ConfigServer Community Forum

Hello, i have an dedicated bare metal server with Hetzner but everyday I'm getting emails for outgoing bruteforce and portscan attacks.
My server is a shared hosting server, we're selling shared and reseller hosting through the server and server have almost 900+ cPanel Accounts.
So how can i find out which account is sending outgoing bruteforce attack and how can i stop it ?
I am mentioning some...

Hi! I have a VPS running Virtualmin/Webmin and have CSF installed and mostly tweaked to ignore most of the false positive type of processes. A few weeks back - prior to installing CSF, I had someone exploit one of my wordpress sites and they managed to lay waste to several of my sub servers. Over the weeks - I have wiped most traces that I could find (without standing up a brand new server) and I...

On one server, that has been running fine for a couple of years, I notice now that /etc/csf/csf.deny is empty of all IP listings, though it shows the initial remarked text.

I still receive email LFD notices saying there has been permanent bans of IP addresses, and the latest timestamp of the file was the same as the time of the last LFD email.

Please advise.

First and foremost, CSF is working as it should. Thanks for a great product!

The problem is that I have many clients getting their IP blocked from failed logins to SMTP. Oddly, it only effects Outlook/Office365.

Full disclosure this is due to the client having bad credentials set in their Outlook client. This is NOT any problem with CSF.

The firewall is correctly blocking these bad logins. As...

i have problem with *MESSENGERV3* Error: The home directory for csf does not exist
I was useradd csf -s /bin/false and then check lfd.log

Jul 10 23:39:32 lfd : Messenger HTTPS Service starting...
Jul 10 23:39:32 lfd : Messenger HTML Service starting...
Jul 10 23:39:32 lfd : *MESSENGERV3* Error: The home directory for csf does not exist
Jul 10 23:39:32 lfd : Messenger TEXT Service starting......

Hello,

I have a problem with my AWS EC2 VPS.
I have AlmaLinux 8.4 with WHM/cPanel and everything is running very well so far.
But as soon as I enable CSF, my server IPv6 is blocked and my server has no IPv6 anymore.
When I disable it, everything works again.
In CSF I have IPv6 enabled.
Does anyone have any idea what this could be?

I have added a few screenshots

Hello,

I've created a bash script which should be triggered by LF_DIST_ACTION but doesn't appear to be. I've set the execute bit and csf.conf appears to be set OK.

root@server # grep ^LF_DIST_ACTION /etc/csf/csf.conf
LF_DIST_ACTION = /root/LF_DIST_ACTION.sh

If I call the script directly over the command line seems to work fine. It sends me a Pushbullet alert, which is how I know if it has or...

Hello,

I have already bruto force protection for WordPress:
# WP-LOGINS
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] \w*(?:GET|POST) \/wp-login\.php.* /)) {
return ( WP Login Attack ,$1, WPLOGIN , 5 , 80,443 , 1 );

But how can I do this for Magento?
Magento 1: /index.php/admin/
Magento 2: /admin

Hi,

I had to disable cfs because it was completely blocking all the requests coming from a client using IPv6.

I had added the IP to the allowed list but it made no difference.

Does anybody have a clue why this is happening? And more importantly, how to fix it?

Thank you.

On one of my servers, lfd keeps crashing with the error shown in
CSF version is v14.10

Any help or insight on how to approach/fix this error would be appreciated.

Jul 2 09:42:12 server lfd : Main Process: Unmatched [ in regex; marked by line 2.
Jul 2 09:44:16 server lfd : Main Process: Unmatched [ in regex; marked by line 2.
Jul 2 09:46:46 server lfd : Main Process: Unmatched [ in regex;...

I am trying to install owncloud on a Ubuntu Servers as a docker container.
I am following this documentation.

If I disable CSF all works, but if it's enabled, it doesn't and I see these messages in the logs.

Now, as I see CSF is blocking the traffic between the docker containers or just the port 8080? It's not clear for me.

Any tips?

I setup CSF with ansible using the following config:...

I have the LF_PERMBLOCK_ALERT set to OFF and have saved and reloaded CSF. Still, even after turning it off I am getting dozens of PERMBLOCK alerts in my inbox every day like the one pasted below. Am I missing some other setting that I have to change to stop CSF from sending me all of these?

Time: Thu Apr 1 02:45:29 2021 -0400
IP: 186.206.129.189 (BR/Brazil/bace81bd.virtua.com.br)
Failures: 5...

Hi there

The default refresh rate appears to be 5 seconds.

Is there a config setting somewhere to change this to e.g. 15 seconds?

When i enable IPSET give me this error.

csf: IPSET creating set chain_DENY
IPSET:
csf: IPSET creating set chain_6_DENY
IPSET:
csf: FASTSTART loading csf.deny (IPv4)
Error: FASTSTART: (csf.deny IPv4) [] . Try restarting csf with FASTSTART disabled, at line 5781

What modules i need? i run CSF test and not give me any error.

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing...

I have PT_USERMEM set to zero but I still get the emails. How is this possible? So much so that the email address that it sends too is now blocked by outlook. So now I just get the email failed messages.

Yes I know I should either stop my scripts from doing it or buy another 100 CPUs but I just want to stop the crazy amount of emails I get.

no list of option. It only shows:

# csf -h
csf: v14.10 (cPanel)

That's normal?.

Btw, Is there some way to reinstall withtout loosing the configuration?

Hi all,

I am getting a lot of e-mails about suspicions process running. I did find many threads about it and all pretty much talk about how to silience those.
I want to fix (if possible) the underlying problem.

Those warnings are generally only specify user and PHP executable.

Network connectiosn I am getting are:
Network connections by the process (if any):

tcp: 127.0.0.1:41462 ->...

Remote Machine OS: CentOS-7-x64

Firewall GUI: CSF+LFD

Issue: Granting access to specific Ports by selective IP's and CIDR range to Remote Machine CentOS-7-x64 does not works, as no access to that specific IP's granted?

Hiya,

I'm trying to Grant Access to specific ports on my Remote Server CentOS-7-x64 by specific IP and CIDR range but it's not functioning. I added lines to:...

Hi,

My client is getting ban from CSF every time when he changes the ip. His ip is dynamic, I'm trying to whitelist him but once the ip is changing he is getting ban.

He is using Jazler to upload from radio the song titles in website using ftp connection.

How we can fix this issue to allow his ftp connection by hostname or by domain?

Thank you