I have a VPS with Almalinux8, Cpanel and CSF installed and with a 600Mpbs port. I started experiencing speed issues with FTP uploads (because it limited data upload) and so to check the speeds from the server, I installed speedtest cli.
I've pounded on this for quite some time now with the two following custom rules. Log locations set in the conf file, but nothing working. Please make recommendations if you run across this post.
The built in IMAP rules in CSF do not work on my server. Never have. Non standard Debian/Postfix/Dovecot setup to blame I suppose.
Trying to prevent the following. Below are errors, followed by regex...
I'm trying to migrate a WHM/CPanel server from Centos 7 to Alma Linux 8. In Alma Linux, Host Access control does not allow the same configuration as Centos.
In Centos host access control you can select the Daemon, the IP(s), and Allow or Deny. So for example in my Centos config I allow my IP to access SSHD and then I set the next rule to deny all other IPs to that same Daemon.
I'm using Cloudflare, and dealing with attacks that LOOK like they're coming from Amazon / Cloudflare IPs. At 3:06pm today my server load went from 0.68 to 150 inside of 1 second :-O
When Cloudflare sends the IP, it shows up as X-Forwarded-For. I use Apache's mod_remoteip to change that to REMOTE_ADDR in Apache config, using:
I've been getting a ton of suspicious process alerts lately about a Perl script that hasn't been modified since 2020. So I'm pretty sure these are false alerts.
I'm using csf 14.20 on an Ubuntu Jammy system behind a 1GB FIOS connection. With csf/lfd running, I get throughput of about 30M/s, which increases to about 800M/s with csf/lfd disabled. I'm using a fairly generic csf.conf (shown below) and have tried to improve performance by reducing DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT to 100, but obviously it's still subpar. Any suggestions for how to narrow...
For a server I manage, I explicitly want to receive notification emails of successful ssh logins. I've enabled this, and allow-listed my own fixed IP address.
My customer can login to one account using ssh, but doesn't have a fixed ip. Is there a way to allow-list the public ssh key he's using?
An example of such notification would be:
Nov 28 13:05:51 srv sshd : Accepted publickey for...
Currently, I get a ton of emails like this:
lfd on : Suspicious File Alert
Time: Mon Nov 27 10:17:20 2023 +0100
File: /tmp/xxxxxxxx.o
Reason: Linux Binary
Owner: varnish:varnish (xxx:xxx)
Action: No action taken
These files are created by Varnish when it compiles the VCL for reloading.
However, I already whitelisted the varnish user from /etc/csf/csf.fignore like this:
user:varnish...
Hi,
I have already looked around this form , but did not come to a positive conclusion in the end.
I have been working for years with csf (and now also with cxs ). Now I am getting 'weird' messages on /opt/cpanel/ea php81/root/usr/sbin/php-fpm. Especially since multiple files are being opened/transferred.
I have investigated the ip's and they are from cloudflare and google (even 1 from...
Recently I disabled WP-CRON for wordpress and started using CPANEL with WGET to replace it. I've started getting emails lfd on XXXXX: Suspicious process running under user . I found some instructions on where to go to tell CSF to ignore these in the /etc/csf/csf.pignore edit, but I'm unclear exactly how to do this. Here is what the LFD emails are showing:
SYSTEM INFORMATION
OS type and version Rocky linux 8.8
Webmin version 2.101
Virtualmin version. 7.8.2
Config server Firewall(CSF) verison 14.20(generic)
I want to see alerts of outgoing emails from my server when they cross a certain limit and I have configured everything accordingly but alerts are not coming in my given email. Everything is working fine except Relay Tracking. We are using...
I've always used CC_ALLOW_FILTER to block non-US IPs, but I recently began using Cloudflare and now all connections come from a Cloudflare IP! My server load has skyrocketed, so I don't think that CSF is able to block non-US IPs anymore.
I blocked them in Apache configuration, but I think that runs after CSF, too, so I'm still getting the Apache connection for each request. And I'm talking about...
We are warding off a country denial of service attack on a WHM Exim server that has been ongoing for around 1 week. The attack takes the form of 1000s of servers sending email to non-existing recipients on the Exim server, quickly overwhelming the Exim's server's connection count limit ` smtp_accept_max `. The default for Exim is 20 connections. The default for cPanel is 100 connections. In our...
I've seen a lot of threads related to using Cloudflare, but no answers :-( Hopefully this thread will be the exception!
I've always used CSF's CC_ALLOW_FILTER to block non-US IPs. But I started using Cloudflare in September, and now that all incoming IPs appear to come from Cloudflare I don't think that this is working.
I tried enabling CF_ENABLE, but nothing changed so I think there must be...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum