New csf install on CENTOS 6.3 x86_64 virtuozzo with cPanel 11.34.1 build 7. The build automatically created a symlink in /sbin/ for iptables pointing to /sbin/iptables-multi, so I added another symlink for /sbin/ip6tables linking to /sbin/iptables-multi. Resolving fine.
csf starts when IPv6 disabled. VPS supports IPv6 and I have v6 addresses that I like to use for a couple of domains
Hi,
Currently have CSF v 5.72
The firewall does not seem to be blocking IPs. I am receiving hundreds of emails saying that an IP (108.166.114.12) has been permanently blocked however there are repeated entries/emails for the same IP
When I try and search for the IP in the IP Tables the following is displayed, which is not a normal result from what i remember
We have a new server installation of openSUSE 12.2 (x86_64) and installed csf 5.73. The process ignore reporting does not seem to be working correctly. We have included lines to ignore apache including all three of the following:
I am seeing following block email from one of my VPS running csf, I need to know what exactly this mean.. (123.123.123.123 being my server IP and server5 is server name).
CSF is latest version, Geo database unzipped and stay in correct folder but it seems that CSF do not try use it. PurePerl require few perl modules (like Import, Export etc.) all of them installed by CPAN but CSF still not use database. Some testing option might be useful for such case.
hello
I've installed Direct Admin on my server and I need to install CSF on it but it's not possible
--------------------------------
Checking Perl modules...
Can't locate LWP/UserAgent.pm in @INC (@INC contains: /etc/csf /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 22) line 2.
BEGIN...
Hi all. I've been working in mitigating the attacks I'm suffering in my server and now I have a question.
Is it possible to block IP ranges (IP blocks) when lets say 4 or more IPs from that block are already banned?
Here is a small capture of the traffic on port 80 during the last attack:
om/m1oly.png ( remove the space, sorry I can't post links )
I have a dedicated cpanel server at a colo here in Virginia. We have 1 client who has employees who connect to virtual desktops on a Citrix VM. While working on their virtual desktops they cannot see any websites we host; traceroutes show them traffic stopping one hop before our server.
We switched to CSF from APF a few months ago. I have this clients Citrix ip range (an entire /24)...
My servers are setup to only allow ssh by root. These alerts work fine with actual root logins but I've also gotten a couple of alerts with no evidence of an actual ssh/root login -
lfd on server.servername.com: SSH login alert for user root from 62.212.154.143 (NL/Netherlands/www.digiinfo.nl)
When I parse /var/log/secure for this IP, there are no log entries. When I parse...
I'm trying to configure LFD to send me an e-mail only when root logs in via SSH. I have LF_SSH_EMAIL_ALERT=1 and I get e-mails on every login to SSH, which I don't really need, especially since FTP is disabled and I require all users to use SFTP so I don't need an e-mail everytime they FTP in to upload files. So I just want alerts on root login, is there any way for me to configure this?...
One of our client is not able to open webmail and cpanel when CSF firewall is enabled on the sever, i have checked their local ISP's IP 116.203.16.172 is not blocked in the server firewall in temp deny or perm deny, though they are not able to open webmail and cpanel. then i have tried to allowed that IP in server firewall allowed list but the problem is still persist. as i disabled CSF...
I've got an issue with CSF blocking PDF uploads bigger than 4mb. I've included the logs and removed anything that might identify our site/login details :)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum