ConfigServer Community Forum

CSF or LFD do not detect failed logins via email and do not send report emails.
Hi, I've been using csf for a while now and I've noticed from the journal logs that there are several failed login attempts via pop and imap. It seems that these, unlike ssh login attempts, are simply ignored.
cat /etc/csf/csf.conf | grep mail.log
POP3D_LOG = “/var/log/mail.log”
IMAPD_LOG = ”/var/log/mail.log”
The...

we have written rule in csf allow to only allow connection to port 25 from server ip but we are being able to telnet to this port from another ip

rule is written in csf.allow

tcp|in|d=25|s=server ip

tcp|out|d=25|server ip

our intention is only the server should be able to send and receive mails that is we created mail and from cpanel we login into mail and from there only we should be able to...

Hoping someone can help me with this urgent issue.

All of the sudden, our ecommerce site stopped making connections to PayPal.

I think the issue may be with CSF for some reason (happened overnight) but I cannot figure out how to troubleshoot it.

1. Port 443 is listed in the TCP_IN and TCP_OUT configuration.

2. The nslookup for paypal is fine:

nslookup paypal.com
Server: 10.0.80.11
Address:...

I have a web site that I do not want to be accessed from outside of our local network.

It resides on it's own IP address, so I used the Deny Server Ips feature to block all traffic on it's public IP.

But I can still access it from anywhere.

I notice that the purpose of this feature is to allow blocking of all traffic on server configured IP’s if they’re not in use .

Does that mean that if an...

Hi!
Suddenly today I get this error in the log and it is all 4 blocklists that it cant find. It have worked for 2 month without a problem. What can be wrong

This is the lines in blocklist

csf01|86400|0|
csf02|86400|0|
csf03|86400|0|
csf04|86400|0|

Regards
Anders Yuran

Hello,

Could someone tell me how to make all together the:
CSF smtp auth +
localhosts +
tls cipher
- part of the rules in the
auth_advertise_hosts= section
of exim.conf?

auth_advertise_hosts =
localhost : ${if eq{$tls_in_cipher}{}{}{*}}
${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}

So these two lines should work together in the auth_advertise_hosts rule of...

As indicated:

Is there any guidance or roadmap from CSF on --gulp-- firewalld, or other, as RHEL seems to indicate these may be dropped in the next version.

Thank you.

I am running a WHM CloudLinux8 based dedicated server that has both ModSecurity and CSF/LFD (v14.22) installed.

Despite being set-up correctly as far as I can see, CSF is neither temporarily nor permanently blocking any repeat offender IPs recorded by ModSec in the server's main error_log

I can see lots of IP entries and rules matches in WHM > ModSecurity > Tools so I know ModSec is working....

Something has happened overnight and blocklists cant be downloaded.
lfd.log

Feb 6 07:20:36 server lfd : Unable to retrieve blocklist CSF03 - Unable to download: Can't connect to raw.githubusercontent.com:443 (Name or service not known)

One of client informed me that, he is unable to access their site hosted in my server. I then accessed their PC using anydesk, their IP was in firewall whitelist still they were unable to access. I then stopped the firewall using command line and it started working, then started the firewall and it stopped working again. I then stopped CSF and started the firewall from WHM menu and then it was...

Since the Comodo ruleset is dead, I'm trying to switch over to OWASP.
Mod_Security & the OWASP ruleset are installed on a CWP server.

But when I do, LFD doesn't send the email alert or add it to the csf.deny

CSF setting are:

LF_MODSEC = 5
LF_MODSEC_PERM = 1

I have tried different paths of MODSEC, the default is:
MODSEC_LOG = /usr/local/apache/logs/error_log
and
MODSEC_LOG =...

I see that csf blocked ips are logged in /var/log/messages.
Is there a way to have it log the name of the blocklist that triggered the block?
I am using /etc/csf/csf.blocklists to specify blocklists.
something like iptables LOG --log-prefix some name: ?

thanks.

Hi!
Newbi on CSF
Perhaps obvious answer but I dont find

If I allow 1 country in the allow list and the deny list is empty, does it mean that all countries exept the one allowed is denied

I'm trying to switch over from the Comodo ruleset (Since they are dead now) to OWASP.
CSF/LFD is being used with CWP (Control Web Panel).

Need some help.

I use to get LFD notifications and automatic blocks when using Comodo, but now I get neither.

/etc/csf/csf.conf shows:

LF_MODSEC = 5
LF_MODSEC_PERM = 1
..
..
MODSEC_LOG = /usr/local/apache/logs/error_log

I tried changing it to...

I have the following port range open in TCP-OUT in firewall configuration 49152:65534
I'm trying to use ftp client to copy some backups on FTP, which cannot switch to passive mode.

Firewall: *TCP_OUT Blocked* IN= OUT=ens224 SRC=192.168.1.248 DST=192.168.1.203 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=10054 DF PROTO=TCP SPT=44083 DPT=55600 WINDOW=32120 RES=0x00 SYN URGP=0 UID=0 GID=0

The firewall is...

I changed from cPanel to CWP Control Panel and I am running the latest version of CSF and everything was fine until the otherday I could not access any domain on my server, yet I can access any IP on the server so when I need to access a domain I have to disable CSF.

I have my IP in csf.allow & csf.ignore and it is still blocking me on Port 80 and I cannot figure out why, anyone have...

csf v 14.22

I have noticed a lot of cloudflare IP's accessing my site. I added them to my csf.deny file but see they are still accessing my site.

Using cPanel and WHM.

Any ideas why they can still access the site? Been using csf successfully prior to this.

csf.deny:

cPanel latest visitors:

WHM showing csf running

WHM server status:

Hi,

I recently installed CSF with default rules in a cPanel/AlmaLinux with LiteSpeed.
When accessing a link like Safari keeps loading until error connecting...
If I disable CSF it works.

I can't find any logs about this issue... no logs for blocked or other issues, it just drops...

Does this error indicate a Zone file error? If so, what is the best way to correct it?
*ERROR* line:
Command:
Error:

This network is found in /var/lib/csf/Geo/ip2asn-combined.tsv & /var/lib/csf/zone/us.zone

HI I enabled the web UI for CSF, getting connection reset by peer while doing a curl

The webpage at might be temporarily down or it may have moved permanently to a new web address.

ERR_UNSAFE_PORT

UI = 1

# Set this to the port that want to bind this service to. You should configure
# this port to be >1023 and different from any other port already being used
#
# Do NOT enable access to this...