ConfigServer Community Forum

Server Details;
OS: Ubuntu 12.04 LTS
Virtualmin/Webmin

I have a joomla site getting brute force attacks. Joomla brute force attack extensions can limit the login attempts, but the server is still loaded with calls to the blocked login. I'd rather block the IP via CSF.

I have an extension using the following code;
error_log(sprintf($this->params->get('message'), $response ));
It writes to the...

Hello,

I discover the csf autoupdate function (AUTO_UPDATES = 1 in csf.conf). But I have few questions :

1) The update is triggered daily with /etc/cron.d/csf_update.
I only receive update report mail when there is an update, this is good. But how does this works?
The cron daemon only sends update mail when there is a real update? It could not know this, so
what is the trick?

2) Is there a...

Hi Members,

Can someone help me to track down and block following behavior with custom regex?:

=================================
2015-10-25 12:47:50 H=(115-87-13-177.skybandalarga.com.br) :21944 F= rejected RCPT : Sender verify failed
2015-10-25 12:47:51 H=(dynamic.vdc.vn) :59451 sender verify fail for :
2015-10-25 12:47:51 H=(dynamic.vdc.vn) :59451 F= rejected RCPT : Sender verify failed...

Hi

Our server is running WHM 11.52 and the latest CSF. As per I've enabled reseller privileges in the firewall config AND manually in /var/cpanel/resellers, but now when accessing CSF via the reseller WHM I get the error:

HTTP error 401

cgi/configserver/csf.cgi

You do not have permission to access this page.

AppConfig for “csf,” requires that you must have one of the following acls:...

Since the latest update we see on at least 1 server till now an strange issue with a temporary block due to a port scan.

We excluded 1 IP to access port 3306 in the csf.allow file ; but this morning suddenly the IP was blocked in the firewall due to a temporary port scan; i have checked the logs and this showed the IP only tried to access port 3306 ; no other ports.

Only difference is that...

Complete VPS down

After installing Config Server Firewall, all settings are properly checked before I Config Server Firewall puts online.

Config Server Firewall worked well, and blocked several IP addresses. However, several IP addresses, he did not block, I have also used the following setting as listed below.

After adding the following countries and IN BR went the entire VPS Server Down....

Hello,

I have just installed CSF on my server and i see it blocks all outcomming connections by default. I see my some website does not work such as whois website, send email (using external smtp server), ...
How to fix it ?

Hi I have hostgator VPS account and some keeps getting access to my server. They generated thousands of files in various newly created folders. I change my cpanel password and scan my pc for keyloggers. However, they still have access to my server. I need your help to rectify this problem. I pay alot for my vps server and google is not liking my sites due to generated content

Will csf fix cpanel...

I have tried looking though the forum only to read that the regex has been updated but the authentication failures are not being blocked after multiple tries. I have it set to block ftp after 3 attempts but it never blocks any users like the sshd login attempts do. Can anyone give me any advice to what I may have over looked or how to add a custom regex to catch the people trying to hack my...

Hi All,

I have a Cpanel/WHM server running CSF & LFD and we are getting pounded with spam coming in to our hosted email accounts, about every 5 mintues, 24/7. These are coming from outside of our server TO email addresses on our server.

I set the RT_RELAY_LIMIT to 2 messages and Permanent Block but the senders keep changing the source relay IP, below is a sample.

I can't figure out how to...

Hi,

I've got an haproxy server with csf listening at port 2222 forwarding some ssh to a remote server on port 22 (inside a private VPN, that's why the haproxy is forwarding ssh). I've got our office ip into csf.allow, and port 22 in TCP_OUT in csf.conf.

What i want is to not list port 2222 in TCP_IN but being able to connect from the whitelisted ip (our office). I though that's the expected...

Has anyone had problems with opening port 30000 to be used with Canada Post's shipping module?
I have the following in my csf.conf file but the port is not opened:

TCP_IN = 20,21,22,25,26,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,7630,30000
TCP_OUT = 20,21,22,25,26,37,43,53,80,110,113,143,443,587,873,2086,2087,2089,2703,3306,7630,19638,30000
TCP6_IN =...

Hey, guys!

I just installed csf on a new server. But I didn't find the option of csf UI at Third Party Services
Manage Third Party Services . So the csf UI is not available on reseller plugin list. So how can I do?
There was the option on cpanel but after I update cpanel to latest version it disappeared. Is the issue with cpanel or csf? I am also sure I have given the access to reseller at...

Hello,

I wanted to create a custom regex expression to scan exim_rejectlog and block address that match a RBL.
Currently on cPanel the rate limit feature is not enough for our needs.

I'm wondering if anyone has any experience with this.

Currently our logs look like this.

2013-11-06 00:10:22 H=(msa.hinet ) :4063 F= rejected RCPT : JunkMail rejected - (msa.hinet ) :4063 is in an RBL, see...

Hi,

I am looking for a way to add permanent blocks, with the do not delete comment, from the command line. How do I achieve this?

Thanks,
Steve

I use cfs on my cpanel server, I map a network drive for backups. It is a windows share. When mapping with cfs OFF everything works fine. When enabled it wont map. My question is A: is there a way to allow all ports and connections to internal ip?? Or B: how do I I allow this?

Thanks in advance,

Hi - this is my first post - but I have been an reader of this forum for a long time and learned a great deal.

I run a VPS with a number of low traffic, largely static Wordpress sites. It is Centos based and I use W3TC caching and a CDN to offload the server, which is very underutilized. I run Apache Forked with keep alive.

It is well configured - everything works smoothly - and CSF/LFD do a...

Hello,

I'm working on a setup that ideally would allow a single master to send blocks to all servers.

The setup i'm trying to achieve is this;

Slave(s) send all blocks to cluster master, and then the master sends it to the cluster slaves.
This way i can configure all slaves to SEND/RECEIVE from master IP and then the Master IP forwards all blocks to SLAVES.

As it stands right now, slaves send...

I just set up a Debian 7 server, and installed exim for outgoing mail.
I have SMTP_BLOCK enabled, but it's officially supposed to let exim through.
When I check the /var/log/messages file though, I see that outgoing port 25 is being blocked, even though it's open in the config file.
It seems like CSF isn't detecting and letting exim send outgoing mail.
I finally checked the user that exim was...

I'm looking to collect data about attackers , and I've been able to get started by parsing lfd.log into a database, but lfd.log only shows brutes ; it doesn't show all failed logins and port knocks. I'd like to be able to get all failures. I have found the list of logs at the bottom of the csf.conf file, but writing a parser for each log seems like something I might not have to do, since CSF is...