Search found 8 matches

by dynamicnet
19 Oct 2012, 13:09
Forum: Suggestions (csf)
Topic: CSF not blocking proftpd brute force on Parallels H-Sphere
Replies: 1
Views: 3421

CSF not blocking proftpd brute force on Parallels H-Sphere

Good day: Parallels H-Sphere logs to /var/log/proftpd/current for proftpd The format for no such users is as below: @4000000050813b0f0dc55a3c OUR_SERVER_IP (119.131.139.79[119.131.139.79]) - USER .DOMAIN_NAME: no such user found from 119.131.139.79 [119.131.139.79] to OUR_SERVER_IP:21 @4000000050813...
by dynamicnet
07 Aug 2012, 16:39
Forum: Suggestions (csf)
Topic: c s f -d does not check the csf.ignore
Replies: 4
Views: 6177

Re: c s f -d does not check the csf.ignore

Good day: My understanding of csf.ignore is that only LFD interacts with it; and it is more or less a form of a white list. It does not open any ports that are not otherwise unopen for those IP's... it just doesn't ban them if LFD detects something that would be banable. This means direct commands l...
by dynamicnet
24 Jul 2012, 03:13
Forum: General Discussion (csf)
Topic: DENY_IP_LIMIT
Replies: 4
Views: 6829

Re: DENY_IP_LIMIT

Good day: One area of caution is that the more ip's in deny, the more RAM you are going to be using on the box. I used CSF to block a small DDoS attack that was using close to 8,000 IP addresses in the attack... thankfully the server had the RAM, but CSF used between 12 and 14 GB of RAM with that ma...
by dynamicnet
05 Jul 2012, 15:46
Forum: Suggestions (csf)
Topic: Save quick allow and quick deny IP
Replies: 1
Views: 2806

Re: Save quick allow and quick deny IP

Good day:

I could be wrong, but aren't the allows in /etc/csf/csf.allow and the deny's in /etc/csf/csf.deny ?

And when the server crash / reboot, those files are re-read?

Thank you.
by dynamicnet
05 Jul 2012, 15:03
Forum: General Discussion (csf)
Topic: FTP Access being blocked
Replies: 2
Views: 3782

Re: FTP Access being blocked

Good day:

If FTP works fine when you have your IP in /etc/csf/csf.allow then check /etc/csf/csf.conf that you allow incoming TCP 20 and 21 for both IPv4 and IPv6.

If you make any changes to csf.conf remember to do the following:

Code: Select all

csf -r
service lfd restart
Thank you.
by dynamicnet
01 Jul 2012, 16:04
Forum: Suggestions (csf)
Topic: Please add a NOLOG option
Replies: 2
Views: 3779

Re: Please add a NOLOG option

Good day: Thank you for pointing this out. I appreciate your time and what you've done with CSF. I believe this would be the setting to exclude all email ports from port scan tracking: PS_PORTS = "0:24,26:109,111:142,144:464,466:586,588:992,994,996:65535,ICMP" It leaves out ports 25, 110, ...
by dynamicnet
01 Jun 2012, 14:07
Forum: Suggestions (csf)
Topic: Please add a NOLOG option
Replies: 2
Views: 3779

Please add a NOLOG option

Good day: csf.conf has DROP_NOLOG which modifies the firewall and does not log. Please consider adding a NOLOG option where I can list ports whose existing firewall options are not logged. For example: NOLOG="25" Let state I have a web server where I want to allow outgoing TCP 25, but no i...
by dynamicnet
31 May 2012, 18:35
Forum: Suggestions (csf)
Topic: Suggestion for ARF Reporting
Replies: 4
Views: 5120

Suggestion for ARF Reporting

Good day:

Please consider adding the ability for CSF to automatically send the ARF report to the abuse email address of the authorized party who has control over the IP address involved in the abuse.

Thank you!