So there's basically three hack attempt strategies on my server I'd like to just stop.
SSH login - I know IPs get blacklisted after 5 failed attempts within x minutes, but I only SSH in from a handful of IPs. There's a chance some of these IPs will lose their DHCP reservation and change, but I have at least one static IP. So I assume best solution is to remove port 22 from the allowed ports and...
I'm using a modsec rule to detect and block joomla and wordpress bruteforce attack. This is working well, but I would like to block also the IP with CSF. Therefore I set LF_MODSEC=3, but it doesnt work. I'm using cpanel and in /usr/local/apache/logs/error_log it looks like this:
ModSecurity: Access denied with code 401 (phase 2). Operator GT matched 0 at IP:bf_block.
ModSecurity: Access...
I am note sure if anyone have issue with MTU after the new version of CSF?
If i active csf by command csf -e, and if i use MTU website to check the IP MTU, it drops to 1496.
But if i instantly disable it by csf -x., It goes back to 1500.
This MTU problem affects my server connection.
I am able to solve this problem by disableing the packet filter on one of my cpanel server, but not...
First off, I am not sure where to post this questions so I do apologize if this is in the wrong forum.
I been using Gmail to receive my emails from all my websites for a few years now.
Couple days ago I noticed that I didn't receive any emails so I checked settings in Gmail and saw Connection Error. Mail from this account has not been retrieved since Apr 2 for all of my email accounts. I then...
I´ve just installed csf on my WHM Server, and was wondering how many ips can I limit on the filed DENY_IP_LIMIT so it doesn´t consumes too many memory.
I used file /etc/csf/csfpre.sh for some instructions for iptables. But near one in 3 days additional instructions was vanished from output of command iptables-save . If I restart csf -r additional instructions return in output of command iptables-save . Is it bug?
Dear professionals I need your help.
How to security solve this task?
One of my clients need to send e-mail from web form. He uses smtp.office365.com.
If I add nobody to SMTP_ALLOWUSER, he can do what he wants.
No I wander if is't ok to add nobody to SMTP_ALLOWUSER?
Wasn't it better to allow connection to smtp.office365.com?
If yes, how to add host name (instead of IP) into allow list?
Recently installed (2/3 days ago) CSF on Ununtu 16.04.
I can log into the UI. However it will randomly stop responding. The web page comes up as not responding and I have to restart lfd I order to be able to log in again. As far as I can tell the services are running it's just the UI not working.
Before I log in successfully the process lfd UI is running. Once the webpage stops working the...
I have CSF installed and updated to version 9.26 on a Centos VPS. Currently my CSF status Firewall Status is Enabled but Stopped. When I try to start the Firewall, I get the error iptables: Memory allocation problem and Error: FASTSTART: (TCP_IN IPv4) [] . Try restarting csf with FASTSTART disabled, at line 4904
I am new to using CSF and do not understand how to resolve this issue in...
Hello, since a few months back I've been having problems with the lfd service, I tried fixing it myself but was unable to find the error, I resorted to stopping the monitoring of this service since it would spam emails every 5 minutes alerting me that it was down.
But every time cfs updates the monitoring updates and re-enebales lfd monitoring, so 100s or 1000s of emails again.
We want to have our own custom blocklist file at and include it in csf.blocklists on all our servers.
Is the following an acceptable format for csf.blocklists?
tcp|in|d=80|s=46.229.160.0/20 # flooding ADVANCEDHOSTERS-AS NETHERLANDS - do not delete - Sat Apr 22 03:54:23 2017
tcp|in|d=80|s=51.254.0.0/15 # flooding OVH SAS FRANCE - do not delete - Sat Apr 22 03:54:23 2017...
Say I have a server which only needs to be available to a very short set of countries.
Do we have to set csf.conf to explicitly specify EACH country in CC_DENY and CC_ALLOW ?
having trouble with ROOT login to WHM, cfs is blocking SSH access so I can't change pass.
Can boot with rescue system, need help do disable CFS or allow my IP via rescue SSH.
OS: Centos 7.3 // WHM 64.0
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum