Hello all
I needs support. I am trying to protect the login to my application using regex.custom.pm
I added to /etc/csf/csf.conf > CUSTOM1_LOG = /var/log/apache2/my_log
log code
my.domain.com:443 1.1.141.25 - - POST /api/v1/hybrid/session/start HTTP/1.1 200 257 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
I need some help with to set up csf and cloudflare.
In the csf.conf i set up the following lines:
CF_ENABLE = 1
CF_CPANEL = 1 -> because i use cpanel with many users.
The Config said this:
# If the CloudFlare user plugin has been installed, enable this setting to use
# per cPanel account settings rather than listing each account in
# /etc/csf/csf.cloudflare
When CF_ENABLED is set to 1, Is there a log of CSF's interactions with CloudFlare?
I have mod_remote IP setup and working, mod_security is setup and working, and in the LFD log I can trigger the mod_security rules and see a block come up (I am testing via TOR):
Hi, I reported this on the cpanel forum as it was tied in with an exim issue I was having but they advised that I bring this over to your own forum for you guys to check out.
The emails I have been receiving from CSF (root access alert, high load alert etc..) are all going in to spam and when I look in to the header of the message, one of the high scoring spam markers is related to the content...
I wanted to take the time to come here to thank the developers of csf/lfd. I have been using it on many dedicated CentOS servers for years now and I never had a single problem. It's easy and powerful and I feel that my server are bulletproof!
I want to gradually switch to Debian and I was very happy to see that you also support this distribution.
Thank you very much for your great work!
It seems that this stopped working between October and November with the most recent IMAP block being on 02 Dec 2021. I'm not sure if it's related to the CSF 14.15 update that was released on 04 Dec. Looks like it updated on 05 December. This is affecting all our Interworx servers.
These are my IMAP blocks.
LF_IMAPD = 10
LF_IMAPD_PERM = 1
IMAPD_LOG = /var/log/dovecot/dovecot.log
and INTERWORX...
For the last few weeks, every night around 10 PM I receive emails from my LFD:
Subject: lfd on XXX.XXX.COM: SYSLOG Check Failed
Time: Wed May 26 21:38:05 2021 -0400
Error: Failed to detect code in SYSLOG_LOG
SYSLOG may not be running correctly on XXX.XXX.XXX
Any ideas where I should start to look? I opened a ticket with cPANEL and they say that they use rsyslogd instead and that it...
Looks like one of my servers is not upgrading... and probably for a while.
Upgrading csf from v14.08 to 14.17...
Retrieving new csf package...
Unpacking new csf package...
sh: line 0: cd: /usr/src: No such file or directory
tar (child): csf.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable:...
I can't explain why this is happening, but in recent weeks CSF has begun blocking outbound traffic to specific update servers for cPanel services. At first I thought it was all related to a forced server host name change by GoDaddy, but on further review it seems to be something else. The timing of it all just made it all suspect though.
I was wondering if CSF could get an option to send its signals to CrowdSec, and in return, the user would get the community blocklist associated with those signals.
CrowdSec supports custom signals, and by using CrowdSec, all CSF users would benefit from a tailor-made blocklist on signals from other CSF users and a global blocklist for global signals they...
I'd like to provide some feedback on the Server Check feature.
I've gotten scores up to around 95+ on all our WHM servers but I feel there are some items on there that aren't really bad conditionally. Obviously I've just been ignoring them so far as I understand why they can be ignored, though they could mislead other people.
For the last 24 hours or so, I've been getting e-mails saying that lfd failed to started due to a CHAIN_ADD failed (Device or resource busy) error. When I run the test iptables check in CSF inside WHM, it reports the following:
Testing ip_tables/iptable_filter...FAILED - Required for csf to function
Testing ipt_LOG...FAILED - Required for csf to function
Testing...
This started recently and I can't figure out what is causing it.
Hotmail, outlook, gmail, yahoo, client domains, configserver.com - with CSF enabled no mail is being received, but it appears all outbound email is working fine. If I disabled CSF all the mail starts coming in again.
I made no changes to CSF that would have caused this.
I have a GoDaddy dedicated VPS. At least 6 weeks ago, if not longer, GoDaddy began changing all server host name formats and retired the original format on Sept 15th.
Old format: ip-72-167-111.222-ip.secureserver.net
New format: 222.111.167.72.host.secureserver.net
And about 6 weeks ago I began experiencing problems where my server could no longer connect to outbound services like automated...
Recently we've started getting refused connections to other hosts from multiple servers, nothing is set to block these on the outbound server and a traceroute will follow the whole route bar the destination machine itself. As soon as CSF is turned off, connection can be established and traceroute completes; which would imply the server is blocking something this end thats necessary for...
Hello,
When messenger service is active, and specific subnet is blocked (in csf.deny), but one IP address of this subnet is whitelisted (in csf.allow), the user (whitelisted IP) is still being redirected to messenger service.
I think it because of IPSET chains order, messenger chain before allow chain.
hello, please advice
i have default settings, all working and 99% of clients can use ftp, but always i have 1% of clients who cannot login to ftp, no logs.
how i fix that> i add their ip to csf allow and to brute whitelist, then they able to login.
for example now clients from russia cannot login from different ips
Status: Finding an IP address for ftp.test.ee
Status: Connecting to...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum