ConfigServer Community Forum

I have noticed that my global allow rules are applying correctly to all CentOS 6 servers, but on CentOS 7 servers global allow rules are being applied partially.

By partially, I mean that /var/lib/csf/csf.gallow contains only between 30% or 60% of rules (rules are chopped off at random lines on each affected server) and in /var/log/lfd.log I regularly see iptables appears to have been flushed -...

Hi,

I found my csf error and its unable to start, everytime i try to start it from whm or console, it always failed. even i have turned off the faststart function,

Here is the error message :
You have an unresolved error when starting csf:
Error: iptables command failed, you appear to be missing a required iptables module, at line 1508 in /usr/sbin/csf

Does anyone ever had the same issue.?
I...

I have the following rules:

# vpn ip to specific server ip
iptables -t nat -A POSTROUTING -s 10.8.0.5/32 -j SNAT --to-source XXX.XXX.XXX.2
iptables -t nat -A POSTROUTING -s 10.8.0.9/32 -j SNAT --to-source XXX.XXX.XXX.3
iptables -t nat -A POSTROUTING -s 10.8.0.13/32 -j SNAT --to-source XXX.XXX.XXX.4
iptables -t nat -A POSTROUTING -s 10.8.0.17/32 -j SNAT --to-source XXX.XXX.XXX.5
iptables -t nat...

Why CSF is showing these as errors?

/usr/local/cpanel/logs/error_log:
==> cpsrvd 11.48.0.11 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up native SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
==> cpsrvd 11.48.0.11 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up native SSL support ... Done
==> cpsrvd:...

I recently discovered csf and am very pleasantly surprised. It is a jewel.

My questions are not related to any problem, it is just simple curiosity. The system is unusual in two respects:

(1) Who owns csf? It seems to be in the middle between Open Source Software and commercial. The package seems to be distributed in binary form, and only in this site. I guess they get an income by selling and...

I recently RE installed cPanel and CSF, and although my country blocking seems to be doing great, LFD is not working 100% of the time.

The way it used to work for me was I would get emails from LFD telling me that there were blocks, but now I get 3 from cPanel Hulk and then 1 from LFD, whereas once I initially started using CSF, LFD would almost never let cPanel Hulk even do it's job, as it was...

Hi, I installed this tool to protect a mail server with postfix but I can not get work alerts POP3 - IMAP. Do not send emails even with well-made configurations. Could you help me?

My system statistics over the last 7 days shows a load spike of 4 million% and during the same period 60 trillion (!) apache connections...

This is certainly because cPanel auto-backup hit a snag and stopped deleting my rolling server backups. After a while this meant that I had completely run out of space on the server disks and things started to go wrong quickly.

On getting everything...

Hello, im tired of trying everything, i have allowed my ip into:
csf.conf
ui.allow

I have set port to 6666 (default)
I have set UI_ENABLED = 1

everything set already

and i still get: ERR_CONNECTION_RESET from any browser....

Please help! :(

Hi,

Because firewall is blocking some unwanted IPs that is trying to access for example port 8080:

Nov 11 18:19:25 srv1 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=XXX SRC=XXX DST=XXX LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=26111 DF PROTO=TCP SPT=63838 DPT=8080 WINDOW=8192 RES=0x00 SYN URGP=0

Nov 11 17:37:24 srv1 lfd : *Port Scan* detected from XXX (GB/United Kingdom/XXX). 11 hits in the...

I have users that are blocked from the system.

When I search csf.deny the IP address isn't in there.

But when I add them to csf.allow, they are able to get e-mail OK.

So my question is, is there another place to look for IP addresses or is there another method that IPs get blacklisted that isn't through csf.deny?

Thanks,

Lawrence

Hello

we have a problem with the SMTP_BLOCK feature on some CentOS 7 servers.
Our SMTP_BLOCK config:

SMTP_BLOCK = 1
SMTP_ALLOWLOCAL = 1
SMTP_REDIRECT = 0
SMTP_PORTS = 25
SMTP_ALLOWUSER = cpanel
SMTP_ALLOWGROUP = mail,mailman

This works like expected:
2 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25 owner GID match 206
3 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0...

Hi for the last few days i keep getting a cron email saying it can't update with the following message

# /usr/sbin/csf -u
Oops: Unable to download: Can't connect to download.configserver com:443 (connect: Connection timed out)

also when downloading the csf.tgz its currupted
h**ps://download.configserver com/csf.tgz

hi every one

i add the IP address in /etc/csf/csf.deny same as below

37.0.0.0/8 # (do not delete) Manually denied by admin

but when i type the command below in SSH i still see some IP connected to the server

# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
109 37.190.224.5
214 37.170.213.4
312 37.170.104.55

is there any way to deny the any IP start with 37?...

Config server firewall for
-How is it established?
-interface help?
-advantages and disadvantages

Briefly will you tell me? :confused: :)

I've followed the advice in this post however I'm still getting reports like:

Time: Tue Oct 18 07:04:10 2016 +0100
Account: mailman
Resource: Process Time
Exceeded: 185573 > 1800 (seconds)
Executable: /usr/bin/python
Command Line: /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
PID: 15854 (Parent PID:15837)
Killed: No

My pignore file contains all of...

Is it possible to block IPs from reaching any of the VEs inside an OpenVZ node?

We have CSF installed on the host node. Some of the VEs do not have CSF installed. We are wanting to block certain IPs from accessing those VEs. Blocking the IP on the hostnode doesn't seem to have any affect.

I suspect it's tied partly to the fact that:

/sbin/iptables -A INPUT -i venet0 -j ACCEPT
/sbin/iptables...

I have been running Plesk web hosting for years behind a firewall appliance. Before that we were rooted often enough. Now we've added cPanel and almost instantly 100/100 strong passwords are hacked. cPanel knows nothing :( We installed APF/BFD and they got right around it. We installed CSF and they got around it because we had not blocked SSH. We seem to think that they are getting in from...

Ever since the beginning of October, my CSF has been blocking my FTP connections, active, passive, etc.

It is the usual block, whereas I mean I can log in, but I cannot 'retrieve directory listing'.

I have tried plain FTP

I have the passive port range uncommented within the csf conf file, and it says 30000 50000 as it should.

TCP_IN has 21, etc all ready to go.

I thought I may have done...

Some time back our main server on stopped sending Server Check emails with the current CSF Status to me.

I used to get them once a week::Subject Server Check on

Our hosting support cannot get them resumed.
Setting the Generate and email this report to the email address (My Address) on the Check Server Security page makes no difference.
It runs csf v9.25.

There does not seem to be a Send...