ConfigServer Community Forum

Hi There,

Today i've received this e-mail from MaxMind about their changes to the API usage:

Hello,

We are decreasing the daily download limit for GeoLite accounts, according to the schedule below:

Date of update
Thursday, February 15, 2024

Thursday, February 22, 2024

Thursday, February 29, 2024

Thursday, March 7, 2024

Thursday, March 14, 2024

Thursday, March 21, 2024

New daily...

There should be an option where csf.tempip is updated on using csf -td from the CLI. This way if system admins keep adding temp adding the same IP or CIDR, LFD would see this in the file and perm ban the offending IP or CIDR

Hi There,

We like to use CSF in combination with a Paid version of MaxMind Geo-IP2 database.

If i review the code, the free-version is hard-coded:

ConfigServer/Config.pm:

$config{cc_country} =
$config{cc_city} =
$config{cc_asn} =

It would be great if these download URLs (or edition_id) are overwritable so that the Paid GeoIP2-Country-CSV edition can be used.

Hi,

I'm getting suspicious alerts for webalizer process like this for all users. I couldn't find anything suspicious.

USER 917236 0.0 0.0 272464 7172 ? SNs 06:38 0:00 /usr/local/cpanel/3rdparty/webalizer/bin/english -N 10 -D /home/USER/tmp/webalizer/dns_cache.db -R 250 -p -n DOMAIN.com -o /home/USER/tmp/webalizer /etc/apache2/logs/domlogs/DOMAIN.com.bkup

I have noticed that webalizer binary...

Hello,

The PERL script /etc/csf/lfd.pl which is running as a daemon, when we enable CSF UI, checks incoming headers, and it requires them to be capitalized.

For example:

if ($header{'Content-Length'} > 0) {
if ($header{'Content-Length'} > $maxbody) {
and

if ($header{'Content-Type'} =~ /multipart\/form-data/) {
$client->read($fileinc,$header{'Content-Length'});
} else {...

Hi there,

would be very nice if LFD could ignore the files updated by (unattended) APT updates. It would make sense if LDF could ignore these files. When doing manual APT updates it's still ok if you get an LFD email about the system integrity but especially with the unattended updates it's sometimes quite scary getting a LFD email about your system integrity.

Any help to achieve this is...

Greetings, within /etc/csf/lfd.pl, we have this little tidbit of code within the getlogfile section (between lines 2194 to 2248).

if ($totlines > ($config{LF_PARSE} * 1000)) {
my $text = *Error* Log line flooding/looping in $logfile. Reopening log file ;
logfile( $text );
if ($config{LOGFLOOD_ALERT}) {
my @alert = slurp( /usr/local/csf/tpl/logfloodalert.txt );
my @message;
foreach my...

The default CSF configuration files allow UDP in/out ports 20 and 21:

UDP_IN/UDP6_IN = 20,21...
UDP_OUT/UDP6_OUT = 20,21...

I believe this is a mistake. The FTP RFC defines it as a TCP-only protocol.

We were also unable to locate any implementation of ports 20,21/UDP in the field.

Hello.

I've been trying to find out exactly what IS faststart. All I can find are references to how to start it or stop it. I can't find out within the csf configserver tech notes WHAT IT DOES?

What am I missing?

Thanks

Hello, please add support for Debian 12.

Hello,
we use CSF on several cPanel servers. It would be amazing, if CSF could send notifications as POST request to a specific URL with data in JSON, so we could gather it, store in a database and have option to display it in out customer management system and let customers whitelist (that is another part). As it is now - we receive emails and that is often very inconvenient and hard to automate...

I have the same problem. Why not add the option to the configuration, something like:
PROTECT_IPSETS = myset_1, myset_2
or another settigns file that contains the names of the list to be left alone at restart:

#FILE csf.ipsets_protected
myset_1
myset_2

I could do that in the main csf PERL file but on update the changes will unavoidably be gone.

Markku

Dear ConfigServer Firewall Community,

I hope this message finds you well. I am reaching out to propose a new feature that I believe would significantly enhance the security and usability of the ConfigServer Firewall (CSF), particularly regarding SSH login alerts.

I'd like to suggest an enhancement to the SSH login alert system. The idea is to implement a conditional alert mechanism that...

Currently connection tracking blocks all ports even if you have CT_PORTS defined.

Similar to LF_SELECT, it would be great to have an option to only block defined CT_PORTS.

Thank you.

I have CSF setup to only block IP access to service ports for which a block occurs.

When running csf -t, I see an entry for each service port that has been blocked, however, the port column shows an aggregate of the ports being blocked.

For instance:

csf -g xxx.68.22.155

Table Chain num pkts bytes target prot opt in out source destination

filter DENYIN 2 0 0 DROP tcp -- ens192 *...

Hi,

We appreaciate all the work done on CSF!
However, we are not able to set both source and destination IP address in csf.allow.
Therefor we need another work around and set it manually in iptables.

Please add the option to set both source and destination IP. This would greatly improve on CSF.
Something like
tcp|in|d=443|s=10.0.0.2,d=172.0.0.2 #Allow tcp-in from 10.0.0.2 to port 443 on...

Hi! I am a user of cpanel 10 y. now
Last 1 y. i test some servers with aapanel and after of 9m test i have add it to live server 3 month now!
The csf is one of my favorite tool and is the ONLY TOOL THAT I AM MISSING from cpanel!
Has anyone else tried to install the csf in aapenel? has any one try to add it to difrent system ?

Specifically in my case, I am just having to do a migration to a new OS, and new cPanel.

The IP address of the server will eventually be the same.

Ideally, no systems should even notice.

I would like to preserve my settings and IP block / whitelist tables.

I expect it may be a copy of a number of files. But I don't know which ones are particularly important or even should not be copied over....

SYSTEM INFORMATION
OS type and version Rocky linux 8.8
Webmin version 2.101
Virtualmin version. 7.8.2
Config server Firewall(CSF) verison 14.20(generic)

I want to see alerts of outgoing emails from my server when they cross a certain limit and I have configured everything accordingly but alerts are not coming in my given email. Everything is working fine except Relay Tracking. We are using...

Dear MaxMind customer,

We’re writing because, between July 15 and August 14, we saw GeoIP download requests from your account that are not being sent with HTTPS (see details below). To improve our server infrastructure and allow for better performance and efficiency, MaxMind will begin requiring HTTPS for GeoIP download requests in March 2024. To help customers get ready for this change, we will...