I provisioned a new VPS a few days ago and they used a pretty old image as CSF is on version 6.36. When it looks to upgrade it cannot seemingly find the server for whatever reason. I tried running csf -u in the shell and get the same 'Oops' message.
I don't want to accidentally mess anything up so if you can let me know how to either manually upgrade or completely uninstall the software...
We have a master server and many slave servers which together form a csf cluster. When we try to use the option cluster ping, we are not getting reply from few servers. Please see the details below.
csf --cping
---
Sent request to 213.xxxxx, no reply
Sent request to 213.xxxxxx, no reply
Sent request to 213.xxxxx, no reply
Sent request to 213.xxxxxxx, no reply
Sent request to 213.xxxxxxx, no...
I have CSF v.7.60 installed and up until recently when I manually put an entry in the Temporary Allow/Deny block using WHM everything worked as it supposed to.
I believe after the cPanel update -but I'm not certain- to 11.46.2 (build 4) Temp entries are not kept more than 12-24 hours. So if I choose to keep an IP say for 7 days, the next day this IP is removed even though I selected...
I flushed iptables with iptables --flush (don't do this if you don't know what it does!). Then I rebooted my system (Ubuntu 16.04). CSF started as expected, but I noticed the flushed /nonexistent firewall rules were still there after the reboot. I had to issue a csf -s in order to get my iptables rules reinstated. I was a little surprised by that, since I assumed that at boot, csf would start...
I am using CSF on my cpanel server, i want to disable ICMP Timestamp Response as Trustwave is failing PCI DSS scan due to this, how do I achieve this via CSF, I disabled incoming ICMP but that has not solved this issue. Below is the description given by Trustwave about this:
---
The ICMP protocol is used to support many administrative and maintenance messages on an IP network (the most...
Just a note that I ran into a problem with certain cluster members were not responding. I double checked their configurations and everything looked good. Restarting LFD wouldn't fix anything. When I ran csf --cping from the master node two of them reported no reply even though when I looked at their logs you could see lfd : Cluster member (CA/Canada/ ) said PING!
I've been managing CSF as a plug-in in Cpanel WHM. If Cpanel expires, how to I continue to access the CSF Web Interface? Are there any changes I need to make to the config?
After updating CSF to v7.0.3, i get error in DirectAdmin Control Panel/CSF: Permission denied .
Reinstall of CSF is the simple solution, but not the best.
Is there a good solution? Changing file or folder permissions for example?
Reinstall firewall gives opportunity for hacking..because:
1. No firewall is not good at all.
2. There is a few minutes time to hack your server. (FAST_START solves...
I have a client who has some mysterious old e-mail reference somewhere on their devices or on my server that is continuously looking for mail and being denied access and they keep getting blocked whenever their ip address changes as they travel.
Is it possible to configure CSF to ignore any time mysteryaddress@domain.com tries to connect for mail from any ip?
Ive just setup a new server and configured a HE IPv6 tunnel, and all outbound traffic is being blocked by CSF, even though I have all ports allowed on outbound.
# Allow outgoing TCP ports
TCP6_OUT = 0:65535
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP6_OUT = 0:65535
I've added the tunnel server ipv4 address to csf.allow and can ping other ipv6...
Hello, We have been recently getting alerts for 0.0.0.0 (-/-/-) blocked with too many connections . This appears to be triggered by our CT_LIMIT=500 setting. suggests 0.0.0.0 is a meta IP for all system IP addresses, however, why would CSF block it's own systems IP addresses? The concern is should this be blocked and is there any adverse effect? Is there any action we should take?
I found that one entry in csf.blocklists (RBN) returns a 404 and I figured I'd disable the list. I even found some alternative rules by emerging threats.
The problem is that whenever I edit csf.blocklists, either using the WHM interface or via SSH, it seems to work at first and then after some time it just resets again. I can't comment out the line either.
One of our customers is having issues with a remote MX, so my plan was to block it on CSF, but every once in a while it gets cleared out due to the IP limit of the deny table.
How can I block that IP forever?
Also, is there a way to block domains using dyndns instead of just allowing them thru?
We're trying to build a Centos Gateway for our cloud host server. This is actually easier than I first thought with iptables using the following command to set-up NAT masquerading:
/sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
Having already set-up IP Forwarding, this command pretty much allows the guests to use the Centos Gateway to connect to the Internet...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum