Hello, I am new to ConfigServer. My DirectAdmin reports many Wordpress login attacks (threshold > 50), but ConfigServer Firewall seems not to block these IP numbers. How to arrange that?
Thanks, Hans
Hi all,
I would please ask for help on this situation: in Exim queue of undelivered messages I find, often, a long list of frozen messages sent by LFD (for hack attempt to htpasswd) to recipients like this ones:
Script@
Hack@
Attempts.@
-t@
with this return path
Return-path:
The messages are frozen cause the previous mailbox are non existants on my server (this one hosting...
Recently I've reinstalled my webserver and I am running into some problems with LFD service.
When I attempt to start the service, I get this following error:
-- Unit lfd.service has begun starting up.
lfd : csf and lfd have been disabled
systemd : PID file /var/run/lfd.pid not readable (yet?) after start.
systemd : Failed to start ConfigServer Firewall & Security - lfd.
-- Subject:...
I'm receiving the following error: Executable [] invalid - when attempting to search or watch system logs through CSF in the cPanel GUI. Is there anywhere that I can look to get more information as to what's actually invalid so that I can look to rectify this?
I'm starting a new VPS and keep rebuilding it. Now my host changed some things. In the beginning cPanel/WHM 11.50 with CentOS 6 was installed and I had no troubles running csf. But recently my host changed it to CentOS 7 and now I have trouble running csf.
I don't have any trouble downloading and installing it, but it won't start and when I check for errors I get the following:
I would like to know if I can change the action of BLOCK to DROP in cpanel csf? This is due to currently there is web service outage happening once in a while in my cpanel and after cpanel support checked, they suspect that csf firewall may be the cause of problem and suggest us to change the action from Block to Drop. Below are some log records example that they found in cpanel messages...
I'm using a script with the lf_script_action trigger. In the script I'm attempting to call clamscan. I have written the script correctly as far as its functionality, and I can run it from the command prompt manually passing fake input to it and it works, but when csf runs my script the clamscan fails. I'm unable to figure out why though, and hoping for some insight from the csf side why it might...
I got a situation here: I installed a brand new server (CentOs 6.4 x64 - converted to CloudLinux) and after I installed csf firewall and it takes at least 3-5 minutes to restart. I saw that bandmin stops csf to restart very fast. In other servers this never happens and I don't know why. Also another thing is when the server reboots, it tooks a lot (~5 minutes) for bandmin to restart...
Is it possible to disable/set SMTP_ALLOWLOCAL to 1 but still allow webmail (Horde and Roundcube) usage? I have a particular account which has its wordpress constantly hacked even with auto-updates which I would like to just disable use of smtp_allowlocal altogether. It does have valid email accounts which are heavily used through their email software which eliminates many of the other options....
In csf I have this line UDP_OUT = 53,113,123,19567:19600
but I keep getting this in logs
Jul 16 23:03:52 xtest kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=x.x.x.53 DST=x.x.x.139 LEN=86 TOS=0x00 PREC=0x00 TTL=64 ID=62088 DF PROTO=UDP SPT=19567 DPT=10002 LEN=66 UID=1000 GID=1000
I installed CSF (8.01) on my new Debian 8 server. However, I am unable to start the csf service when IP6 is enabled in the csf configuration. I get the following error:
ip6tables v1.4.21: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
One of our servers has just upgraded itself to CSF v8.0 and as far as I can tell, nothing specified in /etc/csf/csf.allow is being allowed anymore.
I can see the actual rules have been created properly in the ALLOWIN chain and I can see that the ALLOWIN chain is being called from the LOCALINPUT chain, but traffic is never making it into the LOCALINPUT chain in the first place.
Sorry if this has been discussed before - I tried searching using a few different terms. However, I'm getting grief from my hosting provider about the number of emails my VPS is sending. By far, the largest amount is coming from CSF/LFD alerts.
I'm was trying to find a configuration option to send one daily email with all alerts instead of individual alerts, but I wasn't able to see anything...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum