ConfigServer Community Forum

Good morning,
I apologize in advance if there is already a topic like this, I have searched but have not found it.

I use csf on an AZURE servers, they blocks outgoing mail on port 25.
Is there a way to use notifications and alert with user logged in on another server?

thanks for helping.

Davide Sanryu

An end user is using an email client (like Thunderbird) and are able to receive/send emails just fine, but then after a while, their IP address gets blocked by CSF. The entry for the block in csf.deny is like this:

lfd: (smtpauth) Failed SMTP AUTH login from XXX: 10 in the last 3600 secs

The end user is insisting they have the correct login details and its proven by the fact that they are...

Hi,

Is a csf restart required to load new blocklist rules into iptables?

We're currently using csf.blocklist to download blocklists every hour. The logs show the updated lists are successfully downloaded and added via IPset. However the new IP addresses do not seem to come into effect until CSF/iptables is restarted.

Is this the correct behaviour?

Not sure whats happened bu i have found that my CSF interface on a machine running CWP is no longer available

when you click on the link in the menu it redirects to the CWP login page

this is in the admincp logged in as the root user

anyone seen this or have an idea on how to resolve?

Im running CSF 14.01 and CWP is pro version: 0.9.8.944

Since last night we've been receiving hourly alerts that LF_QUEUE_ALERT is higher than 400, but every time I check the mail queue there's only 5-10 messages in it.

I've checked the /var/spool/exim* directories and same thing.
I've checked /var/log/messages and see no evidence of spam.
I've checked WHM mail server statistics also.

Any ideas please?

I came across byt its over 5 years old.

Is there anyway to stop CSF from outputting to the console? It spits out so much it prevents me from logging on to my server (CentOS 6.4 with WHM 11.40.16)

HI

We just moved a handful of VMs from OpenVZ v6 to a Virtuozzo 7 server.

all cPanel/.DA servers with CSF have issues.
When trying to enable CSF we get this:

csf: FASTSTART loading Packet Filter (IPv4)
Error: FASTSTART: (Packet Filter IPv4) [] . Try restarting csf with FASTSTART disabled, at line 5538

I then run: /etc/csf/csftest.pl

root@server2 # /etc/csf/csftest.pl
Testing...

Hi,

I configured CSF to block all IPs expect my IP and everything is working perfectly.
Now, my question can I check those blocked IPs. As far as I know, they are dropped so there would be no log.

Regards,

Thanks for writing an awesome piece of software.

I have a question about where on the server ip addresses from GLOBAL_IGNORE are stored, and if its possible to do any lookup towards this.
I cant find anything in /etc/csf or /var/lib/csf/, and it doesn't say anything in readme file about this either.
There is also no ipset hash chain for this either it seems, like allow has for chain_ALLOW for...

Hi Everyone,

I tired to resolve some false alert by add the following rules to cdf.ignore but still can't stop them. :confused: :confused:

exe:/usr/local/cpanel/3rdparty/perl/522/bin/perl
exe:/usr/local/lsws/bin/lshttpd.5.1.11

lfd on domain.com: Suspicious File Alert
Time: Fri Jan 13 06:17:11 2017 +0800
File: /tmp/lshttpd/bak_core/core.831309
Reason: Linux Binary
Owner: nobody:nobody...

I'm getting a LOT of lfd Suspicious File Alerts on files created by Imunify360. An example file is /dev/shm/\i360_blamer_reducer423.u1009.

Is there a way I can tell csf to ignore any file that has i360_blamer_reducer in the file name?

I'd like to keep getting alerts, but so far they are all false positives.

Thanks!

Hi there,

Is there a list of API command and connection details in order for me to create an API in my custom billing panel which will allow users to unblock themselves if they get blocked?

My main site is hosted on a different server to my main selling server.

I have tried to make heads and tails of the unblockme system for whmcs but as I'm not using WHMCS its hard to figure out.

-Chalkie

Checking the emails, these are forum notifications send by my server IP. Can I exclude that IP/server/email from the relay limits?

Time: Sun Feb 9 17:19:31 2020 +0200
Type: LOCALHOSTRELAY, Remote IP
Count: 101 emails relayed
Blocked: No

Hello

is it posible to log the email account blocking the ip and show it in the messenger index.html message?
i mean somethig like : (imapd) Failed IMAP login from xxx.xxx.xxx.xxx user: yourmail@domain.com (AZ/Azerbaijan/-): 1 in the last 3600 secs - *Blocked in csf* for 3600 secs
and showit in the messenger index.html

in the regex i see a variable called $acc that appears to be the mail...

Hi,
I have an Interworx VPS and installed ConfigServer Security & Firewall - csf v14.01
I used the script in /etc/csf to remove APF / BFD, but now my /var/log/lfd.log gets flooded with the message: : InterWorx: Reapplied apf stub

Why? and how to get rid of this flooding message?

Thank you

Hello

We are using ConfigServer Security & Firewall - csf v14.01 and it blocks all connections from people on T-Mobile devises; it is not blocking an IP but a network. When i turn off they firewall, people using t-mobile can access our sites, when the firewall is activated again they cannot and I have cleared out all blocked ip addresses

Please advise

I went to your applicable web page ( and downloaded your csf.tgz ( (for prospective/experimental use on one of my XCP-ng/XS/CentOS7-based DomU VMs) to my Win10 PC, and copied your provided SHA256 hash code ( for comparison... but using my hash-checksum app on my PC ( MD5 & SHA Checksum Utility 2.1 Pro ), the comparison failed.

Their calculated SHA256 ckecksum for the file...

I believe that the bug still exists. I use only cc allow filter with country codes. My control panel will not update with cc_allow_filter on. If I comment out the line then the control panel will update.

I have tried whitelisting and ignore with control panel ip addresses with no results.
I have included the CC of the control panel server also.

I know this might sound like a dump question but the following snippet of direction is provided in csf.conf:

This option will keep track of the number of File does not exist errors in
# HTACCESS_LOG. If the number of hits is more than LF_APACHE_404 in LF_INTERVAL
# seconds then the IP address will be blocked
#
# Care should be used with this option as it could generate many
# false-positives,...

Every hour or so the CSF firewall will say, Firewall enabled, but not started.

The error logs are as follows:

Google hasn't been forth coming haha. Any help with this issue would be greatly appreciated.