ConfigServer Community Forum

Hello All,

I have a Centos 6 cPanel server, which has only recently been setup (within the last month).
I have installed and configured CSF, and it works very well for the most part. However, I noticed that the server's time has started running slow. At first, when I tried to re-sync manually, CSF blocked the Time Server, but I resolved this, and now manual syncing works well. However, I have...

ConfigServer Security & Firewall - csf v10.02

it takes ages before I get access to Config Server Security and Firewall settings.

My Mail Queue Administration remains flooded.
Finally after much searching, I had to suddenly enter an email address to LF_ALERT_FROM = mymail@new.us

Now I'm not getting emails in on Mail Queue Administration, but in my private mail box.

The information stated...

If you disable LFD in the CSF configuration (LF_DAEMON = 0 ) it will still be enabled in systemd. This means that systemd will try to start LFD on boot. That will fail because if LFD is disabled in the configuration the lfd binary will immediately kill it's own process.

root@server:~/csf# lfd
Killed

This is caused by line 6704 in /usr/sbin/lfd (version 10.00).

kill (9, -$$);...

I don't know what I'm doing wrong. Messenger works and it gives me the screen when I get blocked, but when I pass the reCAPTCHA (and I get the confirmation message) it doesn't unblock the IP, temp block or perm block.

How could I debug this? Is it the user that I created for it to run? I created it like this: useradd -rUM -s /sbin/nologin csf

Everything works fine, except the unblock.

Running...

Hi security guys,
Blocking ports doesn't seem to be working for me in CSF. I am also using csf from webmin console.
Have removed port 80 from TCP_IN, UDP_IN, TCP6_IN, UDP6_IN and restarted it through csf -r
still i can see 80 is not blocked yet from outside.
=======================
# ./csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK...

Hello,

After my cPanel updated to v60 I started getting the following error:

Time: Wed Oct 12 14:36:40 2016 +0300
Error: Failed to detect code in SYSLOG_LOG

SYSLOG may not be running correctly on

Running /scripts/restartsrv_rsyslogd --status displays that the rsyslog service is indeed running.

CentOS: 7
CSF: 9.24

Any idea why I get this error?

Thank you.

We spun up a new server and added CSF to it. Pleasantly surprised to see 'Authentic' theme as the new default theme. However, the 'Firewall Configuration' link is missing. When changing back to the old 'Gray Framed' theme, the link returns.

Can't see anywhere to change that. Is it a bug or are we missing a setting someplace?

EDIT: oops. I put this in the wrong forum. Should have been bugs.

I've updated my server from using EasyApache 3 to EasyApache 4 but now when I run a scan with ConfigServer Security & Firewall I am getting the attached warnings (which I didn't get before).

Is this a bug, or are these all genuine warnings that I need to work through ?

Screenshot of errors:

The system is running PHP 5.6.29

Thanks in advance

Config Server installed Firewall & Security, and uses the two options to run this plugin.

After several hours the plugin have put in, I get error messages in my log DirectAdmin,

Site Summary / Statistics / Logs> Error Log Web Full Error Log

Sat Feb 18 17: 44: 25.414434 2017] AH01630: client denied by server configuration: /home/admin/domains/nieuws-feiten.nl/public_html/ robots.txt
AH01630:...

Hi,

im new to this forum but a long time user of csf. And since i use it i want to understand it a bit better.
Before i always used fail2ban next to csf because i dont know how to configure and especially where to see and confirm that csf is watching my logs.

So i thought it was needed to run fail2ban for per example imap logins.

People keep telling me that its not needed.

So that leaded me...

Hi,
Ive got a streaming company ive got a site streaming one of my streams.

Would like assistance to block the domain as blocking the IP has done nothing.

Im using ConfigServer Security & Firewall - csf v9.30

Regards

Andy

I'm having a bad time with CSF.

I've tried all profiles, i've turned off mod_security, i've duplicated settings from another working server with CSF all to no evail.

I've check logs and there is nothing i can find.

Basically when I enable CSF/LFD my sites run fine and then slow down and won't load javascript files and other files relating to wordpress or modx (modx specifically). There are...

Have a problem configuring CLUSTERING (csf: v9.28) with 'CentOs release 6.8'.

Have set the parameters 'CLUSTER_SENDTO, CLUSTER_RECVFROM, CLUSTER_POST, CLUSTER_KEY and CLUSTER_BLOCK'.

On machine 1 (CentOs release 7.3.1611) a test with the command 'csf --cping' give a valid output.
On machine 2 (CentOs release 6.8) same test gives the output 'Can't locate object method new via package Crypt::CBC...

Ok here it goes.

I have an issue with Passive FTP.

I entered the following in my CSF firewall: 30000:50000

I also changed my pure-ftp.conf file to 30000 50000

Restarted the FTP

Still have the issue. Not sure if there is something other to do. Never had this issue before with my other server.

Any help is appreciated.

Since the update to CSF 8.17, I have been receiving the following typical alert for every 100 or so messages sent by Mailman to legitimate lists:

Time: Tue Apr 5 17:15:20 2016 -0400
Type: LOCALHOSTRELAY, Local Account - ::1
Count: 109 emails relayed
Blocked: No

For a list of 600-700 members, I receive 6 alerts. Note the strange account name. 8.19 did not correct the problem and it never...

Hi there, I just rebooted my server and spent over an hour watching the iptables rules being loaded one by one. It seems as though there were many thousands of rules being set, but I cannot understand how. Once CSF had finished and I was able to interactively access the server, I checked csf.deny and there are only 218 lines in that file, which are all single IPs (not CIDRs). there are currently...

Hello
i found LF_HTACCESS block for login failure detection but for of Apache
what about same founction for tomcat web authentication (realm) ??

Thank you

And I am getting:

Job for lfd.service failed because a configured resource limit was exceeded. See systemctl status lfd.service and journalctl -xe for details.
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled)
Active: failed (Result: resources) since Fri 2016-12-02 14:19:54 EET; 4ms ago
Process: 86993...

Hey All,

I encountered a super weird issue today, and was not able to figure out the cause, or reproduce.

Out of the blue, my server started rejecting connections from anyone, anywhere. Meaning, all hosted sites were down, the server was not pingable, WHM was unreachable, etc..

My gut instinct was check the firewall and sure enough, after logging in via console and executing a csf -x the whole...

se

it looks like there is a new exploit affecting Cpanel servers
How can an IP gain access to Cpanel /whm without logging in

is there some setting in CSF that I can tweak to block this