ConfigServer Community Forum

hi,

i wish i could use the LF_NETBLOCK function of csf in directadmin. this function would allow me to have a list of really malicious ip while avoiding false positives. BFM works very well, but many users are blocked very often because they are unable to configure an email client. the function of CSF would help me to better manage the problem. afterwards, the generated list of csf.deny is sent...

For few days i have been receiving errors from users trying sending email to Gmail accounts that spf/dkim is not showing
than another domain that ptr is not working.
I have Assp Running so i tought that was the issue but after disabling ASSP Services the error Continued.

Than i Turn Off CSF and all emails started going trough so was happy but than 2 hrs later it started getting block again.......

Hello, we want exclude a spesific user or spesific process for mail notification with csf.pignore.

Mail Notifications:
1
Excessive resource usage: username

Time: Tue Jun 29 15:59:06 2021 +0300
Account: username
Resource: Process Time
Exceeded: 1818 > 1800 (seconds)
Executable: /usr/local/cpanel/3rdparty/php/73/sbin/php-fpm
Command Line: php-fpm: pool user_username
PID: 6898 (Parent...

How to create firewall group inside CSF and block all IP's using shodan.io?
An example:

The include option in /etc/csf/csf.allow no longer loads the rules

Hi guys

Is there any special requirements for running CSF on cPanel / AWS EC2?

I installed CSF using the default installation instructions and once installed, I no longer had access to the server, cPanel urls or SSH. I had to manually uninstall csf through the AWS console.

Has anyone had experience running CSF on an AWS server?

Thanks

Infusedhosting

We have monitoring set up to monitor /var/log/httpd/domains/*.log right now, but we would actually like to exclude one specific something.log file from that pattern. Is that possible somehow with the GLOB functionality that CSF is using here?

Hi all,

I installed csf on a fresh server, without cpanel or webmin, and I'm using it correectly. LFD seems to work fine, and the SMTP login failures part of csf too.

The problem is when activating the option:
LF_APACHE_404 = 100
LF_APACHE_404_PERM = 600

I receive a lot of 404 errors (maybe a DoS attack) but csf doesn't ban the ip.

How does csf blocks the ip? What criteria does csf...

I am getting these lfd emails constantly lately. Can anyone tell me what I need to do to fix this please?

Time: Mon Aug 15 08:00:23 2022 -0400
Error: Failed to detect code in SYSLOG_LOG

Emails are the same except the code is different each time.

Gunstra

Whenever csf updates it produces an output like:

‘csf.blocklists’ -> ‘/etc/csf/csf.blocklists.new’

this is totally confusing. If it's new that would imply it is replacing the old file. Yet, how can it be new AND functional if it's labelled something like csf.blocklists.new

Are we to assume the old (not new ) is still in use?

Or, is .new the new new ?

Totally confusing and without any...

Hi, I would like to run my own script when an LFD alert is generated.

Is this possible?

Thank you!

So we have had an issue with some updates coming down for WHM - and in the process we discovered that the server was blocking a specific range of IP adresses.

If you search for the IP via the WHM gui you get this return

Table Chain num pkts bytes target prot opt in out source destination

filter CC_DENY 93147 1686 80924 DROP all -- * * 162.55.0.0/16 0.0.0.0/0

But if we try to unblock that...

Hello,

When viewing the CSF firewall in cpanel WHM there is a CSS style error noticeable at the top of the Juniper theme page for the Search field.

Console shows error:
Source map error: Error: request failed with status 404
Resource URL:
Source Map URL: bootstrap.min.css.map

If I fix this on my end will updates overwrite my fix?

I was wondering if there are any pre-existing hooks/script support for the moment CSF downloads and pulls the geolocation database download? Or would it work to just monitor /var/lib/csf/Geo for file changes?

ls -lAhrt /var/lib/csf/Geo/
total 51M
-rw------- 1 root root 116 May 30 2021 README.txt
-rw-rw-r-- 1 root root 14M May 16 08:00 GeoLite2-Country-Blocks-IPv4.csv
-rw-rw-r-- 1 root root 398...

Hi,

I would like to configure CSF to not block IP-s form some countries in csf.deny ( permanent block ) but still implement the firewall rules for closed ports and other configuration. Temporally block should also work normally.

I know of CC_Allow option but when i add county in that list it ignore ALL firewall rules and i`m looking for solution just not adding the IPs in csf.deny .

Any...

Hey Folks,

I am facing an issue with lfd, ever time i try to terminate an account or modify an account this command is coming of lfd - scanning log files

it also runs at the end of each month, it like it is waiting something that make the CPU spike higher, when every cpu spikes this command runs.

LOGSCANNER = Off
LOGSCANNER_INTERVAL = manual
LOGSCANNER_STYLE = 1
LOGSCANNER_LINES = 5000...

I try to secure login inside OpenCart. I kindly ask you to help me if code is the correct for CSF:

nano /usr/local/csf/bin/regex.custom.pm

# XMLRPC
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] \w*(?:GET|POST) \/xmlrpc\.php.* /)) {
return ( WP XMLPRC Attack ,$1, XMLRPC , 5 , 80,443 , 1 );
}

# OC-LOGINS Users
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*]...

does anyone here have any tips to setting up nginx reverse proxy to properly and fully serve up all of csf's webmin control panel correctly? right now, it mostly works with examples available online for putting webmin behind nginx, but, when editing csf properties and attempting to save them, the proxy redirects fail. i'm left with having to make the csf config edits via command line and manually...

Hello,

I have had some issues with a security research company binaryedge.io. From time to time they scan some of the web site on our servers without throttling activity or connections and my server loads spike, sometime well over 36 load for a an 8 core server.

I spoke to Linode abuse, since mane of the IP's were theirs. Linode say they are a 'Security Research' Company, so they are not...

We are seeing that imap-login is aborting IMAP connections during our nightly upcp cron job which is triggering LFD to add customer IPs to the deny list even though the password is correct and after unblocking they continue to check email fine. Likely a problem with cPanel directly, but since the problem presents itself in CSF first, I wanted to see if anyone else has been seeing this happen? We...