ConfigServer Community Forum

Just installed the latest csf on my Debian 10 setup and it works fine, the Web-UI is however showing a connection refused error. Checking the lf logs shows this error:

Dec 15 12:15:04 xxxx lfd : UI: *Error* cannot open server on port 1026: Failed to load certificate from file (no PEM, DER or PKCS12) error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag error:0D07803A:asn1 encoding...

how i must set .conf file when i use centos7 and iptables to be return just like resualt i want just localhost allowed for using this port for example 35555 and denied every external ip ;

Hello!

We got memcached installed on our server a few days ago, and we get from CSF, every hour, a mail with content like this:

Time: Fri May 8 22:16:11 2020 +0000
Account: memcached
Resource: Process Time
Exceeded: 77389 > 1800 (seconds)
Executable: /usr/bin/memcached
Command Line: /usr/bin/memcached -u memcached -p 11211 -m 2GB -c 1024 -l 127.0.0.1 -U 0
PID: 9582 (Parent PID:9582)
Killed: No...

Good morning friends...

I use CentOs 6.1 with CSF 14.2. I have two network cards, one external to connect to the Internet (PPPOE) and the internal network.

I am trying to open some ports (Port Forward) and forward them to my internal server (192.168.1.2).

For example. I need to open port 27015 and forward all the external Ip's that arrive to that port and forward to 192.168.1.2. I put some...

Hello friends.
I was looking at the Logs (/ var / log / messages) and this error message is appearing:

May 8 19:47:00 localdomain lfd : Integrated UI Service died, restarted
May 8 19:47:00 localdomain lfd : Child UI: Can't locate object method new via package IO :: Socket :: SSL at / usr / sbin / lfd line 9360.

I use CentOs 6.1 with CSF 14.2

Thx

I'm using CSF on a VPS running WHM/cPanel. Every 30 seconds /var/log/lfd.log logs this error:

RESTRICT_SYSLOG: *Error* No matching unix sockets found

Is this something to be concerned about? Google isn't shedding much light on the subject.

We cleared our iptables on centos before installing this firewall.
We opened up the ports we needed by the configuration in the firewall and saved them we made sure 3306 was left out. This is because we dont want 3306 to be open on our whm server however it seams it's being added to the allow list and shows as open when we double check the ports we opened there is no 3306
This makes me wonder...

Hi all,

those regex's huh ;)

according to several regextesters this should work:

SSHD_LOG = /var/log/auth.log

The regex:
if (($globlogs{SSHD_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ wordpress(\(.*)\).* Authentication failure for (.*) from (.*)/)) {
$ip = $3; $website = $1; $user = $2;
return ( Failed WordPress login from ,$ip, WP-BRUTEFORCE , 5 , 80,443 , 86400 );
}

The...

Hi,

I set the setting to 3 but found out some logs were not writing any more so wnted to do more research on which user needs the rights to write to LOG_AUTH (for example). So based on the docs reverting should be easy:

If you want to revert RESTRICT_SYSLOG to another option and disable this
feature, change the setting of RESTRICT_SYSLOG and then restart lfd and then
syslog/rsyslog and the...

Hello. We have a small server and every weekend or holiday, we see a spike of server intrusion tries. They know that most, mainly small and medium-sized companies probably leave their servers unassisted during those days. By blocking China, we cut tentative intrusions by 60%. But, there are those from Netherlands, France, Germany and other. We want them blocked permanently. No more temporary...

Hi,

You all know what cPanel just announced lately regarding unsane price increases, and reactions are extremely bad :

According to me, and the first reactions of web host community, the preffered choice for another panel is actually DirectAdmin (DA) because it is reliable, founded in 2004, has evolved strongly, inclusive new UI.

Indeed, not only the price is a signal, but the...

I am trying to implement SYNPROXY for the http/https ports with csfpre.sh

iptables -t raw -I PREROUTING -p tcp -m tcp --syn --dport 80 -j CT --notrack
iptables -t raw -I PREROUTING -p tcp -m tcp --syn --dport 443 -j CT --notrack
iptables -t filter -I INPUT -p tcp -m tcp --dport 80 -m state --state INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
iptables -t filter -I...

The latest version of configserver firewall.

This one is driving me a little bonkers. We are all aware of the increase in SSH attacks lately. We run SSH on a non-standard port pretty high up but we are still seeing a MASSIVE influx of distributed SSH blocks on ports not related to our SSH port which is defined in the csf.conf

Ex: invalid user firefart from 67.205.153.16 port 34980 ssh2

This is...

Hello

Currently csf/lfd doesn't detect attacks on wp-login.php

My Settings:

regex.custom.pm

if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/\S+\ : warning:.*\ : SASL *? authentication failed/)) {
return ( Failed SASL login from ,$1, mysaslmatch , 3 , 25 , 86400 );
}

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] POST \/wp-login\.php.*...

I have noticed a few instances where LFD triggers have resulted in duplicate entries being added to /etc/csf/csf.deny , one after another. It isn't happening with all IP addresses or all service triggers either; it is only happening with IP addresses that appear to be correlated originating from a specific public subnet; 85.209.0.0/24

Notice in my logs below, you'll see duplicate entries,...

Hello,

I'm already registered ID from MaxMind. But everytime I get these error from my log

CC: Retrieving MaxMind Country database
CC Error: GeoLite2-Country-Blocks-IPv4.csv empty or missing
CC: Retrieving MaxMind ASN database
CC Error: GeoLite2-ASN-Blocks-IPv4.csv empty or missing

Everytime I put these files manualy but not help.

Any idea for this problem ?

Regards,
Bulent

Did you get anywhere with this?

I'm seeing a similar issue where the license key is entered, but on some servers CSF cannot detect the country of IPs. It's configured in the same way you mentioned.

On the servers where it works there is a file:
-rw------- 1 root root 12649147 Dec 30 16:00 /var/lib/csf/Geo/GeoLite2-Country-Blocks-IPv4.csv

...which does not exist on servers where it does not...

Hello,

does OSM work on openvz node to track outgoing connections from containers and how can it be configured to monitor spammers on open vz vps nodes.

regards.

hello guys

I have a cpanel server that uses CSF, which blocks IP by noting the country of origin of said IP

by example : (show country of IP)

However, I have a problem with another server, where the IP Country is not shown

view example: (not show country)

How to solve this problem? I would like the country names to be shown as in the first image

Hello,

I'm experiencing a bug using CSF on cpanel CENTOS 7.7 v86.0.18 that is banning cloudflare ips.
I have enabled mod_cloudflare and it's working because I can see the real ip address of requests on Apache Status, but CSF is always banning cloudflare ip.
I also have enabled for the website that is getting flood and ddos attack cloudflare ban ip but I can't see that any ip address was added...