I have 3 servers, the master-server knows of the slaves, the slaves do not know about each other, but they do know about the master.
When i send a csf -cd xxx.xxx.xxx.xxx from one of the slaves, the master-server blocks the IP but does not sync it on the other slave.
How do i configure my servers, so that if i send a csf -cd from one slave to the master, the master then syncs it to the other...
Since latest Ubuntu update (23.04) I've noticed that CSF stopped working correctly. I didn't notice any temp nor perm IP ban. There is also no mail notification about that, but in logfile I see that there is many same connections which are refused after some time/connections. I'm really not sure WHERE is the problem, because before update all seems work well. There is no new changes in...
Hello, I have seen other systems using csf and when your password is incorrect a certain amount of times it brings up a ban screen which you can then complete a captcha to unban. I have enter my captcha details and tried everything I could find on the web nothing works, currently when i get banned I just cant access my whm cpanel or server etc but I cant unban myself. Does anyone know why this...
I was trying to figure out why changes to blocklists and firewall configurations didn't seem to be taking effect. After digging into it more today, I think I have found a potential bug.
When restarting csf and lfd through csf -ra or through the web interface, the web interface reports back that CSF and LFD were restarted, however when checking the service status with systemctl status lfd.service...
Suppose my server IP is 1.1.1.1. I have script in servers like 2.2.2.2 and 3.3.3.3 that they connect to 1 every 10 minutes. I'm receiving SSH alert email every 10 minutes.
I didn't find a way to exclude the 2 and 3 IPs so that there won't be emails from them.
I should mention that accessing to servers are limited to specific IPs, so I don't worry about this request.
I am trying to ignore entries in my /usr/local/cpanel/logs/error_log, where my hosting company does not allow use of the cPanel Store directly. The hosting company also resells the cPanel add-on products.
My server environment is:
OS: CentOS v7.9.2009 STANDARD virtuozzo
cPanel Version: 110.0.9
The special need is that the error_log entry begins with a date/time, and then there are subsequent...
Have been using CSF for many years. But now started seeing a very strange behaviour in Debian 11. Even after doing csf --disable, I still see blocks happening. I verified CSF is stopped and there are no rules in iptables.
# iptables -L -n -v
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 67390 packets, 53M bytes)
pkts bytes target prot opt...
Following investigation there is a change in Perl 5.38 which breaks LFD.
As soon as one of the log files causes an error (e.g. is simply not present), all future log file reads on any file will fail until the error is cleared.
I solved this by adding a clearerr call before each log read, which is in the LFD file and the function getlogfile (around line 2195 for the function start).
One would think this would be easy but apparently its not...or its not possible.
I need to block ALL IPs from a specific domain, the problem is the domain has hundreds of IP CIDRs and its virtually impossible to block them all from standard IP deny lists - as well, about every 2 to 3 months, they seem to add on new ones. My server is taking on more and more vulnerability scans from this domain -...
Dear friends,
I have a VPS Ubuntu, I changed the default port ssh from 22 to 2222. I want to know, after I changed the default port ssh, Does CSF block the access if they were failed to login?
Hello! maybe someone can help me, tried googling but found nothing, I have CSF working perfectly fine but every now and then I have to access my server thru the VNC client from Virtualizor, the problem is that when I open the terminal this is flooded by CSF output (which I already disabled from the logs) making it useless, and afaik this shouldn't be happening, anyone knows how to fix this?
Any...
We have several servers with CloudLinux 7, cPanel and LiteSpeed with these entries in csf.conf:
CPANEL_LOG = /usr/local/cpanel/logs/login_log
CPANEL_ACCESSLOG = /usr/local/cpanel/logs/access_log
On several other servers with the same configuration, however, these entries are not present. We do not define these entries with automation tools, and cPanel has no idea from where these...
For some reason CSF firewall is blocking me and anyone else on Verizon mobile but yet if I go through a VPN I can get to CWP. But while on Verizon mobile I cannot reach any of my websites or my CWP panel but if I turn the firewall off I get in just fine. I have cleared all the blocked IPs I have added every one of my IP addresses to the allow always allow I should say and I still cannot get there...
We have multiple servers with cPanel using CSF/BFD Firewall and have noted that, comparing that with CWP7Pro, there is an important difference between the LFD email blocking reports which is affecting the troubleshooting.
Let me explain that better:
In cPanel we get this kind of LFD blocking emails:
Subject: lfd on server02.1ahost.com: blocked 185.28.39.67...
I've just update a VM to debian 12 and LFD keeps saying that syslog in not running. I've checked syslog and the code is there. It seems it doesn't read log files at all. I don't receive login notifications or anything related to lfd reading log files.
I've activated the debug mode in csf.conf but it just says that it is parsing the different log files but always with 0 lines read.
I was wondering if there's a way to configure CSF not to block IPs of failed login attempts to IMAP that aren't providing a username. I find that the majority if not all of this type of blocks happen to people with wrong settings configured (e.g: secure port with no encryption selected).
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum