ConfigServer Community Forum

Hello,

I'd like to test a custom rule in regex.custom.pm, whats the best way to test this manually, so I can debug it?
I added a print statement in there, however it's not being shown if I run /etc/csf/lfd.pl -f .

Thanks

Hello,

To spot some hacked websites and some virus, I'd like to have a log of all outgoing traffic on a list of specific ports. Is this achievable on CSF or I have to manipulate directly iptables?

Thanks in advance.

I have an AlmaLinux 8 server running CSF + LFD, using ipset for a larger corpus. Load looked very, very high, and I noted in the web server logs that IPs which were blocked in CSF were hammering some of my domains. So I did a systemctl status on iptables. It responded that iptables was dead . systemctl status csf showed that CSF was running.

I did a systemctl iptables start , and load plummeted...

OS type and version Debian Linux 12
Virtualmin version 7.30.4 Pro

I’ve installed CSF (Firewall version 14.24) following:

I’ve configured it, checked and followed the information from a previous discussion.

Firewall status : Enable and running

perl /usr/local/csf/bin/csftest.pl
Say everything is ok.

Check security : Server Score: 39/39

Watch System Log has output (all 4)

Mar 8 21:27:59...

At I see 2 buttons View lfd statistics and view system statistics.

These are not displayed on my CSF. (Installed on Debian12)
Is there something to be done at csf.conf ?

PS : I have a log issue (

Hi,

I recently added Abuse IP DB to my CSF blocklists file as I've seen an increase in web scanning, and all of the source IPs were listed on AbuseIPDB, so I figured it may be a good source to add to CSF blocklists..

I noticed some unwanted traffic this morning, and the IP was on AbuseIPDB, so I started digging and found that the csf.block.abuseipdb file in /var/lib/csf only contains around...

Hi all,

Used the CC_DENY option to block AS16276 since some bots hosted there are hammering my site.

Noticed email to some users can no longer be delivered, seems that their mail server is hosted on AS16276 (mail.ovh.net).

Is there any solution to fix both problems? Continue to block AS16276 but allow mail to be delivered?

R=lookuphost T=remote_smtp defer (110): Connection timed out...

I just downloadded csf.tgz from but the checksum doesn't match with

Should be 58c6a89ed533e56a76da6fac7ae07556754f37a609e0cccbeaf5239c390085d8 csf.tgz

This is what I get:
# sha256sum csf.tgz
2ed60f1ef0a49d9b6812e181703ed04b48aa509b9480d643e561dbc35ce10658 csf.tgz

Thoughts?

I received the following notice from LFD and usually when I get these it just means that CSF/ LFD updated.
```
Time: Tue Feb 25 12:51:14 2025 -0500

The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:...

With latest version (14.23) cant login to CSF UI any more, username/password is corrrect, /var/log/lfd.log
Feb 27 17:25:51 mhxxxxxxx lfd : UI: Successful login from 188.129.xxx.xxx

but after login, there is loop got same login page with other slug... for example

etc...

have tried with all browsers, 4 diff VM have same error, cant login to admin panel :confused:

So we're running a Proxmox server with several LXC containers, Proxmox is Debian, and Containers are Centos 7. We install CSF on both the Host and the Containers.

We configured everything properly and running 'perl /usr/local/csf/bin/csftest.pl' under the container gives OK on all tests:

# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing...

CSF or LFD do not detect failed logins via email and do not send report emails.
Hi, I've been using csf for a while now and I've noticed from the journal logs that there are several failed login attempts via pop and imap. It seems that these, unlike ssh login attempts, are simply ignored.
cat /etc/csf/csf.conf | grep mail.log
POP3D_LOG = “/var/log/mail.log”
IMAPD_LOG = ”/var/log/mail.log”
The...

we have written rule in csf allow to only allow connection to port 25 from server ip but we are being able to telnet to this port from another ip

rule is written in csf.allow

tcp|in|d=25|s=server ip

tcp|out|d=25|server ip

our intention is only the server should be able to send and receive mails that is we created mail and from cpanel we login into mail and from there only we should be able to...

Hoping someone can help me with this urgent issue.

All of the sudden, our ecommerce site stopped making connections to PayPal.

I think the issue may be with CSF for some reason (happened overnight) but I cannot figure out how to troubleshoot it.

1. Port 443 is listed in the TCP_IN and TCP_OUT configuration.

2. The nslookup for paypal is fine:

nslookup paypal.com
Server: 10.0.80.11
Address:...

I have a web site that I do not want to be accessed from outside of our local network.

It resides on it's own IP address, so I used the Deny Server Ips feature to block all traffic on it's public IP.

But I can still access it from anywhere.

I notice that the purpose of this feature is to allow blocking of all traffic on server configured IP’s if they’re not in use .

Does that mean that if an...

Hi!
Suddenly today I get this error in the log and it is all 4 blocklists that it cant find. It have worked for 2 month without a problem. What can be wrong

This is the lines in blocklist

csf01|86400|0|
csf02|86400|0|
csf03|86400|0|
csf04|86400|0|

Regards
Anders Yuran

Hello,

Could someone tell me how to make all together the:
CSF smtp auth +
localhosts +
tls cipher
- part of the rules in the
auth_advertise_hosts= section
of exim.conf?

auth_advertise_hosts =
localhost : ${if eq{$tls_in_cipher}{}{}{*}}
${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}

So these two lines should work together in the auth_advertise_hosts rule of...

As indicated:

Is there any guidance or roadmap from CSF on --gulp-- firewalld, or other, as RHEL seems to indicate these may be dropped in the next version.

Thank you.

I am running a WHM CloudLinux8 based dedicated server that has both ModSecurity and CSF/LFD (v14.22) installed.

Despite being set-up correctly as far as I can see, CSF is neither temporarily nor permanently blocking any repeat offender IPs recorded by ModSec in the server's main error_log

I can see lots of IP entries and rules matches in WHM > ModSecurity > Tools so I know ModSec is working....

Something has happened overnight and blocklists cant be downloaded.
lfd.log

Feb 6 07:20:36 server lfd : Unable to retrieve blocklist CSF03 - Unable to download: Can't connect to raw.githubusercontent.com:443 (Name or service not known)