ConfigServer Community Forum

Hello
after installing CSF all emails goes to SPAM
even after set this SMTP_BLOCK to off
SMTP_BLOCK = 0

it still goes to SPAM

and when ever I stop CSF or uninstall it .. all my emails goes to INBOX normaly

what to do ?

I've been receiving this message for over 1 month - any ideas? Is it a configserver.com issue?

I obviously don't want to post my server IP here.

Thanks,

Rob

I get this alert every 5 minutes:

File: /tmp/systemd-private-c187857224034146b6d5778aa1a95646-ea-php73-php-fpm.service-Va0Oin/tmp/config.tmp.phlT82
Reason: Script, file extension
Owner: x:x (1009:1011)
Action: No action taken

What should I do about it?

Hello All,

I got all of the settings double checked to setup the CSF Cluster, I have all nodes sharing both send and receive and the firewalls are open on each, so when I cping test it comes back with pong, so communications is happening.

My test was to add an ip on a deny list and then check if that IP is on the deny list on all the servers in the cluster.
I added a comment as well, so I was...

Hello,

I have a 6 domain on me server. I need to block all icmp and ping one IP on my server. I tried this way.

icmp|in|d=ping|d=xxx.xxx.xxx.xxx

But not blocked ping, any idea ?

Regards,

Hello,

Everyday I can see a lot of bad IP in logwatch list like that. How can I block that IP automaticly ?

From 139.162.225.221 - 1256 packets
To xxx.xxx.xxx.xxx - 126 packets
Service: echo (tcp/7) (Firewall: *TCP_IN Blocked*) - 1 packet
Service: echo (udp/7) (Firewall: *UDP_IN Blocked*) - 1 packet
Service: discard (tcp/9) (Firewall: *TCP_IN Blocked*) - 1 packet
Service: discard (udp/9)...

Hi,

I tried first installing CSF from the guideline provided on your website: but this created a huge problem for us. Our server was filled up with 60k+ processes like this:

root 2398 0.0 0.0 124500 1620 ? Ss Apr27 0:01 /usr/sbin/crond -n
root 13451 0.0 0.0 222996 3648 ? S 00:00 0:00 \_ /usr/sbin/CROND -n
root 13468 0.0 0.0 113280 1200 ? Ss 00:00 0:00 | \_ /bin/sh -c /usr/sbin/csf --lfd...

hello -

i am having trouble being able to UNblock by a specific port, in this case, 3306.

in my csf.allow file, when i have just the following:

123.123.123.123

i can certainly access port 3306 as expected.

HOWEVER when i only have the following: ( i included ALL i could think of just to see if that helped)

tcp|in|d=3306|s=123.123.123.123
tcp|out|d=3306|s=123.123.123.123...

Hello,

My server has a 8 domain and one mail IP. I need block all connection to this IP exept mail ports 587,993 etc. Not need whole server.

Regards,

Hi, :confused:

Ubuntu 20.04.02 | csf: v14.05

How to reproduce:
I have installed csf on two lan machines and i added both machines IPS to each csfs eg: csf -a 192.168.xx.xxx

(simple example, no installation)
Apps 1: LAN-Share and download appimage and save on both devices
(continues build)

Then run the app on both devices --> tap send --> send files --> choose a file --> now receivers must...

Hi.

I've read all post in internet about this. But not work.

After upgrade to Ubuntu 20.04.2 LTS CSF Firewall stop working.

Paths are correct, but still fails.

*Error* The path to iptables is either not set or incorrect for IPTABLES in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/URLGet.pm line 26.
Compilation failed in require at /usr/sbin/csf line 21.
BEGIN failed--compilation...

Hello,

Many people still use CentOS 6 and also update to Cloudlinux 6. Please add support for Cloudlinux 6, because CentOS support till 2024 also.

Regards

I've run into this before at I swear sometimes the set loads, sometimes it doesn't. I feels like it happens more often when I add a new blocklist.

Here's my config:

CLEANTALK|3600|0|

FIREHOL1|3600|0|

FIREHOL2|3600|0|

FIREHOL3|3600|0| /blocklist-ipsets/master/firehol_level3.netset

FIREHOLABUSE1D|3600|0|

But as you can see from the log, CSF loads all the blocklists in the config...

Hello, cpanel+cloudlinux -Getting an email from CSF about high Memcached usage -
Time: Sat Mar 18 20:02:15 2021 +0200
Account: memcached
Resource: Process Time
Exceeded: 3648865 > 1900 (seconds)
Executable: /usr/bin/memcached
Command Line: /usr/bin/memcached -u memcached -p 11211 -m 512 -c 1024 -l 127.0.0.1
PID: 12208 (Parent PID:12208)
Killed: No
after 2 days it grow to
Time: Mon Mar 20 01:00:15...

hey, i see a post of someone his cron got a block and crawler bots as well.

I notice sometimes google bot got a block with more other ones... what we can do about that?

I look on csf.ringore
but I didn't understand.
is not get IPs

so what i actually need to do if the crawler have like that:
crawl-66-249-64-130.googlebot.com

and if i need to comment out all of this:
# For example, the...

Hi
When I receive an LFD email the subject is something like

SSH login alert for user root from xxx.xxx.xxx.xxx (FR/France/user.domain.com)

But that server connecting is NOT in France. It is in Canada. And when I check the IP is clearly publicly in Canada.

Which service determines this information? Where does FR/France come from?

Thanks!

We have been using CSF on cPanel quite successfully for years and over the last couple of years, we have started using them on Virtualmin/Webmin servers as well. The difference we see is that while CSF is very well optimized for cPanel with lot of additional custom configuration like monitoring unwanted scripts, monitoring exim login attempts and blocking them if necessary, monitoring service...

Hello,

my /usr/local/cpanel/logs/login_log is full of failed whm login attempts from ip addresses in verry strange countrys but it looks like the attackers know the defending mechanism against this type of attack because they stop after two failed attempts and a few hours hours later they try again.

I know this would be a working as designed status as my LF_CPANEL is set to 5 so it only...

Is the intended behavior that csf /lfd will only email upon the first WHM root access from the same IP within so many hours?

I'm trying to figure out why lfd only sent one email WHM/Cpanel root access alert when I logged in and out and then in again a few times to WHM. The cpanel login_log shows all three WHM logins, but lfd only emailed once and only logged the first whm login to...

In csf v14.09 when I have permanent deny rules in /etc/csf/csf.deny like the following:

tcp|in|d=1_65535|s=64.62.128.0/17 # do not delete
tcp|in|d=1_65535|s=64.71.32.0/19 # do not delete
tcp|in|d=1_65535|s=64.71.128.0/18 # do not delete
tcp|in|d=1_65535|s=64.90.32.0/19 # do not delete
tcp|in|d=1_65535|s=64.91.224.0/19 # do not delete
tcp|in|d=1_65535|s=64.225.0.0/17 # do not delete...