ConfigServer Community Forum

I installed this VPN script on a CentOS 7 WHM system with CSF

While I am able to connect to the VPN successfully, I cannot connect to any website or service over the VPN until I execute this command via SSH
systemctl restart iptables

But if I execute above command, it ignores csf.deny IP addresses. So I go and restart the CSF and I'm back to the previous paragraph scenario.

Appreciate any...

I travel a lot and find myself at a location where the IP address allocated to me changes every few minutes/hours. I am struggling to enter the correct instructions in the WHM/CPanel firewall to allow an entire block of IP addresses. I would like to allow all IP addresses at :-
98.186.XXX.XX
&
172.56.xxx.xxx

How can I do this?
regards

Hello,
I'm new in csf and trying it.
According to I added to NL CC_DENY for a moment.
csf restart
But maillog still outputs
Mar 6 18:58:24 host postfix/smtpd : connect from unknown
Mar 6 18:58:31 host postfix/smtpd : warning: unknown : SASL LOGIN authentication failed: authentication failure
Mar 6 18:58:31 host postfix/smtpd : disconnect from unknown ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4...

Host: CentOS Linux release 7.9.2009 (Core)
cPanel: 108.0.11
CSF: 14.17

CSF runs for a while (days) then I get an e-mail that lfd is down (becase it can't restart csf). When I check csf, it is zombied. Almost any command that starts 'csf...' hangs. I can either kill it and let it restart, or I can do a csf -r (or a -f and -s) and wait 10 minutes for it to reload (There are a lot of blocks in the...

Folks,

I had problems with the Country Code CIDR lists from DB-IP, ipdeny.com, or iptoasn.com.

The CIDR lists contained US IP Addresses for Google.com, Googleapis.com, YouTube.com and various ISPs.

I was blocking these Country Codes:

CN,RU,KR,TW,VN,BZ,HK,BR,UA,KZ,CO,AR,BY,KG,PE,VE,TH,TN,AM,BG,TR,DZ,EG,CL,IQ,AZ,AL,LA,NG

Best Regards,

Jim

Hi all,

is it possible to configure LFD to report SSH alerts only from unknown IP addresses or Mac addresses via email?

Disabling SSH login alerts completely is out of the question, as I really appreciate this feature. However, it is also annoying when I have to log in several times myself and end up getting spammed about my own logins.

Kind regards

I've raised my max memory setting to 768MB and my max RSS Memory Setting to 512. These are much higher than the default settings. On a Linux server those are pretty large chunks of memory for an application to use. Nothing else triggers an LFD warning except Wordpress websites and I get a warning on the 768MB and 512MB limits about once or twice a day running 4 relatively medium traffic Wordpress...

Usually, when logging in server, LFD sends out a notification, and it includes correct location of my IP. However, for some locations, the IPs are recognised as Russian, while I am sitting in Oslo, Norway :)

I haven't changed any setting in Country Code Lists and Settings part yet. The default CC_SRC=1, which is using MaxMind. Now, do I need to enter MaxMind License Key for using correct IP...

can the PT_USERMEM setting be set to a higher level that 1024 it states but we have a lot of big busy Wordpress sites that ofter hover around 2Gb per process and wanted to keep the alerts coming but at the higher rate...

Hello,

I have been running a server with the GUI active on ConfigServer Security & Firewall - CSF v14.17 for many years. I currently have a site running on it that has an SSL certificate on it:

When I tell Chrome to view the certificate, I see that it is issued to the common name of server.domain.com and is up to date. It has been using Let's Encrypt and operating for many years.

I currently...

On one of my servers, on or about Feb 1, 2023, CSF started blocking email connections from any IP address that was not listed in /etc/csf/csf.allow. The Resolving IP addresses in WHM are listed in both CSF.allow and CSF.ignore. I restored the protection_medium profile to make sure it was not a setting that I had somehow messed up. This did not resolve the issue. Both servers are running csf...

Hello!
I am having many blocks on port 38950 (rdp)
the ip (177.206.81.190) is trusted, but it is dynamic.
what can be done to solve this blocking?

7695 Feb 10 07:53:18 node113498-nginx lfd : *Port Scan* detected from 177.206.81.190 (BR/Brazil/177.206.81.190.dynamic.adsl.gvt.net.br). 11 hits in the last 175 seconds - *Blocked in csf* for 3600 secs

Feb 10 07:51:26 node113498-nginx kernel:...

Hello,

MESSENGER was working on my server but now, isn't. I checked all the log/configuration and didn't find why. Is there any option to restore the values to default, rebuild the files, etc?

Thank you.

Hi, Chirpy.

I have tried the MESSENGER V3 and it is not working on my server.

I have done the following:
1. Created SITEKEY and SECRETKEY V3 at recaptcha google for my server.
2. Set V2 to 0
3. Set V3 to 1
4. Changed SITEKEY and SECRETKEY from V2 to V3.
5. Restarted CSF.
6. Created a temporary IP BLOCK.
7. Tested a web site and the RECAPTCHA showed on, tried the UNBLOCK and then tried to access...

In the `lfd Dynamic DNS` config section I have three subdomains listed:

myHost1.ddns.net
myHost2.ddns.net
myHost3.ddns.net

I am using DUC IP on my home computer and have verified that my public DNS name is `myHost1.ddns.net` - yet my computer is not able to SSH to my server. The only way I can SSH in is if I add my home networks IP to the `Firewall Allow IPs`

How can I resolve this so I can...

Hello!
I have set the port scan function to below on Debian 10:
PS_INTERVAL = 60
PS_LIMIT = 20
seems to consider all 443 connections as new connections and ban the client Any idea why this might be?

Hello!

Time: Thu Jan 26 16:51:58 2023 +0100
IP: 195.38.120.xxx
Hits: 21
Blocked: Temporary Block for 3600 seconds

Sample of block hits:
Jan 26 16:51:13 server kernel: Firewall: *Port Flood*...

Solved, Thx.

Hi,

I am getting tons of email from csf lfd on server.xxxxxxxx.com: Suspicious process running under user xxxxxxx

Just want to know if this can be added in csf.pignore? Is it safe

Any help will be highly appreciated.

Time: Thu Jan 26 11:01:09 2023 +0530
PID: 5587 (Parent PID:4853)
Account: torqueparmap
Uptime: 135550 seconds

Executable:

/opt/cpanel/ea-php73/root/usr/bin/php-cgi

Command...

Disabling CSF makes them work as normal. Obviously I don't want to run with CSF disabled.

I've added various ports in, reset it, reinstalled it but nothing works other than fully disabling it.

The message I get from mail-tester.com is Your SMTP or web host is probably blocking your emails .

If this a know issue and is there a fix?

Thanks

Dave

As of about a week ago CSF appears to be timing out processing of queued emails. If the message is sent manually using WHM > Mail Queue it times out.
Nothing more specific than connection timeout is reported.
At the same time we started getting random calls from clients, their website wouldn't load for them, mail app can't connect etc.
We have flushed everything, restarted and...