ConfigServer Community Forum

Can someone help me?
I can't login to csf admin page when i setup it to a external app proxy in openlitespeed. When i login, alway return to login page, in debug mode, log print request data is null in spite of request data in my browser is correct csflogin and csfpassword. In direct access to csf admin page, login is normal.
So sorry for my bad English. Thank for all.

Hi,
I have blocked an ip xx.xx.65.81 but i can still see ddos attack from that ip.
csf -l shows that DROP rules have been added as shown below:

200 2 1450 DROP all -- !lo * xx.xx.65.81 0.0.0.0/0
200 4 1840 LOGDROPOUT all -- * !lo 0.0.0.0/0 xx.xx.65.81

The IP is present in the /etc/csf/csf.deny file. lfd and csf both services are running.
csf version is v14.10

Is there anything else i can...

CSF, great product, thanks.

I need clarification about the error message I am receiving for a particular client.
dovecot_plain authenticator failed for ( ) :51008: 535 Incorrect authentication data (set_id=xxxxx@xxxx.xxx.xx)

The xx ip address I know is their office IP address, however the IP address 10.242.59.0 I don't recognise, Google search sees it as a private address.
What does the first...

I believe CSF is blocking wordpress jetpack from communicating with wordpress as it throws either a connection timeout error or a gateway 504 error. I am a bit stumped and this is what I have currently so please let me know if it helps or if I need to provide more information.

Server details
CentOS 7.9.2009
Cpanel v98.0.4
csf v14.10

Error: cURL error 28: Operation timed out after 10001...

We would to allow IPs from a FQDN with multiple A records, for example out.adyen.com, which resolves 20 different IPs.

Will this work? Is there a specific way to configure this?

Thanks in advance.

Hi there,

Just wondering if anyone's run into this, I can't find anything directly relevant in the search at least.

We use the SMTP_BLOCK option by default with our whm server and allow exceptions for some users. We had quite a few users listed under SMTP_ALLOWUSER and I thought it may be easier to set up groups and simply put the groups in SMTP_ALLOWGROUP instead of having a disorganized...

Hello there!

I'm newer here, but I have used CSF for a while, and recently we are having problems with spam.

I get the authrelay notification from other countries and when I change the passwords of the compromised account the problem stops, but I would like to stop this definitely, so I tried to fix it by using this configuration:

cc_deny_ports = RU,CN,KR
cc_deny_ports_tcp = 587,25,465...

Hello.
CSF plugin is installed on the Directadmin control panel.
Recently, possibly after updating the CSF, when performing a backup from the panel via FTP, we found that connections were blocked on the allowed port.
Configuration:
TCP_IN 20,21,22,25,53,80,110,143,443,465,587,993,995,2222,35000: 35999
TCP_OUT = 20,21,22,25,53,80,110,113,443,587,993,995,3306,2222,43,35000: 35999
With these ports...

Hello, i have an dedicated bare metal server with Hetzner but everyday I'm getting emails for outgoing bruteforce and portscan attacks.
My server is a shared hosting server, we're selling shared and reseller hosting through the server and server have almost 900+ cPanel Accounts.
So how can i find out which account is sending outgoing bruteforce attack and how can i stop it ?
I am mentioning some...

Hi! I have a VPS running Virtualmin/Webmin and have CSF installed and mostly tweaked to ignore most of the false positive type of processes. A few weeks back - prior to installing CSF, I had someone exploit one of my wordpress sites and they managed to lay waste to several of my sub servers. Over the weeks - I have wiped most traces that I could find (without standing up a brand new server) and I...

On one server, that has been running fine for a couple of years, I notice now that /etc/csf/csf.deny is empty of all IP listings, though it shows the initial remarked text.

I still receive email LFD notices saying there has been permanent bans of IP addresses, and the latest timestamp of the file was the same as the time of the last LFD email.

Please advise.

First and foremost, CSF is working as it should. Thanks for a great product!

The problem is that I have many clients getting their IP blocked from failed logins to SMTP. Oddly, it only effects Outlook/Office365.

Full disclosure this is due to the client having bad credentials set in their Outlook client. This is NOT any problem with CSF.

The firewall is correctly blocking these bad logins. As...

i have problem with *MESSENGERV3* Error: The home directory for csf does not exist
I was useradd csf -s /bin/false and then check lfd.log

Jul 10 23:39:32 lfd : Messenger HTTPS Service starting...
Jul 10 23:39:32 lfd : Messenger HTML Service starting...
Jul 10 23:39:32 lfd : *MESSENGERV3* Error: The home directory for csf does not exist
Jul 10 23:39:32 lfd : Messenger TEXT Service starting......

Hello,

I have a problem with my AWS EC2 VPS.
I have AlmaLinux 8.4 with WHM/cPanel and everything is running very well so far.
But as soon as I enable CSF, my server IPv6 is blocked and my server has no IPv6 anymore.
When I disable it, everything works again.
In CSF I have IPv6 enabled.
Does anyone have any idea what this could be?

I have added a few screenshots

Hello,

I've created a bash script which should be triggered by LF_DIST_ACTION but doesn't appear to be. I've set the execute bit and csf.conf appears to be set OK.

root@server # grep ^LF_DIST_ACTION /etc/csf/csf.conf
LF_DIST_ACTION = /root/LF_DIST_ACTION.sh

If I call the script directly over the command line seems to work fine. It sends me a Pushbullet alert, which is how I know if it has or...

Hello,

I have already bruto force protection for WordPress:
# WP-LOGINS
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] \w*(?:GET|POST) \/wp-login\.php.* /)) {
return ( WP Login Attack ,$1, WPLOGIN , 5 , 80,443 , 1 );

But how can I do this for Magento?
Magento 1: /index.php/admin/
Magento 2: /admin

Hi,

I had to disable cfs because it was completely blocking all the requests coming from a client using IPv6.

I had added the IP to the allowed list but it made no difference.

Does anybody have a clue why this is happening? And more importantly, how to fix it?

Thank you.

On one of my servers, lfd keeps crashing with the error shown in
CSF version is v14.10

Any help or insight on how to approach/fix this error would be appreciated.

Jul 2 09:42:12 server lfd : Main Process: Unmatched [ in regex; marked by line 2.
Jul 2 09:44:16 server lfd : Main Process: Unmatched [ in regex; marked by line 2.
Jul 2 09:46:46 server lfd : Main Process: Unmatched [ in regex;...

I am trying to install owncloud on a Ubuntu Servers as a docker container.
I am following this documentation.

If I disable CSF all works, but if it's enabled, it doesn't and I see these messages in the logs.

Now, as I see CSF is blocking the traffic between the docker containers or just the port 8080? It's not clear for me.

Any tips?

I setup CSF with ansible using the following config:...