ConfigServer Community Forum

Hi, I am on a GoDaddy VPS, and I am having the issues like such:

Testing ipt_recent...FAILED - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED - Required for MESSENGER feature
Testing...

HI guys,

Hoping someone can help here. I have a client server that when I enable UDP FLOOD OUT I get this error after running csf -r:

iptables: Unknown error 18446744073709551615
RETURN udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 OWNER UID match 25
Error: iptables command failed, at line 1787

I've tried tweaking the settings as outlined in the conf file but nothing seems to change this. In...

showed up today in the logs

Retrieved and blocking blocklist XYZ IP address ranges
IPSET: loading set new_XYZ with 167 entries
IPSET: switching set new_XYZ to bl_XYZ
*Error* IPSET:

(btw on another server not using IPSET the blocklist was applied but that is probably obvious)

I ran into a potential bug with my new cloudlinux + Cpanel + CSF setup.

Recently I've setup a new Virtual Machine on a VMware platform with cloudlinux 7, after activation I proceeded to install WHM/Cpanel on this machine (without problem).

As per security conventions I then proceeded to install the configserver (CSF) plugin, which installed without error. I've followed the installation...

Hi Guys,

Just tried using this new UI on Webmin, it work's great, however the email never arrives :(

Should there not be a cron or something setup for it, as it does not seem like it.

See screenshots:

1) Webmin:
2) SSH:

Any ideas?

Cheers,
Dara

We are new to CSF but have been on cPanel for a good amount of time now.

We are receiving a lot of notifications that we wouldn't expect and I'm not quite sure what to make of them and I was hoping someone might be able to explain a bit.

The Notifications are:

Time: Thu Sep 24 10:40:45 2015 -0500
Account: main
Resource: Process Time
Exceeded: 5446 > 1800 (seconds)
Executable:...

Hi,

I'm having trouble getting CSF firewall to work...

My understanding is that the default behaviour is block/deny all. However this doesn't seem to be happening.

In csf.allow I have:

my.ip.address.here

And then I want to Block all other access to port 22 / ssh

I would have expected this to work by default if the default is deny all but nope.

I added the following to csf.deny:...

I have blocked several countries in csf.conf file. Restarted CSF/LFD.

CC_DENY = CN,BR,CA,HK,TW,RO,RU,UA,MD,KZ,TH
IWhen I check the Nginx logfile it shows the following:

61.135.190.69 - - GET /s5.css HTTP/1.1 403 198 - Mozilla/4.0 (comptible; MSIE 8.0; Windows NT 6.0)
158.69.27.74 - - GET / HTTP/1.1 403 570 - Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko)...

Hello

i was trying to loging to my server via ssh but i cannot so i login to whm so i can disable firewall and have able access again to ssh

i search for error messages logs and i found this

Sep 23 13:41:51 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=8754 DF...

hi team,

Here is the regx i made but its not working. I have to block the ip and the logs line is

NOTICE chan_sip.c: Call from '' (37.8.5.217:12242) to extension '011972547851891' rejected because extension not found in context 'my_context'.

IP i have to block is 37.8.5.217

The regx i have written is

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /\ NOTICE\ chan_sip\.c\: Call from...

Does csf monitor postfix logs for SMTP port attackers, to be blocked ?

I need for postfix on my servers. See alot of repeated attackers, making for much of the traffic in a day

I have paid for server hardening (service was pretty fast. Hopefully the server stays ups).

The sys-admin recommended using LF_SPI = 0 because the iptables were kind of broken.

Can anyone help to explain the differences as to what additional protection you get for Dynamic firewalls instead of static ones?

From what I can tell, it's still rejecting users on failed logins, which is a lot more...

After install I got this problem. I reinstalled Debian and DA and still get this problem:

ConfigServer Security & Firewall - csf v8.05

Restarting csf...

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain...

Hi Guys,

We have a few VNs running on Citrix and I wan to use the console but when I do I get TCP_IN blocked. Reading up, I know the destination port and want to customize the above variable.

At the moment it is : PS_PORTS = 0:65535,ICMP

I want to exclude from scanning port 5900 through to 5999 inclusive on TCP.

Reading the conf, I think I would set :

PS_PORTS = 0:5899,6000:65535,ICMP,OPEN...

Hello,

I was just wondering how I can pass the actual contents of the LF_SCRIPT_ALERT to the bash script for LF_SCRIPT_ACTION, example my LF_SCRIPT_ACTION is set to

/etc/csf/csf.lf_script_perm_action

which contains

#!/bin/bash

# email subject
SUBJECT= $HOSTNAME - Possible Spam Script

# Email To
EMAIL= email

# Email text/message
# EMAILMESSAGE= /tmp/emailmessage.txt
EMAILMESSAGE= TEST...

I just can not get the custom regex rules to work for me. I look in the CSF ip deny section and no IP's are ever blocked due to the rules below. Any help is appreciated. I missed something, just don't know what.

OS: CENTOS 5.11 x86_64 xenhvm
WHM 11.48.4 (build 4)
CSF: v7.69

I have used the custom regex rules posted by Sergio in this thread:

I copied and pasted them into...

I'm intermediate with sytem-admin and have a new dedicated server with host gator. (Not a VPS)

I have a default installation of CSF, but many users are complaining that their website is down.

I am able to view the websites on my own computer (i'm probably white-listed), and using some 3rd party website-viewing services.

When i get the IP address from my clients, they are NOT in /csf/csf.deny...

Grepping is not helping me here, maybe I am searching badly.

I assume the hard coded internal list was chosen for a reason instead of the blocklist method where they are externalized by default?

I mad some changes to csf.blocklists and every few days it gets reverted back to its default. Where do I need to change either default or to stop it from being reverted.

I am getting these every minute:

Subject:

lfd on webserver.XXX.co.uk: Excessive resource usage: xxx (4879 (Parent PID:4857))

Time: Thu Sep 10 14:52:45 2015 +0100
Account: XXX
Resource: Virtual Memory Size
Exceeded: 690 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/XXX/public_html/index.php
PID: 4879 (Parent PID:4857)
Killed: No

I've done all of the methods listed here...