ConfigServer Community Forum

Hello,

I'm not sure how to explain my problem but I'll try anyway.

I have a server in Centos 7 and WHM/cPanel.

I am using csf and for some unknown reason my ip address is blocked. However, the ip address is in the whitelist.

Once blocked. I connect with an external pc and erase all the blocks. Everything comes back.

In the logs, I can't find my IP.

I use a NAT configuration.

My IP is...

What is the purpose of the csf.syslog file. I am trying to figure out why csf will not block IP's since installing Nginx and I found in this file the path to the Nginx error log is wrong. I don't know if this file is read or it is just a refrence. I figured I could add it as a custom log in csf.conf, just curious.

Running ConfigServer Security & Firewall - csf v14.16. today the caf will not open in Cpanel.
running Cpanel 102.7
I have tried every troubleshooting tip I could find. I have disabled,
reenable, restart, rebooted but the program will not open in Cpanel it just spins and spins
I get NO warnings or errors appearing.
all I can do is run commands on the terminal. Does anyone have a suggestion or can...

Hi. When I try to open my ConfigServer firewall from plugins list (Extra features) in DirectAdmin. I get this error:

```
ConfigServer Security & Firewall

Security Error: Invalid parent
Information saved to
```

I looked at that error file and found this (IP ommited):

```
# cat /var/lib/csf/da1644928660.error
To disable DirectAdmin session checks, create a touch file called...

Trying to configure the messenger service so user's on my server can get an indication if their IP is being blocked.

Got so far as getting a response from apache when I browse to from a blocked IP address (https is not responding unless I use port 8887, but I believe that is another matter.)

The response I'm getting is error 500, internal server error. I've managed to check the apache error...

Hello team,

I am using cyber panel to handle my server and along with csf services to secure the server but the server is not getting to SMTP services when csf is enabled on the server, I disabled csf services and tried connecting my WordPress to SMTP services and it worked, I want to use csf services for my server because one service to secure the server, I heard good feedbacks from others...

Under heavy attacks the login failure daemon will constantly restart with the error: *Error* Excessive number of children (344), restarting lfd... Unfortunately some times LFD doesn't come back after restarting and errors with: *Error* pid mismatch or missing, at line 1161

Here is a sample from the logs:

Jan 24 15:24:50 server lfd : (opencart) Failed opencart login from 54.64.139.233...

Hello all,
I get many emails with this error:

lfd on server.hostname.com: Excessive resource usage: rngd (791 (Parent PID:791))‏‏
Time: Sun Feb 13 18:01:29 2022 +0000
Account: rngd
Resource: Process Time
Exceeded: 263611 > 1800 (seconds)

What should I do to solve this?
Or how do I turn off those emails only?

Thanks in advance!

I hoping someone can offer some advice.

I have a client who has been blocked from his own site 2 times in the last 2 weeks. Both times he was making updates to Woocommerce products. He had been able to make changes for probably about 30 mins before he lost connection.

A part of the block email is below:

211.29.242.32] ModSecurity: Access denied with code 200, [Rule:...

Hello, I receive a lot of email alarm that looks like this:

Time: Sat Feb 12 20:13:41 2022 +0200
PID: 1934 (Parent PID:4804)
Account: cpanel
Uptime: 98 seconds

Executable:

/opt/cpanel/ea-php80/root/usr/sbin/php-fpm

Command Line (often faked in exploits):

php-fpm: pool cpanel_pool

Network connections by the process (if any):

tcp: CPANEL PUBLIC IP:47104 -> CPANEL PUBLIC IP:443

Files...

I have CSF installed on multiple servers for a number of years. I have one server that takes a very long time (45 to 70 seconds) to stop or restart LFD. I can restart CSF and it restarts quickly/normally. Only LFD is an issue.

I have been investigating this off and on for a few days and it's driving me crazy. I thought maybe a log file got HUGE or something and LFD is having an issue reading it....

Hello,
Webmin Bandwidth monitor module reads from file
/var/log/bandwidth
records like
Feb 17 07:00:30 condor3949 kernel: BANDWIDTH_IN:IN=br0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:5d:64:ab:80:8e:08:00 SRC=148.72.175.248 DST=148.73.156.235 LEN=49 TOS=0x00 PREC=0x00 TTL=128 ID=21965 PROTO=UDP SPT=50799 DPT=32412 LEN=29
These records produced by IPTABLES settings
-A FORWARD -o br0 -j LOG --log-level 7...

Hi,
I have ModSecurity 2.9 and OWASP Rule v3.3.0 running on my box Cloudlinux/nginx proxy/Apache 2.4 (+mod_remoteip)
Some rules ban IPs on CSF , other rules just block on moddesc and no CSF ban...
i have all triggers correctly in apache logs and correct setup in csf
MODSEC_LOG=/usr/local/apache/logs/error_log
LF_MODSEC = 5
LF_MODSEC_PERM = 1

is this a normal behavior? i need to edit some...

Hi,
I have a client with 5 sites on a server. She logs in to all 5 one after another in few minutes.
That behaviour cause csf to block her IP as a login attack even though she login once to each site.
Is there a way to let csf count the login of each site separately?
I white listed her IP but that is not a good solution since her IP is dynamic.
I tried to find an answer here but no success....

Hi,
I'm looking for a way to get the information pushed to an email address (if not directly to a webhook) as soon as a specific file size changes.

I found a way to do something similar - using the lfd Directory File Watching as mentioned here and also mentioned here .

I configured the relevant email address as described here - and I started getting the email alerts - The problem is that I get...

On a VPS running current WHM and CSF/LFD:

Time: Fri Feb 11 18:01:06 2022 -0500

The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:

/usr/bin/mysql_install_db: FAILED
/bin/mysql_install_db: FAILED

Time: Fri...

Hello,

Over the weekend my servers all failed to load/reload csf using the csf -r command.

It appears that the cc_us ip table has gotten massive all of the sudden?
It was failing with:

csf: IPSET loading set cc_us with 79025 entries
IPSET:

and then just hangs here.

So i went into csf.conf and tried changing:

# The following sets the hashsize for ipset sets, which must be a power of 2....

I have reported this issue in a different thread about 4 months ago but we still haven't solved the issue. We have two WHM/CPANEL servers that are running CentOS v7.9.2009. Both servers are running csf v14.12. Both servers were running fine for over 3 years until we migrated from Centos 6 to 7. Since then we have been experiencing and issue with CSF that blocks HTTP traffic to all accounts on the...

Hi,
I have some entries in apache log but csf do not want block it.

my csf setup is:
LF_MODSEC =1
LF_MODSEC_PERM=1

an example of hit:

ModSecurity: Warning.
Pattern match \\\\$+(?: *|\\\\s*{.+})(?:\\\\s|\\\\ |{.+}|/\\\\*.*\\\\*/|//.*|#.*)*\\\\(.*\\\\)
at ARGS:trend_format .
[data Matched Data: $s (%2$s) found within ARGS:trend_format : %1$s %3$s (%2$s) ]

, referer:

how can i fox it?

NEW Linux Accuwebhosting Cloud Server.

Accuweb now uses Zabbix in their server templates to monitor newer servers for UP/SOWN and who all knows.

I REQUIRE CSF to be on ALL my servers and that it be RUNNING and configured properly.

Accuweb Support says they cannot telnet into or get the Zabbix signal from zabbix-agent to their monitor server when my CSF is installed.

I UNINSTALLED and...