ConfigServer Community Forum

I'm recently not getting the end of the daily log scanner reports as it's being truncated to some maximum number of lines setting.

Is there a way to either increase the maximum number of lines - or choose to exclude some sections entirely?

My report is dominated by firewall block events - which I guess I'm not really that interested in as they were successfully blocked.

TY!

Had this message in the rkhunter log this morning for the first time.

Is it a worry?

TY!

what can i do ? i have changed all account passwords but somwthing continue to create this process.
This is a joomla website (updated) . I need exploit scanner?

Time: Thu Mar 31 16:03:56 2016 +0200
PID: 11550 (Parent PID:9249)
Account: archeage
Uptime: 97 seconds

Executable:

/opt/cpanel/ea-php55/root/usr/bin/php-cgi

Command Line (often faked in exploits):...

Hi,

Is is possible to configure Configserver to block IPs which are hammer a site's wordpress wp-login ?

I'm getting loads across different sites on the same server and would like to block at server level.

I already have all wp-admin pages blocked by http auth but robots are still hammering at wp-login, which creates load on server.

Thanks.

Tom.

Hello!

Since the last week my CSF install stops in the morning. I cannot find why and it does not restart by itself. I run start manually and runs all day without problem.

In the Logs i see this:

Nov 27 03:25:20 emma lfd : iptables appears to have been flushed - running *csf startup*...
Nov 27 03:25:25 emma lfd : csf startup completed
Nov 27 03:25:25 emma lfd : *Error* csf reported an error...

For the last week or so a server has had a very high load. The server has 4G of RAM and only has 6 websites on it and they are very low usage. When viewing the top processes LFD is always the top process and throughout the day, I get email notices from the server that it is out of memory and has killed and restarted lfd. Here is the top process on the server currently showing it using 60% of...

Hi,

This has started happening since 10.04 as far as we can tell. We'll reload CSF (csf -r) and all is good, 5 minute later the v6 rules have gone. We have some rules:

tcp|out|d=1234|d=host.example.org

Where host.example.org has a single v4 and single v6 address.

The v4 rules get created, the v6 rules are created, but then when the dyndns timer expires and the rules should be re-created, they...

What file do I edit to whitelist or safely ignore the lfd alert for wp-cron.php?

• csf.ignore
• csf.pignore
• maybe a different one?

I edit /etc/csf/csf.pignore and put this inside of it:

exe:/home/userXYZ/public_html/wp-cron.php

I even restart CSF from SSH PuTTY and WHM control panel

Why do I still receive email from LFD service?

Executable:

/usr/selector/php

Command Line (often...

Good morning,

I'm looking to whitelist process ONLY when it have specific command line
Is that possible?

Thanks,

Ed

Hello All,

I have a Centos 6 cPanel server, which has only recently been setup (within the last month).
I have installed and configured CSF, and it works very well for the most part. However, I noticed that the server's time has started running slow. At first, when I tried to re-sync manually, CSF blocked the Time Server, but I resolved this, and now manual syncing works well. However, I have...

ConfigServer Security & Firewall - csf v10.02

it takes ages before I get access to Config Server Security and Firewall settings.

My Mail Queue Administration remains flooded.
Finally after much searching, I had to suddenly enter an email address to LF_ALERT_FROM = mymail@new.us

Now I'm not getting emails in on Mail Queue Administration, but in my private mail box.

The information stated...

If you disable LFD in the CSF configuration (LF_DAEMON = 0 ) it will still be enabled in systemd. This means that systemd will try to start LFD on boot. That will fail because if LFD is disabled in the configuration the lfd binary will immediately kill it's own process.

root@server:~/csf# lfd
Killed

This is caused by line 6704 in /usr/sbin/lfd (version 10.00).

kill (9, -$$);...

I don't know what I'm doing wrong. Messenger works and it gives me the screen when I get blocked, but when I pass the reCAPTCHA (and I get the confirmation message) it doesn't unblock the IP, temp block or perm block.

How could I debug this? Is it the user that I created for it to run? I created it like this: useradd -rUM -s /sbin/nologin csf

Everything works fine, except the unblock.

Running...

Hi security guys,
Blocking ports doesn't seem to be working for me in CSF. I am also using csf from webmin console.
Have removed port 80 from TCP_IN, UDP_IN, TCP6_IN, UDP6_IN and restarted it through csf -r
still i can see 80 is not blocked yet from outside.
=======================
# ./csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK...

Hello,

After my cPanel updated to v60 I started getting the following error:

Time: Wed Oct 12 14:36:40 2016 +0300
Error: Failed to detect code in SYSLOG_LOG

SYSLOG may not be running correctly on

Running /scripts/restartsrv_rsyslogd --status displays that the rsyslog service is indeed running.

CentOS: 7
CSF: 9.24

Any idea why I get this error?

Thank you.

We spun up a new server and added CSF to it. Pleasantly surprised to see 'Authentic' theme as the new default theme. However, the 'Firewall Configuration' link is missing. When changing back to the old 'Gray Framed' theme, the link returns.

Can't see anywhere to change that. Is it a bug or are we missing a setting someplace?

EDIT: oops. I put this in the wrong forum. Should have been bugs.

I've updated my server from using EasyApache 3 to EasyApache 4 but now when I run a scan with ConfigServer Security & Firewall I am getting the attached warnings (which I didn't get before).

Is this a bug, or are these all genuine warnings that I need to work through ?

Screenshot of errors:

The system is running PHP 5.6.29

Thanks in advance

Config Server installed Firewall & Security, and uses the two options to run this plugin.

After several hours the plugin have put in, I get error messages in my log DirectAdmin,

Site Summary / Statistics / Logs> Error Log Web Full Error Log

Sat Feb 18 17: 44: 25.414434 2017] AH01630: client denied by server configuration: /home/admin/domains/nieuws-feiten.nl/public_html/ robots.txt
AH01630:...

Hi,

im new to this forum but a long time user of csf. And since i use it i want to understand it a bit better.
Before i always used fail2ban next to csf because i dont know how to configure and especially where to see and confirm that csf is watching my logs.

So i thought it was needed to run fail2ban for per example imap logins.

People keep telling me that its not needed.

So that leaded me...

Hi,
Ive got a streaming company ive got a site streaming one of my streams.

Would like assistance to block the domain as blocking the IP has done nothing.

Im using ConfigServer Security & Firewall - csf v9.30

Regards

Andy