ConfigServer Community Forum

Hello, I have some virtualized dedicated servers with Virtualizor with KVM , I have CSF installed and everything works fine... but every time I make a change and I have to restart the LFD and CSF the internet of the VPS KVM is blocked... I have to place the command:

/sbin/iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

I would like to know if there is a way to make this command...

# csf --version
csf: v14.16 (cPanel)

Because excessive attacks against the SMTP port, I was forced to activate the SMTPAUTH_RESTRICT to filter sending countries.

However, it shows a wrong (and worrying) behavior by blocking legitimate users from authorized countries

Steps:
/etc/csf/csf.conf
SMTPAUTH_RESTRICT = 1
CC_ALLOW_SMTPAUTH = DE,NL

exim needed mods, rebuild exim & restart. All...

csf.pignore entries:
----
# It is strongly recommended that you use command line ignores very carefully
# as any process can change what is reported to the OS.
#
# For more information see readme.txt
puser: .*conf
puser: .*arch
exe: /usr/bin/icecast
exe: /opt/cpanel/ea-php74/root/usr/bin/php
exe: /usr/local/src/pontifiserver/pontifiserver
exe: /usr/local/src/pontifiserver/pontifistreamer
exe:...

Hi, i think there is a bug with the last version 14.16 and ubuntu 20.04 lts (vps digitalocean), wen i try to activate Port Scan Tracking , wont work, just dont ban the ip.

Configs

PS_INTERVAL = 300
PS_Limit = 3
PS_PERMANENT = 1

Testing 5 ports different and dont temporary ban or permanent ban.

Mar 24 17:24:19 ubuntu-s kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=...

We are running an Elastix SIP phone server and we have been using CSF firewall for the past 7 years with no issues. We have employees that want to start using software based phones from their mobile devices (iPhone and Android phones) to access our company phone system while they are traveling outside of the office.

How can I allow mobile phones with dynamic IP's through CSF?

Hi,
I'm using Amazon Simple Email Service to send newsletters.
If I stop CSF all works fine. If CSF is on I cannot send the newsletter (connection refused 111).
I found this old topic:
Following the hint to dig amazon url, I solve temporary the problem but after some days it occurs again.
Do you know hot to put in white list amazon service definitively?
Thank you very much

csf: v14.16

Geolocation not working with maxmind:

root@server # grep -R 176.80.0.0
zone/es.zone:176.80.0.0/13
Geo/ip2asn-combined.tsv:176.80.0.0 176.80.255.255 3352 ES TELEFONICA_DE_ESPANA
Geo/dbip-country-lite.csv:176.80.0.0,176.87.255.255,ES
Geo/GeoLite2-ASN-Blocks-IPv4.csv:176.80.0.0/16,3352, Telefonica De Espana
Geo/GeoLite2-Country-Blocks-IPv4.csv:176.80.0.0/13,2510769,2510769,,0,0...

Getting this error every day....

Oops: Unable to download: Can't connect to download.configserver.com:443 (Connection timed out)

If I check updates from the WHM CDF+LFD plugin, it checks and says no update. Says I have latest.

I have the download and license IPs listed properly in ALLOW and IGNORE.

This should not be happening, and wasn't. Now it is, no changes.

Did they change the IP...

Hello,

I'm not sure how to explain my problem but I'll try anyway.

I have a server in Centos 7 and WHM/cPanel.

I am using csf and for some unknown reason my ip address is blocked. However, the ip address is in the whitelist.

Once blocked. I connect with an external pc and erase all the blocks. Everything comes back.

In the logs, I can't find my IP.

I use a NAT configuration.

My IP is...

What is the purpose of the csf.syslog file. I am trying to figure out why csf will not block IP's since installing Nginx and I found in this file the path to the Nginx error log is wrong. I don't know if this file is read or it is just a refrence. I figured I could add it as a custom log in csf.conf, just curious.

Running ConfigServer Security & Firewall - csf v14.16. today the caf will not open in Cpanel.
running Cpanel 102.7
I have tried every troubleshooting tip I could find. I have disabled,
reenable, restart, rebooted but the program will not open in Cpanel it just spins and spins
I get NO warnings or errors appearing.
all I can do is run commands on the terminal. Does anyone have a suggestion or can...

Hi. When I try to open my ConfigServer firewall from plugins list (Extra features) in DirectAdmin. I get this error:

```
ConfigServer Security & Firewall

Security Error: Invalid parent
Information saved to
```

I looked at that error file and found this (IP ommited):

```
# cat /var/lib/csf/da1644928660.error
To disable DirectAdmin session checks, create a touch file called...

Trying to configure the messenger service so user's on my server can get an indication if their IP is being blocked.

Got so far as getting a response from apache when I browse to from a blocked IP address (https is not responding unless I use port 8887, but I believe that is another matter.)

The response I'm getting is error 500, internal server error. I've managed to check the apache error...

Hello team,

I am using cyber panel to handle my server and along with csf services to secure the server but the server is not getting to SMTP services when csf is enabled on the server, I disabled csf services and tried connecting my WordPress to SMTP services and it worked, I want to use csf services for my server because one service to secure the server, I heard good feedbacks from others...

Under heavy attacks the login failure daemon will constantly restart with the error: *Error* Excessive number of children (344), restarting lfd... Unfortunately some times LFD doesn't come back after restarting and errors with: *Error* pid mismatch or missing, at line 1161

Here is a sample from the logs:

Jan 24 15:24:50 server lfd : (opencart) Failed opencart login from 54.64.139.233...

Hello all,
I get many emails with this error:

lfd on server.hostname.com: Excessive resource usage: rngd (791 (Parent PID:791))‏‏
Time: Sun Feb 13 18:01:29 2022 +0000
Account: rngd
Resource: Process Time
Exceeded: 263611 > 1800 (seconds)

What should I do to solve this?
Or how do I turn off those emails only?

Thanks in advance!

I hoping someone can offer some advice.

I have a client who has been blocked from his own site 2 times in the last 2 weeks. Both times he was making updates to Woocommerce products. He had been able to make changes for probably about 30 mins before he lost connection.

A part of the block email is below:

211.29.242.32] ModSecurity: Access denied with code 200, [Rule:...

Hello, I receive a lot of email alarm that looks like this:

Time: Sat Feb 12 20:13:41 2022 +0200
PID: 1934 (Parent PID:4804)
Account: cpanel
Uptime: 98 seconds

Executable:

/opt/cpanel/ea-php80/root/usr/sbin/php-fpm

Command Line (often faked in exploits):

php-fpm: pool cpanel_pool

Network connections by the process (if any):

tcp: CPANEL PUBLIC IP:47104 -> CPANEL PUBLIC IP:443

Files...

I have CSF installed on multiple servers for a number of years. I have one server that takes a very long time (45 to 70 seconds) to stop or restart LFD. I can restart CSF and it restarts quickly/normally. Only LFD is an issue.

I have been investigating this off and on for a few days and it's driving me crazy. I thought maybe a log file got HUGE or something and LFD is having an issue reading it....

Hello,
Webmin Bandwidth monitor module reads from file
/var/log/bandwidth
records like
Feb 17 07:00:30 condor3949 kernel: BANDWIDTH_IN:IN=br0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:5d:64:ab:80:8e:08:00 SRC=148.72.175.248 DST=148.73.156.235 LEN=49 TOS=0x00 PREC=0x00 TTL=128 ID=21965 PROTO=UDP SPT=50799 DPT=32412 LEN=29
These records produced by IPTABLES settings
-A FORWARD -o br0 -j LOG --log-level 7...