Hello, since a few months back I've been having problems with the lfd service, I tried fixing it myself but was unable to find the error, I resorted to stopping the monitoring of this service since it would spam emails every 5 minutes alerting me that it was down.
But every time cfs updates the monitoring updates and re-enebales lfd monitoring, so 100s or 1000s of emails again.
We want to have our own custom blocklist file at and include it in csf.blocklists on all our servers.
Is the following an acceptable format for csf.blocklists?
tcp|in|d=80|s=46.229.160.0/20 # flooding ADVANCEDHOSTERS-AS NETHERLANDS - do not delete - Sat Apr 22 03:54:23 2017
tcp|in|d=80|s=51.254.0.0/15 # flooding OVH SAS FRANCE - do not delete - Sat Apr 22 03:54:23 2017...
Say I have a server which only needs to be available to a very short set of countries.
Do we have to set csf.conf to explicitly specify EACH country in CC_DENY and CC_ALLOW ?
having trouble with ROOT login to WHM, cfs is blocking SSH access so I can't change pass.
Can boot with rescue system, need help do disable CFS or allow my IP via rescue SSH.
OS: Centos 7.3 // WHM 64.0
I use csf with cPanel(up-to-date) and set CC_ALLOW worked for about one week and after that started to block IP-s from the country specified at CC_ALLOW. This behavior happened on two independent servers with the same architecture.
I think is not normal. What do you think?
I searched but not sure I'm searching for the proper thing. I have one customer that has more than 30 users using email. They constantly are kicking off the firewall and I have to reset it.
Is there a way to restrict the firewall from blocking people using one domain on the server?
I understand this could cause trouble.
Does anyone have a working set of rules they use with CSF to help reduce impact from repeated login attempts on WordPress?
These attempts take place with /xmlrpc.php (multiple attempts in one post) and /wp-login.php (single attempt). Often one IP will try many, many times (eg yesterday, 3000 in 2 days).
It would help a lot if CSF was able to auto-block them with some built-in solution; far more...
I'm looking for a solution/workaround NOT to block ip addresses from country ABC when hit by lfd (fx login failures, etc.)
Are there any easy way?
I have been looking at
Which can generate a list (not sure if it's complete, but that's ok) of CIDR for Whole country. But the list will naturally be QUITE long. So I fear that it will have performance influence when putting list of 100000s...
There's a lot out there about various methods to secure SSH access better.
But on a Cpanel server, in my opinion, access to WHM gives the user a degree of privileges near that of logging into SSH via root. So I have a few questions for discussion.
First, let me setup the context for the application of these methods. It's a server that does not have to be HIIPA or FICA compliant. It just has one...
I am trying to configure the HTTPS messenger service to give an HTML error message when an IP address is blocked. It's working, but very slow. When I usee httpie, I get the following error:
http: error: SSLError: certificate verify failed (_ssl.c:579) while doing GET request to URL:
With Firefox, it works, but takes well over a minute before the page loads. I have no idea where the holdup...
Hi,
CSF stops almost every night. I receive the following error message:
/var/log/lfd.log
Jun 19 03:20:16 server lfd : iptables appears to have been flushed - running *csf startup*...
Jun 19 03:20:18 server lfd : csf startup completed
Jun 19 03:20:18 server lfd : *Error* csf reported an error (see /etc/csf/csf.error). *lfd stopped*, at line 7146
Jun 19 03:20:18 server lfd : daemon stopped
Jun...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum