ConfigServer Community Forum

Trying to add an include file to csf.allow.

Added the file:

[ root@cp1 csf># ls -l /etc/csf/googlebots.allow
-rw-------. 1 root root 4455 Sep 29 15:12 /etc/csf/googlebots.allow

Added the entry into csf.allow:

Include /etc/csf/googlebots.allow # Google spiders and web crawlers

Error when starting:

*Error* File does not exist: at /usr/sbin/csf line 2134.

What are we missing?

I'm having trouble with one cPanel server. I used the install script and it seems to work, but the lfd service is not created in the WHM service manager and the WHM interface page to the firewall won't let me scroll down. I've tried uninstalling and reinstalling several times, but no change. Any help is appreciated..

We disabled the firewall because CSF is blocking FTP clients listing Directorys.

hello,

We are using WHM in a Dedicated Server at Hostgator, we have 50% of our domains in Cloudflare Free Plan . the Csf is been installed, and I asked Hostgator to add the mod_cloudflare also i whitelisted the Cloudflare ip in csf.allow. (in the server check the mod_cloudflare is green and says OK the apache status)

but i'm still receiving email from lfd saying that the IP where is come from...

I installed from (last week) and enabled ConfigServer Security & Firewall (Reseller UI) from WHM (Third Party Services). I restarted cpanel but the UI is not listed on plugins list on WHM. Is there any other config I should set/enable?

I'm using WHM 66.0.18.

http urls work just fine in the csf.blocklists but not https

CentOS6 but all the proper libraries for Perl SSL have been installed

cannot assign requested address

not the normal error but a binding error for the local IP address - what would cause this?

doing a wget for the https url from the command line works just fine

so either CSF is seeing the local server IP address correctly or...

Hi everyone,

I can not connect to download.configserver.com in a new VPS in order to install csf. Is there any other mirror or how can I resolve this issue ?

so I am currently watching an IP address in the middle of a csf.deny CIDR block access the webserver

newest csf (10.24 upgraded to 10.25, no change)
restarted csf
control panel reports everything is fine

how is this even possible and where do I even begin to diagnose what has gone very wrong?

the max entries allowed for csf.deny is definitely more than what is in there, it's not being...

Will ConfigServer Firewall support Docker hosts in the future? We'd like to firewall the hosts Docker runs on and it would be cool if this is possible from within CSF.

Hi,

I have a reseller account with very limited access to WHM, however, I would like this account to be able to use the csf firewall.

I believe I have ConfigServer Security & Firewall (Reseller UI) selected in Additional Software... Third Party Services.

The reseller account can see the plug-in, but when clicking, gets the message:

You do not have access to ConfigServer Firewall.

What am I...

I have a cpanel server with a Juniper SRX 300 firewall. We block all ports other than web and email. FTP and cPanel access is whitelist only for client IPs. Since I have cphulk and a hardware firewall what extra benefit would CSF be if any? I tried CSF and it conflicts with our VPN since the Dynamic VPN feature changes IPs. Is cphulk and the hardware firewall secure? Do I lose or gain anything...

Hello, I've searched around for this however have not had much results.

Does ConfigServer Firefall/LFD work with the nginx installation? Ever since I swapped over to nginx, CSF went silent on attack floods on the httpd.

What do i need to provide to help get regular expressions created for the detection of such events on nginx? :confused:

Ok, so most of my machines are cpanel.
This one is just a plain centos box.

So i installed csf as usual, and restarted it...

*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

Ok, no problem, lets install it...

Package 4:perl-5.10.1-136.el6_6.1.x86_64 already installed and latest version
Package perl-IO-Socket-SSL-1.31-2.el6.noarch already installed and...

Can I include command separated port numbers in the csf.deny file?

For example I have the following:

tcp|in|d=80|s=89.248.160.0/21 scannerbots googlemapsexploit QUASINETWORKS SEYCHELLES - do not delete - Tue Apr 11 14:49:02 2017

And I want to block port 443 too

tcp|in|d=80,443|s=89.248.160.0/21 scannerbots googlemapsexploit QUASINETWORKS SEYCHELLES - do not delete - Tue Apr 11 14:49:02 2017...

Hi all,

Have I formatted these csf.pignore exceptions correctly? I still get emails. I have restarted csf+lfd, also.

cmd:php-fpm: pool siteone_com
pcmd:/opt/cpanel/ea-php56/root/usr/bin/php /home/siteone/public_html/bin/magento *

Original emails are as follows:

Time: Sat Feb 11 10:39:31 2017 +0800
Account: siteone
Resource: Virtual Memory Size
Exceeded: 565 > 256 (MB)
Executable:...

Hello,

I have configured this regex.custom.pm

# setup-config
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] \w*(?:GET|POST) \/wp-admin\/setup-config\.php.* /)) {
return ( setup-config attack ,$1, setup-config , 20 , 80,443 , 3600 );
}

As you can see, the trigger level is 20
and the temporary value is 3600

But the block is done on 10 triggers and 1800 seconds

Time: Sat...

I am running latest CSF on Centos 7.3 with latest CPanel release 66. CSF is configured as per profile protection_high.

The following instructions were done on my server's CLI.

whois my-hostname ---> works perfect
whois my-server-ip ----> time out error

but

whois 8.8.8.8 ---> works perfect :-?

After verifying that my provider did not block anything related to port 43 or whois, I deactivated...

Hello,

We're having the xtables lock issue:

Jul 11 02:05:27 lfd : *Error*: Unable to check csf due to xtables lock, enable WAITLOCK in csf.conf

I've checked other threads and it says this should have been solved in a previous version of CSF.
We're running version 10.14:

# csf -v
csf: v10.14 (cPanel)

I don't know if this is a bug or if something is really using iptables, but so far we...

We use SASLAUTHD for SMTP authentication with sendmail. saslauthd failures log to /var/log/messages, but don't include the IP:
---
08:12:41 XXXX saslauthd : do_auth : auth failure:
---

But this corresponds to the following entry in /var/log/maillog:
---
May 8 08:12:41 XXXX sendmail : q48CCUdi023216: a.b.c did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
---

Would it be safe to block...