ConfigServer Community Forum

I have a handful of clients that keep getting blocked by the firewall on my server ( ConfigServer Security & Firewall - csf v7.68 ):

May 7 13:58:08 secure lfd : *Port Scan* detected from xxx.xxx.xxx.xxx (US/United States/...). 11 hits in the last 130 seconds - *Blocked in csf* for 3600 secs

The one thing that they all have in common is ` OS X Yosemite ` - as soon as they upgraded their OS,...

I ran an EasyApache re-compile of Apache and a CentOS Yum update and since I can't seem to get lfd to start...
I reinstalled CFS from scratch following the guidelines, but after lfd starts it stops straight away... I can see the following in the error logs...

root@host # tail -f /var/log/lfd.log
Aug 30 20:56:37 host lfd : Email Relay Tracking...
Aug 30 20:56:37 host lfd : System Statistics......

The ARF abuse emails are no longer including the Abusix abuse contact information as of yesterday in v8.04. This is occurring on all servers. Did something change? Command-line queries do work: host -t TXT 238.16.169.83.abuse-contacts.abusix.org

Thanks.

iptables: Setting chains to policy ACCEPT: mangle nat filte
iptables: Flushing firewall rules:
iptables: Unloading modules:
root@host # csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `POSTROUTING'
Flushing chain `OUTPUT'
open3: exec of /sbin/ifconfig failed at /usr/sbin/csf line 2783.

Getting this: open3: exec of...

Good day, been quite some time since I have had to post and so long, I know my username, but every email I tried, did not work...and no way to retrieve it.

This is just one thing I have problem-issue-question about?

1) new VPS WHM latest and CentOS 6x64 and I have created a single new account.

2) I had been getting hack attempts shown in WHM in other WHM reports, even though I added the...

I've read previously here where numiptent limits have been blamed for FASTSTART failures when blocklists are downloaded/added

*Error* FASTSTART: (Blocklist IPv4)

except my openvz contain has no limit on numiptent - what else can I check ?

numiptent 18036 18036 9223372036854775807 (third number is barrier/limit)

CT | HELD Bar% Lim%| MAXH Bar% Lim%| BAR | LIM | FAIL...

Hi,

I use a wordpress website with the plugin Visitor Maps. The plugin points out the visitors IPs and which webpage they accessed. It is also listing exploit scanners that are looking for certain files inside the website directories, for instance:

/wp-content/themes/(theme-name)/(subfoldername)/css/loading.gif
/wp-content/plugins/newsletters-lite/css/jquery-countdown.css

There is no...

I've been messing around with so many configs the past 24hours without success, i'm being attacked by SYN flood and the attacker still does damage, legitimate traffic doesn't get through.
The problem is only with initializing new connections, if someone succesfully connects to my server he doesn't suffer from any delays or so.
Here is my csf.conf:
-- deleted link --

Here are the few last lines...

Hello, I am running ubuntu server 14.04 LTS and have checked that:

ipset is supported in the kernel: Yes.

that the correct path is enbled to ipset: yes

I have enabled it in csf.conf with country lists such as, for testing: uk, ru, hk

However, when restart with csf -e and view the ensuing output, I see:

Try `iptables -h' or 'iptables --help' for more information.
csf: IPSET creating set cc_...

First off, Chirpy, I want to thank you for your products. I've been using them for years, including your server hardening services. I love you!

A clients PHP script is trying to access maps.googleapis.com, which currently resolves to
216.58.218.170 (of course this resolves to other IPs based on DNS round robin)

The IP is blocked due to too many temp blocks.

IP: 216.58.218.170 (US/United...

I am getting a lots of alerts like below

Executable:

/usr/bin/php

Command Line (often faked in exploits):

/usr/bin/php /home/username/public_html/wp-admin/admin-ajax.php

I do not want to get this kind of alerts therefore I have added following in my csf.pignore list

cmd:/usr/bin/php /home/*/public_html/wp-admin/admin-ajax.php

and restarted csf and lfd but still I am getting alerts....

Hello,

i want to ask for advice on which CSF setting i need to modiffy to decrease IP blocking on valid IPs on FTP port.

These are entries from /var/log/messages where VALID IP was found:

May 23 02:28:00 host1 pure-ftpd: (?@VALID_IP_HERE) New connection from VALID_IP_HERE
May 23 02:28:00 host1 pure-ftpd: (?@VALID_IP_HERE) jqyrglxg is now logged in
May 23 02:28:01 host1 kernel: Firewall:...

I doubt AIM notification is functioning in WHM (I didn't test this feature fully anyway) but ICQ notification is still working as on 30 Jun 2015.

This article shows you how ICQ notification can be turned on and tested if you are using cPanel/WHM with ConfigServer Security & Firewall installed.

First, let's prepare for testing. You need this later.

TESTING SETUP
==================
1) WHM >>...

I have a client who's IP address has been blacklisted. This in turn has stopped them from being able to access my server as I am using a number of the lfd blocklists. While my client works out, getting themselves de-listed I am trying to whitelist their IP address through configserver. I have added their IP address to both the quick allow and quick ignore tables and have confirmed that their IP...

Hi Jonathan,
my server since the last update is reporting errors like the following:

abrt_version: 2.0.8
cmdline: /usr/bin/host -W 5 42.114.204.26
executable: /usr/bin/host
kernel: 2.6.32-531.23.3.lve1.2.66.el6.x86_64
last_occurrence: 1439221045
pid: 323229
pwd: /etc/csf
time: ***
uid: ***
username: ***

Any idea why /usr/bin/host searching for that IP is giving the ABRT in CSF?

Sergio

I cannot get to the settings of dshield and spamhaus, I have revised the whole settings but these are gone I remember they were under global lists/dyndns/blcoklists but I have no option. I tried adding the médium level and also I get this:

Enable IP range blocking using the DShield Block List 0 86400 86400
Enable IP range blocking using the Spamhaus DROP List 0 86400 86400

Under current I get...

Hi,

I ran into 2 issues with CSF that may have been from a recent update. I have these 2 errors whenever I restart CSF;

*WARNING* Binary location for in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Binary location for in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will...

Hi i seem to be having an issue with CSF where by when its enabled everything is blocked on my cpanel server unless the IP has been whitelisted.

I am on CPanel Centos OS6.6 WHM 11.50.0 (build 29). Now before the CSF 8.02 was release and CSF 8.03 it has been working on my VPS server quite well.

I have done a complete uninstall and reinstall of CSF and the issue is still present even the VPS...

hello
i am using csf firewall on my server
when csf is enable , in webmaster tools when i try to fetch as google the google bot can open css or image
this is error :

and if i disable csf
i see complate fetch and problem fixed.
please note :
i have not any deny ip in my list

how to can fix it?

Does CSF support the x-forwarded-for header? Currently csf blocks our load balancers that are served from a dynamic pool of servers. Is there a way to enable support for this header or a change to the firwall configuration that would allow us to use csf on a load balancers with dynamic IPs?