ConfigServer Community Forum

i just ran the csf install script, nothing else. you know:

sudo wget
sudo sh install.sh

after 1 week i notice my ufw firewall is disabled!
i enable ufw, and a few min later, ufw is disabled again!
i remove csf, and the nightmare is over.

so what is happening here? does csf, even in testing mode disabled ufw? what a nightmare.
i repeat i did not change anything, i did not enable csf, testing...

I had an application level attack on a Wordpress site that brought the server to its knees. First time I've had this happen ever running about a half dozen small business websites. Configserver is loading multiple RBLs like FIREHOL, etc. I did a blacklist search and out of like 60 lists the IP only showed up on the Barracuda RBL. However the link to the actual RBL gives a 403 error.

The...

Does anyone use the connection limit protection or port flooding settings that doesn't have network level DDOS protection?

What would be typical reasonable settings for a server that is just running website applications that has maybe max 40 website users at any time plus bot scraping traffic and virtually no FTP and maybe one SSH session open at a time? Nothing else such as external MySQL...

I have that error if I put RU as blocked:

CC_DENY = RU,CN,UA,VN,BY,HK,IL,KZ,KP,SA,KR,SY,TH,TW,JP,ID,BR,AR,BD,CO,MA,SG,KR,ZW,AZ,PL,PY,SD,CI,EG,MZ,MX,PK,NP,TZ,MY,PE

Error: FASTSTART: (CC_DENY IPv4) [] . Try restarting csf with FASTSTART disabled, at line 5790 in /usr/sbin/csf

If I remove RU from CC_DENY list and restart csf everything is fine and work well

hello, I am experiencing a csf and cmm download error with wget and wget respectively.

Connecting to download.configserver.com (download.configserver.com)|94.130.90.175|:443... failed: Connection timed out.

my server does download other files via wget so i guess there is no problem with that, however i have a doubt if your firewall may be somehow blocking my server ip.
thanks.

Hi,
I'm getting a lot of lfd on server: Suspicious File Alert , generated by Breakdance page builder for Wordpress.
Looks like this:
File: /tmp/systemd-private-3d4985084fd3401ca76423f2a737ddb8-ea-php81-php-fpm.service-PysP3o/tmp/breakdance-746d3b64/twig-auto-generated-cache/69/6935f4b89776a7d6e242d5319b554acd.php
The file is always different.

How can I exclude /tmp/ folder or disable...

Hello,
i have a service to run only to 127.0.0.1 (for example 127.0.0.1:25000)
and i want to reach from public ip.

i can't expose service on public ip directly.
so my goal is redirect port 25000 to 127.0.0.1:25000 and apply ruleset from csf.

i try to
nano /etc/csf/csf.redirect
w.x.y.z|25000|127.0.0.1|25000|tcp

but
Error: csf: Incorrect csf.redirect setting ( ): , at line 3226

how i can do...

Hi!

My server uses for instance 1.1.1.1 and I want to redirect port 60000 (1.1.1.1:60000) to another server's 2.2.2.2:3392 TCP port.
For this I put the following in csf.redirect:
1.1.1.1|60000|2.2.2.2|3392|tcp

My problem is that this opens TCP port 60000 from anywhere. It doesn't matter what is in csf.conf TCP-IN section (60000 isn't in it, but if a put !60000 it locks it for everyone,...

Under CC_ALLOW_FILTER, I have this:

US,MP,PR,CA,TH,GU

But I'm still seeing connections from other countries. For example, I just now received an alert from CSF:

IP: 185.196.9.119 (CH/Switzerland/-)
Temporary Blocks: 5

Temporary blocks that triggered the permanent block:
Tue Jan 16 21:27:06 2024 (smtpauth) Failed SMTP AUTH login from 185.196.9.119 (CH/Switzerland/-): 1 in the last 3600 secs...

I cant send Email in Roundcube webmail, when click to send I have this error: SMTP error (504): authentication failed

I use CSF firewall and mail port is open. SMTP_ALLOWLOCAL is on, SMTP_BLOCK in on/off not defference, (I disable CSF but i have same error. Even if I remove CSF completely, the same error still exists.)

I use Cloadflare on my whm hostname and my main domain, but cloudflare...

I have created a file /etc/csf/csf.custom.deny which contains a single line:
11.22.33.44 # LHB

Then in csf.deny at the top I have a line:
include /etc/csf/csf.custom.deny # do not delete

I then restart csf and lfd (this is on a cPanel system on Centos using ipset)

When I lookup the address 11.22.33.44 via CSF, it does not appear. And if I look in the ipset chain chain_DENY the address does not...

In the new year, i'll potentially be migrating to a new server.
Is there a backup/restore feature in CSF so I can migrate my config over.
Or a cfg file buried away somewhere ?

I'll also need the same for mail scanner.

I'm having a really hard issue to figure out.

I have 2 computers on my local network. Several times now, one of the computers is unable to access several of the sites on my server, but the other can access them just fine! I confirmed that both have the same IP address, no VPN or anything.

If I disable CSF, both computers can access the sites with no problem.

I used Search for IP address , and...

I've pounded on this for quite some time now with the two following custom rules. Log locations set in the conf file, but nothing working. Please make recommendations if you run across this post.

The built in IMAP rules in CSF do not work on my server. Never have. Non standard Debian/Postfix/Dovecot setup to blame I suppose.

Trying to prevent the following. Below are errors, followed by regex...

I'm trying to migrate a WHM/CPanel server from Centos 7 to Alma Linux 8. In Alma Linux, Host Access control does not allow the same configuration as Centos.

In Centos host access control you can select the Daemon, the IP(s), and Allow or Deny. So for example in my Centos config I allow my IP to access SSHD and then I set the next rule to deny all other IPs to that same Daemon.

In Alma Linux...

I'm using Cloudflare, and dealing with attacks that LOOK like they're coming from Amazon / Cloudflare IPs. At 3:06pm today my server load went from 0.68 to 150 inside of 1 second :-O

When Cloudflare sends the IP, it shows up as X-Forwarded-For. I use Apache's mod_remoteip to change that to REMOTE_ADDR in Apache config, using:

RemoteIPHeader X-Forwarded-For

But I'm not whether CSF would see the...

I've been getting a ton of suspicious process alerts lately about a Perl script that hasn't been modified since 2020. So I'm pretty sure these are false alerts.

The email says:

Time: Tue Dec 12 15:18:14 2023 -0500
PID: 19935 (Parent PID:23922)
Account: nobody
Uptime: 99 seconds

Executable:

/usr/bin/perl

Command Line (often faked in exploits):

/usr/bin/perl...

I stopped receiving alert emails about SSH root logins, on all the servers i use CSF+LFD on... did something change in a recent update?

Hello.

I am starting to have a very large SMTP_ALLOWUSER. How do you create groups for use of SMTP_ALLOWGROUP? Presently it shows mail,mailman.

Thank you,
Larry

Hello,

I have a DNS querys problem with query.senderbase.org: since 3 weeks. After check I found a this page

I think Senderbase replace with Talosintelligence. Any idea this point ?

Regards