ConfigServer Community Forum

so I am currently watching an IP address in the middle of a csf.deny CIDR block access the webserver

newest csf (10.24 upgraded to 10.25, no change)
restarted csf
control panel reports everything is fine

how is this even possible and where do I even begin to diagnose what has gone very wrong?

the max entries allowed for csf.deny is definitely more than what is in there, it's not being...

Will ConfigServer Firewall support Docker hosts in the future? We'd like to firewall the hosts Docker runs on and it would be cool if this is possible from within CSF.

Hi,

I have a reseller account with very limited access to WHM, however, I would like this account to be able to use the csf firewall.

I believe I have ConfigServer Security & Firewall (Reseller UI) selected in Additional Software... Third Party Services.

The reseller account can see the plug-in, but when clicking, gets the message:

You do not have access to ConfigServer Firewall.

What am I...

I have a cpanel server with a Juniper SRX 300 firewall. We block all ports other than web and email. FTP and cPanel access is whitelist only for client IPs. Since I have cphulk and a hardware firewall what extra benefit would CSF be if any? I tried CSF and it conflicts with our VPN since the Dynamic VPN feature changes IPs. Is cphulk and the hardware firewall secure? Do I lose or gain anything...

Hello, I've searched around for this however have not had much results.

Does ConfigServer Firefall/LFD work with the nginx installation? Ever since I swapped over to nginx, CSF went silent on attack floods on the httpd.

What do i need to provide to help get regular expressions created for the detection of such events on nginx? :confused:

Ok, so most of my machines are cpanel.
This one is just a plain centos box.

So i installed csf as usual, and restarted it...

*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

Ok, no problem, lets install it...

Package 4:perl-5.10.1-136.el6_6.1.x86_64 already installed and latest version
Package perl-IO-Socket-SSL-1.31-2.el6.noarch already installed and...

Can I include command separated port numbers in the csf.deny file?

For example I have the following:

tcp|in|d=80|s=89.248.160.0/21 scannerbots googlemapsexploit QUASINETWORKS SEYCHELLES - do not delete - Tue Apr 11 14:49:02 2017

And I want to block port 443 too

tcp|in|d=80,443|s=89.248.160.0/21 scannerbots googlemapsexploit QUASINETWORKS SEYCHELLES - do not delete - Tue Apr 11 14:49:02 2017...

Hi all,

Have I formatted these csf.pignore exceptions correctly? I still get emails. I have restarted csf+lfd, also.

cmd:php-fpm: pool siteone_com
pcmd:/opt/cpanel/ea-php56/root/usr/bin/php /home/siteone/public_html/bin/magento *

Original emails are as follows:

Time: Sat Feb 11 10:39:31 2017 +0800
Account: siteone
Resource: Virtual Memory Size
Exceeded: 565 > 256 (MB)
Executable:...

Hello,

I have configured this regex.custom.pm

# setup-config
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] \w*(?:GET|POST) \/wp-admin\/setup-config\.php.* /)) {
return ( setup-config attack ,$1, setup-config , 20 , 80,443 , 3600 );
}

As you can see, the trigger level is 20
and the temporary value is 3600

But the block is done on 10 triggers and 1800 seconds

Time: Sat...

I am running latest CSF on Centos 7.3 with latest CPanel release 66. CSF is configured as per profile protection_high.

The following instructions were done on my server's CLI.

whois my-hostname ---> works perfect
whois my-server-ip ----> time out error

but

whois 8.8.8.8 ---> works perfect :-?

After verifying that my provider did not block anything related to port 43 or whois, I deactivated...

Hello,

We're having the xtables lock issue:

Jul 11 02:05:27 lfd : *Error*: Unable to check csf due to xtables lock, enable WAITLOCK in csf.conf

I've checked other threads and it says this should have been solved in a previous version of CSF.
We're running version 10.14:

# csf -v
csf: v10.14 (cPanel)

I don't know if this is a bug or if something is really using iptables, but so far we...

We use SASLAUTHD for SMTP authentication with sendmail. saslauthd failures log to /var/log/messages, but don't include the IP:
---
08:12:41 XXXX saslauthd : do_auth : auth failure:
---

But this corresponds to the following entry in /var/log/maillog:
---
May 8 08:12:41 XXXX sendmail : q48CCUdi023216: a.b.c did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
---

Would it be safe to block...

Hello,
I am working on a new install of csf. I am getting traffic blocked even in test mode. This is on a VPS in hostgator centos 6.9
WHM 66
Aug 23 10:08:14 bam kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=fa:16:3e:89:99:17:00:1c:73:63:e5:9b:08:00 SRC=XXXXXX DST=XXXXX LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=15024 DF PROTO=TCP SPT=9441 DPT=80 WINDOW=55520 RES=0x00 SYN URGP=0

in...

Hi,

I'm struggling to get the recaptcha working on my server and was wondering if anyone could help?

I've disabled Domain Name Validation as mentioned in the docs and the key

Redacted

Hello CSF Team :),
At the time of this writing, I am using CSF v10.22

I have installed CSF on my cPanel servers and all of them are up to date with the current version.

Today I was testing and installing docker containers on one of my cPanel servers, and all was working well. The docker container was loading perfectly on http:// :45566

I then had to add one of my IP address to the whitelist...

Hello,

I have the following case here with my CSF. It is able to find a suspicious and excessive processes running on the server, but it does not kill/stop them. For example :

Time: Mon Aug 7 10:13:26 2017 +0300
Account: username
Process Count: 20 (Not killed)

Process Information:

User:username PID:3806 PPID:3343 Run Time:2469(secs) Memory:482564(kb) RSS:55036(kb)...

Hello

LF_MODSEC Stopped Working on All of My Servers with Apache 2.2

Can You Help Fix This ?

But Work Fine on Servers With Apache 2.4

I have 20 Linux servers hosted in the cloud. I installed CSF on all them, I want SSH to be accessible specifically on our office Internet IP so that it won't be accessible somewhere else. Is this possible? If it is, how do i set it on my CSF Conf.

Thanks

I am trying to get the following to work under one rule:
Jun 19 09:36:02 SERVER wp(SITE) : Authentication attempt for unknown user Admin from IP
Jun 20 19:03:38 SERVER wp(SITE) : XML-RPC authentication failure from IP
Jun 20 08:13:55 SERVER wp(SITE) : Authentication failure for admin from IP
Jun 21 14:49:46 SERVER wordpress(SITE) : XML-RPC authentication failure for admin from IP
Jun 21 14:49:48...