I noticed that filtering based on UID or GID of source packet in csf.allow works only if d=port is specified.
I think it would be nice to make s/d=port setting optional (unless you had a good reason to design it like that)
Is there any way to have an email sent to either the server administrator or maybe even a field setup within CSF admin page, so that when your upgrade button appears in WHM it would email telling you an update is available.
Not sure if others would benifit from this but hey worth asking.
Is it possible to add a new feature to CSF so that if an IP address is blocked due to exceeding the CT_LIMIT (Connection Tracking Limit) the email produced actually contains details of the connections in progress.
For example, instead of just:
From: root
To: root
Subject: lfd: 12.34.56.78 blocked with too many connections
It would be nice if you could set which BLOCKS you would like to be PERM and which TEMP. The items requested with this option would be:
LF_SSHD; LF_FTPD; LF_POP3D; LF_IMAPD; LF_HTACCESS; LF_MODSEC; LF_CPANEL; LT_POP3D; and LT_IMAPD.
Currently you please a postive number in the option for these. What if CSF looks at the number and if it is positive then it is a PERM BLOCK and if negitive it is...
Firstly, thank you so much for this script! It is excellent!
Personally I have shut off the cPanel mod_security plugin and installed mod_security myself. This way I don't get cPanel scrubbing the audit_log every hour. Your script does a far better job of displaying more information about each potential attack!
I wonder though for someone that has little to no idea about these things,...
Hello,
i have dedicated server and install csf and lfd
will time i upload one shell c99 on server and run them,and in part :: Command execute :: and enter cat /var/cpanel/accounting.log, i can see all user and all site in my server
and if i enter command ls /home/ /public_html i can enter to any user that want
Do you have away ?
i close them,until hacker can`t see all site and see all files...
Maybe adding a feature on setup to enable/disable CSF frontend on WHM be helpfull for those dummies that get managed Dedicated or VPS, so we can disable frontend for those that do not know how to deal with it.
would it be possible to add the IP address for SU alerts. I though if I just added the shortcut in the email alert it may put the IP in there, but it doesn't. IE:
lfd: SU login alert - Successful login from admin to root
Time: Thu Dec 21 09:09:28 2006
From: admin
To: root
Status: Successful login
IP:
as we now disabling direct root logins and it would be handy, when an alert...
I know there is a feature that allows us to only allow certain ports. Also one that allows us to drop incoming on certain ports. But I would love to see an option that allowed blocks based on destination ports.
Your install script assumes that there is a path to sbin. For some reason my provider has omitted this and I haven't gotten around to changing it, as it usually isn't a problem.
Just a suggestion that you might consider adding /sbin/ before the calls to executables.
like to see an option that would allow to turn off any logging from IP's listed in the ignore file or allow file. As I probably log into our server over a 100 times a day and I have an associate the logs into the server on a regular basics. I have both these IP's, which are static IP's. and they tend to load up the log file quiet abit.
Could it be great, if LFS could tell if someone has uploaded some mp3 or exe files for downloading? or to let us know if one file of that type has been downloaded so many times?
I've actually done install of this under non cpanel systems and without issues. But the some of the recent versions concern me because they have more features which relate specifically to Cpanel.
Is there any plans to make it control panel independent ?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum