can the PT_USERMEM setting be set to a higher level that 1024 it states but we have a lot of big busy Wordpress sites that ofter hover around 2Gb per process and wanted to keep the alerts coming but at the higher rate...
I have been running a server with the GUI active on ConfigServer Security & Firewall - CSF v14.17 for many years. I currently have a site running on it that has an SSL certificate on it:
When I tell Chrome to view the certificate, I see that it is issued to the common name of server.domain.com and is up to date. It has been using Let's Encrypt and operating for many years.
On one of my servers, on or about Feb 1, 2023, CSF started blocking email connections from any IP address that was not listed in /etc/csf/csf.allow. The Resolving IP addresses in WHM are listed in both CSF.allow and CSF.ignore. I restored the protection_medium profile to make sure it was not a setting that I had somehow messed up. This did not resolve the issue. Both servers are running csf...
Hello!
I am having many blocks on port 38950 (rdp)
the ip (177.206.81.190) is trusted, but it is dynamic.
what can be done to solve this blocking?
7695 Feb 10 07:53:18 node113498-nginx lfd : *Port Scan* detected from 177.206.81.190 (BR/Brazil/177.206.81.190.dynamic.adsl.gvt.net.br). 11 hits in the last 175 seconds - *Blocked in csf* for 3600 secs
MESSENGER was working on my server but now, isn't. I checked all the log/configuration and didn't find why. Is there any option to restore the values to default, rebuild the files, etc?
I have tried the MESSENGER V3 and it is not working on my server.
I have done the following:
1. Created SITEKEY and SECRETKEY V3 at recaptcha google for my server.
2. Set V2 to 0
3. Set V3 to 1
4. Changed SITEKEY and SECRETKEY from V2 to V3.
5. Restarted CSF.
6. Created a temporary IP BLOCK.
7. Tested a web site and the RECAPTCHA showed on, tried the UNBLOCK and then tried to access...
I am using DUC IP on my home computer and have verified that my public DNS name is `myHost1.ddns.net` - yet my computer is not able to SSH to my server. The only way I can SSH in is if I add my home networks IP to the `Firewall Allow IPs`
Hello!
I have set the port scan function to below on Debian 10:
PS_INTERVAL = 60
PS_LIMIT = 20
seems to consider all 443 connections as new connections and ban the client Any idea why this might be?
Hello!
Time: Thu Jan 26 16:51:58 2023 +0100
IP: 195.38.120.xxx
Hits: 21
Blocked: Temporary Block for 3600 seconds
Sample of block hits:
Jan 26 16:51:13 server kernel: Firewall: *Port Flood*...
As of about a week ago CSF appears to be timing out processing of queued emails. If the message is sent manually using WHM > Mail Queue it times out.
Nothing more specific than connection timeout is reported.
At the same time we started getting random calls from clients, their website wouldn't load for them, mail app can't connect etc.
We have flushed everything, restarted and...
While CSF is active, it also blocks the IP of normal users. How can I find a solution to this? The IP of our customers using Outlook is blocked. Since the ip is not fixed, it is not a solution to remove ip.
Hello
I am trying to filter incoming messages via CSF
When I apply this:
if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\ : warning:.*\ : SASL *? authentication failed/)) {
return ( Failed SASL login from ,$1, mysaslmatch , 3 , 25 , 1 );
}
This does not break, I do not see the IP blocked in the management.
Any idea?
Mz
A new server with Cloudlinux installed, Installed CFS, but all messages are logged to the console, making the console unusable.
I have no idea what setting needs to be done for this to stop. Any help is appreciated, as I am sure I am not the only one. This was presented before here: (but no fix was provided)
Instructions I think how to block tor in /etc/csf/csf.blocklists by uncommenting this line (remove the #):
#TOR|86400|0|
and in /etc/csf/csf.conf make sure URLGET is set to use LWP then restart the firewall
We leave the ip=1.2.3.4 and don't change it to our server ip address?
I'm using Logwatch and have noticed a bunch of logs coming in for ICMP.
For example:
iptables firewall
Listed by source hosts:
Logged 1760 packets on interface eth0
From 3.87.248.151 - 1 packet to icmp(8)
From 3.231.165.178 - 2 packets to icmp(8)
From 3.236.183.212 - 2 packets to icmp(8)
From 3.236.184.164 - 3 packets to icmp(8)
From 3.237.184.3 - 1 packet to icmp(8)
From 3.238.39.131 - 1...
I run a MyBB forum, and MyBB utilizes PHP mail() for account activation e-mail addresses. In my csf.deny, I have 0.0.0.0/0 denied. This is to prevent all incoming requests directly to the server. The website is only accessible by going to the domain. The issue with this, is that it makes PHP's mail() function a little finicky. Is there a way with CSF to block all incoming requests, but allow all...
I am using block_all_temp profile to temporarily block the IPs attempting a brute force attack. using this profile, it only allows me to block the IPs for 1 hour aftr this the IPs get unblocked. i want to customize this time to 5 min for example. so that, any IP trying brute force attack will be blocked for 5 minutes only. help will be grateful.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum