ConfigServer Community Forum

Time: Wed Nov 1 16:06:40 2017 +0000
File: /tmp/.X11-unix
Reason: Suspicious directory
Owner: snappie:snappie (506:517)
Action: No action taken

I'm unable to whitelist this file in either in the pignore nor the signore file. Usually a line like this works in other cases:

/tmp/.X11-unix/*

I am getting excessive resource usage emails for a script that runs on PHP using cron. Most of the time there are no warnings (even with the USERMEM threshold set as low as 10MB) but at least once per day I get emails for half an hour or so almost every time the script runs - these usually show Virtual Memory 300-400MB but it can be as high as 1GB.

The pertinent details of one of the emails...

We are seeing quite a lot of these on multiple servers. I believe lfd is subsequently killed. Anyone else seeing this?

$ grep pid mismatch or missing, at line /var/log/lfd.log
Oct 13 14:35:02 XXXX lfd : *Error* pid mismatch or missing, at line 1005
Oct 13 14:46:12 XXXX lfd : *Error* pid mismatch or missing, at line 1005
Oct 13 14:47:55 XXXX lfd : *Error* pid mismatch or missing, at line 1005...

Hello
i'm receiveing this alert : suspicious file alert

File: /tmp/kXÐA»K Sk 0K 9Ð
Reason: Suspicious directory
Owner: : (1250:1262)
Action: No action taken

But when i check on /tmp , i dont find this directory .

root@ # ls kXÐA»K Sk 0K 9Ð
/bin/ls: cannot access kXÐA»K Sk 0K 9Ð: No such file or directory
root@ # cd kXÐA»K Sk 0K 9Ð
-bash: cd: kXÐA»K Sk 0K 9Ð: No such file or directory...

Hi there,

About a week ago I purchased a VPS with cpanel, under recommendation of the VPS company I installed CSF.

Since then I am receiving around 20-30 emails an hour telling me someone has failed to login to my cpanel.

Here is an example of the email:

Time: Wed Nov 1 14:15:11 2017 +0000
IP: 46.188.117.147 (RU/Russian Federation/broadband-46-188-117-147.2com.net)
Failures: 5 (sshd)...

Hi everyone,
I need some help if anyone can. I am running into an issue. I currently have a dedicated server that I have setup as an KVM Node. When I try to spin up an VPS, it works great. However, as soon as I install csf, the IP's become unpingable after rebooting. I have tested installing cpanel with and without csf, and I can confirm that it appears to be an csf issue. I cannot figure out why...

Dear all,

What could be the reason for below error? I try to install the script on XEN VPS running CentOS 6.5

root@shared01 # perl /usr/local/csf/bin/csftest . pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...FAILED - Required for csf to function
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing...

Hi, moved to a new server, using EA4.

Installed CSF and run security check gives this advice, which I don't understand. Can you advise?

PHP Binary PHP binary not found or not executable

Hi everybody,

in last couple of weeks - month We have experienced mass e-mail sent from our users that had hacked smtp's but We didn't got any notifications about them sending big amout of e-mails. We suspect that this might be cos of hackers bein more smart and not sending from one IP rather then from multiple IP's and there is no reaction from system to sent notification to us about it.
We do...

please help me, after re install server and install CSF, Mail Check, Apache Check, PHP Check, WHM Settings Check not detect :(

please, help me.

Problem of receiving mail and sending mail

on the server problem getting mail and sending mail.. The problem is solved when we disable CSF.
How to solve this problem?

Our Settings

SMTP Settings:
SMTP_BLOCK = Off
SMTP_ALLOWLOCAL = Off
SMTP_REDIRECT = Off
SMTP_PORTS =
SMTP_ALLOWUSER = cpanel
SMTP_ALLOWGROUP = mail,mailman
SMTPAUTH_RESTRICT = Off
------------------
IPv4 Port Settings:
TCP_IN =...

Hi, first of all, sorry for my English, because it is not my native language and hopes you will understand my needs.

I have the problem with traffic what comes from CloudFlare.
Problem is, the firewall is not blocking traffic from Cloudflare because I have Cloudflare IPs in firewall allow.
Time: Sun Oct 22 13:17:49 2017 +0200
IP: 162.158.90.225 (DE/Germany/-)
Failures: 3 (mod_security)...

The recently introduced check for the ModSecurity IP persistent storage size seems to have a bug.

I began getting alerts that /var/cpanel/secdatadir/ip.pag was 15GB in size, so I dutifully ran /scripts/shrink_modsec_ip_database -x to shrink the file to 37MB.

However I continue to get emails from LFD claiming that the file is over 15GB in size.

The relevant lines of csf.conf are:...

I have installed a new server with cPanel 68.0.6.

On ssh terminal I can see the csf commands, but on WHM not show Configserver Firewall

I made this configurations for at least 10 years, just on this new server the CSF Firewall not show on WHM.

Any ideas?

Hey Guys,
Have you blocked South African access to your site (configserver.com)? I cant access your site even though its up (using hideproxy.me through USA to post this).

This makes it impossible for me to open support tickets / contact you since you dont list email addresses. I cant use hideproxy.me to post support tickets - it fails. Its not only my IP because I get the same result from home....

Hi,
I have an issue with rsync overssh using csf.
With csf enable, when I do an transfert with rsync the rate is under 10MB/s
With csf disable, I have rate around 35MB/s
I open port TCP 873 in and out in csf.conf, same issue.
Someone have an idea ?
Thanks.

This is somewhat minor but on EA4 the security check says that I don't have mod_cloudflare installed but I do have it. Perhaps it's due to the name change on the module:

#$ httpd -M | grep cloudflare
AH01574: module cloudflare_module is already loaded, skipping
cloudflare_module (shared)

I'm having trouble getting the (awesome!) new Cloudflare option to work. CSF seems to be communicating with CloudFlare as I can view the Cloudflare rules for the user I have configured, but blocking based on Mod_Security hits does not seem to work at all.. Is there any more documentation that might help me with troubleshooting?

Speaking of documentation, in the CSF readme.txt, and I'm seeing the...

Check apache for mod_cloudflare in Check Server Security false reporting module not installed because module changed it's name from mod_cloudflare to cloudflare_module

# httpd -M | grep flare
cloudflare_module (shared)

I'm seeing this message DynDNS: Lookup for failed often in my lfd.log. I see the file /etc/csf/csf.dyndns has the entry _spf.google.com in it.
I've been searching here and on google to find what should be in this file. The header says only FQDN. I cannot ping this however I can get it when I do a nslookup.

#nslookup -q=TXT _spf.google.com
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative...