I use csf with cPanel(up-to-date) and set CC_ALLOW worked for about one week and after that started to block IP-s from the country specified at CC_ALLOW. This behavior happened on two independent servers with the same architecture.
I think is not normal. What do you think?
I searched but not sure I'm searching for the proper thing. I have one customer that has more than 30 users using email. They constantly are kicking off the firewall and I have to reset it.
Is there a way to restrict the firewall from blocking people using one domain on the server?
I understand this could cause trouble.
Does anyone have a working set of rules they use with CSF to help reduce impact from repeated login attempts on WordPress?
These attempts take place with /xmlrpc.php (multiple attempts in one post) and /wp-login.php (single attempt). Often one IP will try many, many times (eg yesterday, 3000 in 2 days).
It would help a lot if CSF was able to auto-block them with some built-in solution; far more...
I'm looking for a solution/workaround NOT to block ip addresses from country ABC when hit by lfd (fx login failures, etc.)
Are there any easy way?
I have been looking at
Which can generate a list (not sure if it's complete, but that's ok) of CIDR for Whole country. But the list will naturally be QUITE long. So I fear that it will have performance influence when putting list of 100000s...
There's a lot out there about various methods to secure SSH access better.
But on a Cpanel server, in my opinion, access to WHM gives the user a degree of privileges near that of logging into SSH via root. So I have a few questions for discussion.
First, let me setup the context for the application of these methods. It's a server that does not have to be HIIPA or FICA compliant. It just has one...
I am trying to configure the HTTPS messenger service to give an HTML error message when an IP address is blocked. It's working, but very slow. When I usee httpie, I get the following error:
http: error: SSLError: certificate verify failed (_ssl.c:579) while doing GET request to URL:
With Firefox, it works, but takes well over a minute before the page loads. I have no idea where the holdup...
Hi,
CSF stops almost every night. I receive the following error message:
/var/log/lfd.log
Jun 19 03:20:16 server lfd : iptables appears to have been flushed - running *csf startup*...
Jun 19 03:20:18 server lfd : csf startup completed
Jun 19 03:20:18 server lfd : *Error* csf reported an error (see /etc/csf/csf.error). *lfd stopped*, at line 7146
Jun 19 03:20:18 server lfd : daemon stopped
Jun...
I use scanmyserver.com to do an audit of my server. I was looking through the ModSec logs and saw an IP address that was there more than five times, performing a scan. I was curious as to why csf hadn't blocked them. So I went into the GUI and searched for the IP and then realized the IP belonged to scanmyserver, however, the IP address is also listed in the GreenSnow blocklist.
If I wanted to whitelist my server's IPv6 local loopback address, do I need to whitelist:
::1/128
fe80::/10
Or would
::1/128
be enough? Essentially, is it a good idea to whitelist the link-local address (fe80)? Also, should it be fe80::/10 or fe80::/64? I'm still struggling a little with the IPv6 stuff.
So it didn't take me long to realize that IP's are not actually being banned when using Cloudflare because iptables isn't looking for X-Forwarded-For in the header (is this even possible?) So the attack comes from Cloudflare IP, which of course is whitelisted, so the server is completely unprotected.
So after reading the documentation, I found BLOCK_REPORT which I can use to fire off an API call...
Hello
I have a mail user witch IP is continuously TCP_IN blocked for portscan.
When I look at the log it uses an MAC-destination:MAC-source:Mac-type combination that is always the same but with different IP all over the world.
But my mailuser says he has a fixed IP !
Does anyone know what is happening ?
Thanks for your help.
Marc
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum