ConfigServer Community Forum

How an I increase the RSS Memory size? Running on WHM/cpanel

Time: Wed Mar 10 07:12:25 2021 -0500
Account: xx
Resource: RSS Memory Size
Exceeded: 501 > 256 (MB)
Executable: /opt/cpanel/ea-php73/root/usr/bin/php-cgi
Command Line: /opt/cpanel/ea-php73/root/usr/bin/php-cgi /home/xx/public_html/wp-cron.php
PID: 5945 (Parent PID:30682)
Killed: No

Hi All,

I am new to the CSF, but after installing in cPanel as a plugin, and enabled it, ftp comes with the following log:

Status: Disconnected from server
Status: Resolving address of server.hostingclubserver.com
Status: Connecting to 80.61.154.207:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS...

Hi there. Lately I was getting a lot of errors like
*Error* pid mismatch or missing, at line 1160
daemon stopped
This error is caused by trying to block some IP address, which triggered csf of lfd rule few times in a row. After that csf is disabled, but it was reenabled by cron job, which monitors services state

This is from lfd.pl (including line 1160, where an error is triggered)
while (1)...

Hello,

we have a server that needs to be able to access mysql with the root user.

We have blocked port 3306 globally.

And allowed the authorized IP in csf.allow with the following format:
tcp|in|d=3306|s=x.x.x.x

We check that it works fine, but we have found a strange log:

cat /var/log/mysqld.log | grep Access denied
2021-03-03T09:27:40.493517Z 574416 Access denied for user...

I get a huge amount of e-mail notifications such as the ones below on a daily basis:

Time: Sun Nov 15 12:45:01 2020 +0000
IP: 191.239.XXX.XX (BR/Brazil/-)
Failures: 3 (sshd)
Interval: 3600 seconds
Blocked: Permanent Block

Log entries:

Nov 15 12:30:49 server sshd : Invalid user git from 191.239.XXX.XX port 45826
Nov 15 12:30:51 server sshd : Failed password for invalid user git from...

I try to set restriction to user and not general SMTP restriction.
As I understand SMTP_BLOCK should be ON and additional per user
2. SMTP_ALLOWUSER XXXuser

Is this correct?

Dear community,
I hope you will be able to help me.

After buddycpanel upgrade
>
I am getting LFD Suspicious File Alerts via server email:

Screenshot >
File: /tmp/buddycpanel.OuiKw/buddycpanel-latest/plugin/addon_buddyns.cgi
Reason: Script, file extension
File: /tmp/buddycpanel.OuiKw/buddycpanel-latest/scripts/buddyns_ctl.py
Action: Too many hits for *LF_DIRWATCH* - Directory Watching...

Hello,
I am new using ConfigServer security & firewall and can use some guidance.

I am trying to set it up so that I receive alerts when certain actions take place for example when the server load is high.

My first question is can alerts only be sent via email? Or are there other ways of sending alerts such as SMS or post to url?

Can you point out where in CSF you specify these settings, for...

Hi
i am working IPTV and i need the the firewall for my main server
but i have some question
1. CFS can block DDOS attacks?
2. Do I need a dedicated server for firewall? i don't want run it on main server
3. has CFS any monitoring panel for delete ip or add ip and check statues during attacks?

Hallo
I use Juggernaut Danami's overlay for CSF ,
I'm using it on Debian 10 and Plesk, everything seems to be working fine
except for one thing: Custom Login Failure Triggers but only for MSQL
others work very well

What I know and it works is:
Login error logs are saved at /var/log/mysql/error.log

2021-02-26 10:33:06 49476 Access denied for user 'dsd' @ 'localhost' (using password: YES)
regex...

Hi!

I've recently installed CSF on an Ubuntu server 20.04, where I also run a docker daemon. I've found that the standard docker-options in the configuration doesn't give my containers network access with adequate port forwarding. I've tried some workarounds, such as using putting service docker restart inside csfpost.sh. That's perhaps not that elegant but it works after a fresh enable or...

Hello and I hope everyone is healthy and safe.

I manage a server which gets a lot of malicious hits from outside US. I use CC_DENY which works well. However, as mail is being sent out and oftentimes some foreign recipients do a dns check for dns on the server, it is also blocking that which degrades service.

What must I do to continue to use my CC_DENY list whilst also allowing foreign dns...

Hi I have following statement in my csf.ignore hoever I still receiving 50-100 emails per day. Where I am doing wrong ?

csf.ignore

###############################################################################
# Copyright 2006-2018, Way to the Web Limited
# URL:
# Email: sales@waytotheweb.com
###############################################################################
# The following IP...

Hi All,

I cannot get the CSF plugin to appear in Interworx. :confused:
CSF is running ok.
Has anybody encountered this problem before?

Thanks in advance. :)
Steve

sudo service csf status
Redirecting to /bin/systemctl status csf.service
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled)
Active: active...

Hi! hope this message finds you well. For the last 2 weeks, we have been in a problematic situation, we have designed a custom website 2 months ago but from last 2 weeks, we have noticed unauthorized access to our website which is having a big impact on our general and real visitors. for example the slow loading to our page.

Good morning,

I wish to rate limit by outgoing trafic using some IPTables rules like this:
iptables -A OUTPUT -m hashlimit --hashlimit-upto 5000/sec --hashlimit-burst 10000 --hashlimit-mode dstip --hashlimit-name loutput_ip --hashlimit-dstmask 24 -j RETURN

If I just add these rules in IPTables, will it break CSF? Or is there a way to add some custom iptables rules inside CSF?

Hi,

I customized blocklist and add some urls like this:

and:

But after restart the csf, it tries to download this list but final file size on /var/lib/csf/csf.block.NAME will be 0 byte for such url
although for others is ok

Appreciate for any help

Hi,

Im trying to block ssh login alerts for some of the cpanel users.

I have found this >

but it didnt help.

Did anyone manage to pull this trough maybe?

Hi,

I am blocking China via CC deny plus some manual rules as well, but some connections are still getting through.

It appears blocking is active as a csf grep for the IP address shows it as blocked:

csf -g 111.202.101.113
No matches found for 111.202.101.113 in iptables
IPSET: Set:chain_DENY Match:111.202.101.113 Setting: File:/etc/csf/csf.deny
IPSET: Set:cc_cn Match:111.202.101.113...

Hello,

in csf.pignore

instead of this:

exe:/opt/cpanel/ea-php56/root/usr/bin/lsphp
exe:/opt/cpanel/ea-php70/root/usr/bin/lsphp
exe:/opt/cpanel/ea-php71/root/usr/bin/lsphp
exe:/opt/cpanel/ea-php72/root/usr/bin/lsphp
exe:/opt/cpanel/ea-php73/root/usr/bin/lsphp
exe:/opt/cpanel/ea-php74/root/usr/bin/lsphp

can I add this?

exe:/opt/cpanel/ea-php*/root/usr/bin/lsphp

Thanks!