

VULNERABILITY DETAILS
CVSS Base Score: 5
CVSS Temporal Score: 3.6
Severity: 3
QID:34000
Category: Firewall
Last Update: 2017-07-10 17:52:41.0

THREAT:
Your firewall policy seems to let TCP packets with a...

Hello,

I have MESSENGER v1 working on the server with Directadmin but doesn't work with SSL. So, I configured v3. The website to offer the unblock it is show, the captcha too, but when I click to unblock, the IP isn't removed on the deny list, so the IP isn't blocked. What it could be?

Thank you.

Hello!

We are using csf on many of our servers, however, on one of our servers the Messenger service doesn't seem to work.
The server has cPanel and LiteSpeed. It also has BitNinja installed, but the problem happens even if we have the BitNinja service disabled.

Here is what we tried:

Switching to Messenger v1, v2 & v3
Uninstalled and reinstalled csf
Copied the csf configuration file from...

I apologize, but could you still explain how it turns out that in your database - /var/lib/csf/Geo/dbip-country-lite.csv it is written like this: 130.0.232.0,130.0.239.255,UA And in the logs it came: This is what the csf shows... Table Chain num pkts bytes target prot opt ​​in out source destination filter ALLOWIN 3 590 86236 ACCEPT tcp -- !lo * 130.0.234.147 0.0.0.0/0 tcp dpt:2829 IPSET:...

Latest Debian 12

I use TMUX a lot, but lately it doesn't keep the sessions when you restart the server or if you are inactive for a long time.
I suspect it may have something to do with CSF.
Very annoying when you have configured many things.
Have to start from scratch every time.

Very grateful for help.

Hi there everybody thank you for this community and software Csf, like the title say:

Can I execute all features options of web user interface via CLI ?

Hi all,

I would like to ask if there is a feature in csf/lfd where if a user keeps running multiple queries from same IP to be banned and if I can adjust that?

I've got a website of a non profit organization with a large db and getting attacks from multiple IPs from a specific country.
I blocked the country but is a matter of time to use another country to keep going etc so this is not a...

A week ago I received an email saying:

Time: Wed May 15 19:08:50 2024 -0400
File: /tmp/alfacgiapi/getheader.alfa
Reason: Script, starts with #!
Owner: fromhigher:fromhigher (1013:1014)
Action: No action taken

I went in and found that the site was hacked, deleted everything, restored and patched from a clean backup. Also emptied the trash on that account. However, I keep getting this same email...

When my csf.allow file is empty, I can't send (SMTP) or read (POP) emails on my server, it ends up with a timeout. Adding my IP in csf.allow, everything is ok.
I would like to be able to access my emails from anywhere, how should I do ? I have looked for a parameter in csf.conf for that, but have not found so far :confused: . Any help appreciated.

Long time user.

3 servers. all running CSF

1 server IP is not blocked but emails not working on all email clients.
ALLOW that IP and the email starts working.

What is the fix/issue?

the only difference was this server was set up as with SSH on a different port than default.

Is anyone else having this issue?

Thanks.
Mike