ConfigServer Community Forum

Hello,

my server provider blocked 25 port, and I use external SMTP service for all outgoing mails. is there someway to setup CSF to send mail notifications via external smtp with required autorization? Thanks!

I am trying to standardize my servers better with Puppet. Puppet is very good at building files with multiple lines like csf.allow, but it is more difficult to add multiple values to a single line like the TCP_IN list in csf.conf.

I attempted to add partial lines to csf.allow, but that didn't seem to work:
tcp|in|d=22 # puppet - from csf-global-allow-ssh
tcp|out|d=8140|d=192.168.118.31 # puppet...

i am wandering if there is the possibility to block port scans hiding ports (may be block all countries?)
it is performed by icmp protocol ?
thanks

Time: Wed Oct 28 20:49:53 2020 +0100
IP: xxxxxxxxxxx (KR/South Korea/-)
Hits: 11
Blocked: Temporary Block for 3600 seconds

Sample of block hits:
Oct 28 20:48:10 xxxkernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=xxxxxxxxxxxxxxxxxxxxxxxxxx...

We try setting for RBLs list in CSF another server (cPanel) Same setting is work

But has problem on this server , We try Check Update All Check standard , And Update All Check verbose it's not responding

My option detail in RBLs list
enablerbl:b.barracudacentral.org
enablerbl:bl.spamcop.net
enablerbl:cbl.abuseat.org
enablerbl:csi.cloudmark.com
enablerbl:db.wpbl.info...

So if I whitelist some IP's from a country in the Firewall Allow IPs list and then add thata country code to the CC_DENY settings, will those whitelisted IP's be allowed access to the server?

Getting this on check:

Server Check
Check SUPERUSER accounts
You have accounts other than root set up with UID 0. This is a considerable security risk. You should use su, or best of all sudo for such access

How do I check what users have that permission and how do I correct that?

Hello,

Last couple days the LFD on some of my servers have gone a bit crazy. 60+ M/s sustain disk write.

If I turn off LFD Disk IO goes down to almost zero.

I start LFD and it spikes right back up.

I'm struggling to figure out what LFD is doing that's taking so much IO so I can try and fix the root problem.

Thanks.

Our server IP seems to be blocked by download2.configserver.com.

# csf -u
Oops: Unable to download: Can't connect to download2.configserver.com:443 (Connection timed out)

Disabled csf and flushed iptables but still the same problem.

Tried to contact with PM but it gives only blank white page.

How we can check / fix this?

Hello,
I have had a relatively serious problem for a few days. I have a VPS and I am suffering an attack, almost daily, which I think is DDOS, many connections from different IP's.
I have lowered the value of CT_LIMIT and this is mitigating the attack, but as I lower it, they lower the number of connections per ip and increase the ip's.
I had to get the CT-LIMIT value down to 5 (for a few...

Hi there

We have an server with

CT_SUBNET_LIMIT= 350

however, we do not want this to affect a particular subnet eg 192.168.1.0/24

Immediately, as expected 192.168.1.0/24 triggers

csf -t

A/D IP address Port Dir Time To Live Comment
DENY 192.168.1.0/24 * inout 29m 54s lfd - (CT) subnet 192.168.1.0/24 found to have 1405 connections

despite

cat /etc/csf/csf.ignore...

Hey Guys,

I am having an issue where an IP is not ignored on a port-based rule.

tcp|in|d=143|s=52.125.128.0/23 # Microsoft IMAP

The above example is not working and the IP is still being blocked by LFD for failed login attempts.

Any advice as to why this is not working would be appreciated.

hi all,
I have wordpress on two web server nodes behind a loadbalancer server. and I log failed login IPs on web nodes in a file in order to use this custom regex on it:

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^(\d+\.\d+\.\d+\.\d+)/)) {
return ( Failed Wordpress login from ,$1, wordpresslogin , 5 , 80,443 , 3600 , 0 );
}

this works on both servers. But I figured out this is...

Hi,
Our clients OFTEN get blocked by CSF/LFD due to mail bad login attempts, or stuff like that.

They are in offices with multiple email clients (outlook or other).
They always tell me that they did not change anything.
But it MIGHT be one of their employees with an iPhone misconfiguring their account.

So I would like to give them MORE information about WHICH device in their network is making...

Hi,

We are having a strange problem since about a couple of weeks now (nothing changed since it was working as it should)
csf is blocking udp in for port 123 when we use nl.pool.ntp.org , whenever we use another ntp server there is no problem at all.
Because ntp.org uses loads of different servers, it's no option whitelisting them (as they change as well: new servers added, old servers removed)...

Hi,
I have enabled SMTPAUTH_RESTRICT on csf and whitelist my country in CC_ALLOW_SMTPAUTH.
I intend to relay only clients from my country..
I works but i still have a few alerts like this:

Time: Sun Oct 18 23:54:13 2020 +0200
IP: XXXXXXXXXXXX (AU/Australia/-)
Temporary Blocks: 5
Temporary blocks that triggered the permanent block:
Sun Oct 18 19:37:31 2020 (smtpauth) Failed SMTP AUTH login from...

Hello good afternoon.

Some time ago I installed csf on my Cpanel server.

The problem I have now is that when I give the enable button to seconds the csf stops working. I give it to enable again and the same thing happens to seconds it stops working.

In /var/log/messages appear this:

Sep 30 12:16:05 hostname lfd : Main Process: TERM
Sep 30 12:16:05 hostname lfd : daemon stopped

Sorry for...

Hi!

Is there a forum board for the OSM (Outgoing Spam Monitor) plug-in?

Thanks!

Hi,

I have a server we need to block everything on it from every IP expect for one.

So the server would not ping or allow any connections to it other than from that IP.

Is that possible?

Hi there,
I have a server that runs CWP. I also have Wireguard installed on the same server.
Wiregaurd on clients is working fine till I enable csf. When I enable csf, clients can connect to the server through Wireguard, but they don't have internet traffic at all.
Can anybody help me to force csf to let the Wireguard clients have their own traffic?

Regards

How can I change what goes into the deny lines in the csf.deny

Example:
#.#.#.# # lfd: (mod_security)
#.#.#.# # lfd: (smtpauth) Failed SMTP AUTH login from

To:
#.#.#.# # Security filter triggered
#.#.#.# # Failed SMTP Logins