ConfigServer Community Forum

We are warding off a country denial of service attack on a WHM Exim server that has been ongoing for around 1 week. The attack takes the form of 1000s of servers sending email to non-existing recipients on the Exim server, quickly overwhelming the Exim's server's connection count limit ` smtp_accept_max `. The default for Exim is 20 connections. The default for cPanel is 100 connections. In our...

I've seen a lot of threads related to using Cloudflare, but no answers :-( Hopefully this thread will be the exception!

I've always used CSF's CC_ALLOW_FILTER to block non-US IPs. But I started using Cloudflare in September, and now that all incoming IPs appear to come from Cloudflare I don't think that this is working.

I tried enabling CF_ENABLE, but nothing changed so I think there must be...

LFD is emailing me three times for all excessive SFTP usage. Not for other excesses.

I know I could add the SFTP executable to the pignore file but I want to receive these notifications.

How can I make it email just the once for each excess?

After making all needed updates in my Ubuntu 20.04 server and restarting it through WHM I was not able to access the hosted sites(they are not propagating) and I was not able to check for Ubuntu updates through apt-get update.
The configuration of the csf v14.20 was unchanged and before the restart it was working perfectly.
My port settings are the following:
TCP_IN =...

Hi all,

On my VPS I use:
- WHM/cPanel v114.0.11
- CloudLinux v8.8.0
- Plug-in: ConfigServer Security & Firewall - csf v14.20

I am a beginner.

On my VPS I host several websites for others. Also, the VPS serves as a mail server.

Part 1:
I perform all management tasks for my VPS from 1 fixed IP address for example xxx.xxx.xxx.xxx.xxx. This IP address should never be blocked and all ports...

I have tried this in my regex.custom.pm to use with the output from the error log file line(s) below but it doesn't work.

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ auth_basic:error \(\?\@(\d+\.\d+\.\d+\.\d+)\) /)) {
return ( Failed basicauth login from ,$1, basicauth , 7 , 80,443 , 1 , 0 );
}

The log file I have added as CUSTOM1_LOG returns the following when...

AlmaLinux v8.8.0 STANDARD kvm + CPANEL

Any idea how to completely unistall CSF from my WHM? I followed the famouns instructions but nothing happens.

==============
cd /etc/csf
sh uninstall.sh
==============

Thanks

Sorry I am sure this has been asked but i can't seem to find it. I have a server with multiple ( 16 ) ip addresses. What i want to do is open specific ports on specific ip address of that server so for example:
ip: xxx.xxx.xxx.xxx i want to open port 6697 but don't want that port open on ip: yyy.yyy.yyy.yyy

tcp|in|d=6697|d=xx.xx.xx.xx from what i understand would be like if i wanted to open port...

I am trying to configure csf to allow tcp and udp in and out on ports 1514,1515,5601 and 9200. After I save these changes in the csf.conf file, verify the changes have actually been saved and restart csf, the changes take effect for a few minutes to an hour and then the csf.conf reverts to it's default version by itself. This happens both when I do it from the terminal and when I use the UI to do...

Hi,

I would like to ask if there is a conflict in using ConfigServer Security & Firewall (CSF) even if we already have CloudFlare and Azure NSG. My understanding is that it will provide an additional security layer in WHM/CPanel, but our network admin has suggested not to install it due to a possible conflict. Any suggestions and recommendations are appreciated.

Thank you.

hi,
i have csf in centos7.9 with cpanel and when csf is enabled, host tracker cant ping ip server or any website,
when i disabled csf, everything is completely works fine,
so whats the problem?
in my all servers the problem is the same with csf.
* when csf is enabled, everyone can access their website or server but websites like host-tracker.com or check-host.net cant ping them with timeout error.

I've just gone through the process of upgrading from CentOS 7.9 to AlmaLinux using the cPanel elevate script and everything went through successfully.

However, since the upgrade CSF has stopped functioning.

I'm getting hourly alerts with the following errors:

Aug 12 11:10:12 server.xxxxx.com systemd : Starting ConfigServer Firewall & Security - lfd...
Aug 12 11:11:42 server.xxxxx.com systemd :...

Hello.

I'm having problems with outbound emails that contain links to images not displaying in the email unless I disable csf.

I can't imagine what setting within csf is causing this to happen, so:

1) where can I get a fresh install csf.conf file to compare it with and:
2) anyone have a clue why images would not display in this situation.

Thank you.

Hi there

Since a few weeks, 2 or 3, I started having a very strange issue.

The server cannot communicate on self (like doing a curl on it's own ip, or access an image from an url hosted on the same server).

I have 3 servers with the same os, same config, and only this one has the trouble.

Let's take an example of a php website that generates PDF, where in the pdf you have an image loaded by...

I have a new server running CloudLinux 8.8 and while csf starts, it gives the following errors at the end of the startup output;

Command:
Error:
You should check through the main output carefully

*ERROR* line:
Command:
Error:
You should check through the main output carefully

*ERROR* line:
Command:
Error:
You should check through the main output carefully

*ERROR* line:
Command:...

my python script it use requests lib , requests to graph.facebook.com (with alot of requests per seconds )
catch error showing :
HTTPSConnectionPool(host='graph.facebook.com', port=443): Max retries exceeded with url: /me/ (Caused by NewConnectionError(' : Failed to establish a new connection: Connection refused'))

when disable csf csf -x , it working perfectly.
all value of tcp_out, udp_out,...

Hi,
I see that Debian 12 isn't yet listed on the working distros, but not sure where to report this from my testing. Following my test server being updated to Deb 12 (Bookworm), CSF appears to work, but LFD fails to read logs. I get the failed SYSLOG email warnings - although it is writing the check code to SYSLOG, it's not able to read it. Looking at the debug log under debug level 2 every log...

Almost every day, I receive lfd failed email notifications, followed by 1 lfd recovered email notification.

I have a VPS with InMotion. They told me I should look for answers here.

Hi,

Is there any way to receice an alert if csf or lfd turn off?

Best
Joao

We use nf_tables on Debian 11, but on every configserver update the iptables are set back to legacy.

Very strange behavior and it breaks a lot of functionality over and over.

Any fix for this?