ConfigServer Community Forum

I am getting a lots of alerts like below

Executable:

/usr/bin/php

Command Line (often faked in exploits):

/usr/bin/php /home/username/public_html/wp-admin/admin-ajax.php

I do not want to get this kind of alerts therefore I have added following in my csf.pignore list

cmd:/usr/bin/php /home/*/public_html/wp-admin/admin-ajax.php

and restarted csf and lfd but still I am getting alerts....

Hello,

i want to ask for advice on which CSF setting i need to modiffy to decrease IP blocking on valid IPs on FTP port.

These are entries from /var/log/messages where VALID IP was found:

May 23 02:28:00 host1 pure-ftpd: (?@VALID_IP_HERE) New connection from VALID_IP_HERE
May 23 02:28:00 host1 pure-ftpd: (?@VALID_IP_HERE) jqyrglxg is now logged in
May 23 02:28:01 host1 kernel: Firewall:...

I doubt AIM notification is functioning in WHM (I didn't test this feature fully anyway) but ICQ notification is still working as on 30 Jun 2015.

This article shows you how ICQ notification can be turned on and tested if you are using cPanel/WHM with ConfigServer Security & Firewall installed.

First, let's prepare for testing. You need this later.

TESTING SETUP
==================
1) WHM >>...

I have a client who's IP address has been blacklisted. This in turn has stopped them from being able to access my server as I am using a number of the lfd blocklists. While my client works out, getting themselves de-listed I am trying to whitelist their IP address through configserver. I have added their IP address to both the quick allow and quick ignore tables and have confirmed that their IP...

Hi Jonathan,
my server since the last update is reporting errors like the following:

abrt_version: 2.0.8
cmdline: /usr/bin/host -W 5 42.114.204.26
executable: /usr/bin/host
kernel: 2.6.32-531.23.3.lve1.2.66.el6.x86_64
last_occurrence: 1439221045
pid: 323229
pwd: /etc/csf
time: ***
uid: ***
username: ***

Any idea why /usr/bin/host searching for that IP is giving the ABRT in CSF?

Sergio

I cannot get to the settings of dshield and spamhaus, I have revised the whole settings but these are gone I remember they were under global lists/dyndns/blcoklists but I have no option. I tried adding the médium level and also I get this:

Enable IP range blocking using the DShield Block List 0 86400 86400
Enable IP range blocking using the Spamhaus DROP List 0 86400 86400

Under current I get...

Hi,

I ran into 2 issues with CSF that may have been from a recent update. I have these 2 errors whenever I restart CSF;

*WARNING* Binary location for in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Binary location for in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will...

Hi i seem to be having an issue with CSF where by when its enabled everything is blocked on my cpanel server unless the IP has been whitelisted.

I am on CPanel Centos OS6.6 WHM 11.50.0 (build 29). Now before the CSF 8.02 was release and CSF 8.03 it has been working on my VPS server quite well.

I have done a complete uninstall and reinstall of CSF and the issue is still present even the VPS...

hello
i am using csf firewall on my server
when csf is enable , in webmaster tools when i try to fetch as google the google bot can open css or image
this is error :

and if i disable csf
i see complate fetch and problem fixed.
please note :
i have not any deny ip in my list

how to can fix it?

Does CSF support the x-forwarded-for header? Currently csf blocks our load balancers that are served from a dynamic pool of servers. Is there a way to enable support for this header or a change to the firwall configuration that would allow us to use csf on a load balancers with dynamic IPs?

Holah

I have a problem, i got a new OpenVZ VPS box and installed cPanel with CentOS 7 ..

When testing csf i get the following error .

Testing iptables...

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...FAILED - Required for csf to function
Testing ipt_limit/xt_limit...OK
Testing...

Hello, I am new to ConfigServer. My DirectAdmin reports many Wordpress login attacks (threshold > 50), but ConfigServer Firewall seems not to block these IP numbers. How to arrange that?
Thanks, Hans

Hi all,
I would please ask for help on this situation: in Exim queue of undelivered messages I find, often, a long list of frozen messages sent by LFD (for hack attempt to htpasswd) to recipients like this ones:

Script@
Hack@
Attempts.@
-t@

with this return path

Return-path:

The messages are frozen cause the previous mailbox are non existants on my server (this one hosting...

Hello,

Recently I've reinstalled my webserver and I am running into some problems with LFD service.
When I attempt to start the service, I get this following error:

-- Unit lfd.service has begun starting up.
lfd : csf and lfd have been disabled
systemd : PID file /var/run/lfd.pid not readable (yet?) after start.
systemd : Failed to start ConfigServer Firewall & Security - lfd.
-- Subject:...

Hi,

I'm receiving the following error: Executable [] invalid - when attempting to search or watch system logs through CSF in the cPanel GUI. Is there anywhere that I can look to get more information as to what's actually invalid so that I can look to rectify this?

Running csf v8.03 on CentOS 6
Cheers

Hi,

I'm starting a new VPS and keep rebuilding it. Now my host changed some things. In the beginning cPanel/WHM 11.50 with CentOS 6 was installed and I had no troubles running csf. But recently my host changed it to CentOS 7 and now I have trouble running csf.

I don't have any trouble downloading and installing it, but it won't start and when I check for errors I get the following:

Can't...

How do we turn OFF the empty log notification reports?

To: root@
Subject: lfd on : Log Scanner Report for 10:00, (lines:0)

...No log lines to report...

I get these every hour or so, can this email be disabled somehow when lines=0

Earlier today, I started getting a large number of emails about blocked distributed smtpauth attacks on my email account.

I was unable to authenticate and my IP ended up being blocked too, even though I was using the correct password.

I've implemented SMTPAUTH_RESTRICT as per the instructions in the CSF readme.txt, and also set CC_ALLOW_SMTPAUTH to only allow connections from GB.

Rather than...

Hi,

I would like to know if I can change the action of BLOCK to DROP in cpanel csf? This is due to currently there is web service outage happening once in a while in my cpanel and after cpanel support checked, they suspect that csf firewall may be the cause of problem and suggest us to change the action from Block to Drop. Below are some log records example that they found in cpanel messages...

I'm using a script with the lf_script_action trigger. In the script I'm attempting to call clamscan. I have written the script correctly as far as its functionality, and I can run it from the command prompt manually passing fake input to it and it works, but when csf runs my script the clamscan fails. I'm unable to figure out why though, and hoping for some insight from the csf side why it might...