ConfigServer Community Forum

I addedd a single IPv4 row in my /etc/csf/csf.allow:

10.0.0.1

When I do iptables -S I can't find th ip 10.0.0.1. Anyone know the reason?

Note that all traffic from 10.0.0.1 is allowed!!!

Thank you

# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-N ALLOWIN
-N ALLOWOUT
-N DENYIN
-N DENYOUT
-N INVALID
-N INVDROP
-N LOCALINPUT
-N LOCALOUTPUT
-N LOGDROPIN
-N LOGDROPOUT
-A INPUT -s...

Before last week after a kernel upgrade I could do a speed test and get 40mbs ... Now something has changed and it's come to a crawl when i try moving files. Disabling CSF/LFD and/or using csf -f fixes it immediately. Yes.. yes.. the rules are all stock and I reinstalled. No joy.

Something like this test below should be about 17 seconds... But if I don't flush the firewall? It now chugs and...

Good morning, I manage a couple of whm servers on centos 7 with imunify360 and csf, within the last couple of days the servers have become really unstable. To the best of my ability it seems like I have isolated the cause to be is LFD causing the servers to run out of memory and the way was able to prove it is the following.

A couple of days ago I was receiving e-mails from one of my servers...

Hi,

when add blocklist on csf.blocklists ,
where will the ip stored ? ram or ?

will it slow down site and server performance when i add 1M ips ?

thanks

It looks like my CSF configuration is on a trajectory to permanently block the entire internet.

All of these blocks have been triggered because of LF_DISTATTACK.
All of the blocks so far are from SMTPAUTH failures.
In the past 4.5 days CSF/LFD has blocked 836 LF_DISTATTACKs and entered them into csf.deny.
99+% of the blocks are with a SetID=floyd or SetID=floyd@mydomain.com.

I realize that...

Hi community!

Simple question, Can I use scripts on Debian 11, iRedmail 1.6.3 thinking, iRedmail now works with NGINX and PostgreSQL / MariaDB to manage my mail server on iRedmail?

OS: AlmaLinux 8.6 / CloudLinux 8.6

Kernel: Linux cp10 4.18.0-372.19.1.lve.el8.x86_64 #1 SMP Tue Aug 9 15:56:43 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux

Linux Virtual Machine running on Proxmox with KVM

System is to date

As soon as I enable CSF, I cannot connect to any website on port 80 or 443

Looking at the firewall logs, it seems port 80 gets redirected to 19080 and port 443 gets redirected...

CSF is blocking all external email (gmail, hotmail, yahoo, etc). I have seen a few discussions on this topic here but nothing specifically fixes the problem.

CSF v14.18
WHM/cPanel 110.5

External emails work fine when CSF is off. I saw one thread that mentions something about WHM v110.5 and sshd and smtp settings but the solution is not specific enough to implement.

SMTP Restrictions is...

Have you tried to add your server IP into CSF.IGNORE?

I have enabled IPV6 in csf.conf - but a specific IPV6 address continually hitting my server - how to block it ?

I put it in the /etc/csf/csf.deny: but it is not stopping it

Please help;

Hello,
Can anyone explain how to set LFD to send only one summary e-mail report per day?

Thanks,
P.S.: Sometimes we receive thousands of such Login failure alerts per day.

Time: Tue May 2 11:01:20 2023 -0300
IP: 34.126.78.62 (SG/Singapore/62.78.126.34.bc.googleusercontent.com)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Permanent Block

Log entries:
May 2 10:50:23 xbeta sshd : Invalid...

Hello,
I am using whm with csf, csx, and i have zerotier on the server (www.zerotier.com).

From time to time, zerotier goes offline and cannot connect to its network.
To fix this, i stop csf, restart zerotier, it turns on, i turn back on csf. It works for a while.

I have enabled the ports in csf config.

What shall i try next to do?

Thank you

Hello

I have two related questions if you could answer, I would be very grateful;

1) I am using Mod security as well as CSV on my Apache Centos server. I have been getting some IPV6 attacks and mod security is adding them to the mod security block just fine - but how can I manually add the offending IPV6 address into CSF? For example this one: 2a03:6f00:1::5c35:601e - when I try to add it I get...

Hi

very new to configserver and trying to figure it al out.

Getting loads of these in my logs, how can i block them?? cannot seem to find anything?
Thank you

Apr 18 07:19:18 submission-login: Info: Client has quit the connection (auth failed, 1 attempts in 20 secs): user= , method=LOGIN, rip=46.148.40.92, lip=removed, session=

Hello ALL,

I use centreon to monitoring my servers.

centreon client use SSH to connect to my other servers every 5 min to check process running for exemple.
So I receive email every 5 min...

Account: customuser
Method: publickey authentication
Log line:
.. Accepted publickey for customuser from ... ssh2: ...

Is there any method disable emails for this specific user/ip source ?

Thank you for...

Hello

we have a strange issue on one server.

Customer have IP in allow list, but canno access to server.
IP is also not in any deny list.

If we disable csf customer can access without issue

Thanks for any help / suggest

Hello,

I have a VPS hosted by Hetzner, with Almalinux 8 and Webuzo control panel.

I disabled firewalld and I installed CSF via Webuzo.

I had many trouble to configure it.

In the Webuzo/Security/IP block list, I have many times these address blocked:
- 185.12.64.2
- 185.12.64.1
- 0.0.0.0

I doesn't affect the usage of my website, but I do not understand what is the reason.

These address are...

LFD sends emails without Message-ID which causes gmail to flag ethese emails as SPAM

Refer

And with ongoing emails being generated by ldf, the spam rate originating from domain/ip goes high and eventually makes a negative impact on the reputation of the ip and domain

This is definitely a critical bug and needs to be addressed
Kindly treat this as critical to be addressed on urgent priority

Hi,

on my cpanel/litespeed server.

i try to type wrong login at host:7080 many times,

but my ip still does not be blocked by csf,

is it normal ?

how can i let csf/lfd detect it and blcok the ip as ftp/cpanel login fail.

thanks

Hi, I have CSF monitoring one of my files, and it's not picking up non-standard log lines generated by LiteSpeed. I have a ton of these:

2023-04-07 10:44:40.487175 [ :39787-22#_AdminVHost:lsapi] Failed Login Attempt - username: admin ip: 185.220.100.253 url: https:// /login.php\n

By my understanding, I should just have to add the log file to (for example) CUSTOM3_LOG in csf.conf, and then write...