I've noticed that one server is getting a hammering, looks like IPs are trying POP3, IMAP, SMTP, HTTP, HTTPS and SSH etc, resulting in 5+ lines of blocks in /etc/csf/csf.deny for just one IP.
At this rate and by the amount of attacks, any blockings are for 24 to 36 hours because the oldest line is deleted to make room for the current block at the end of the file. So some IPs could return in 48...
Hi,
I just installed CSF on a cPanel server (CentOS 5.11) - TESTING mode OFF.
One of my customer are complaining about problems with pop3 connection.
I gained access through Teamviewer on his machine and I verified that, from this specific ip, it is impossibile to connect to my server (I tried with telnet on port 25, 80, 110 and so on.. I always got connection timeout issue).
I stopped csf (csf...
I just noticed that some failed smtp login attempts logged into exim_mainlog were not blocked by lfd after the limit I configured (LF_SMTPAUTH is set to 10). It works most of the time, but I don't know if there is something different with these attempts, they don't get blocked and in two days, from the same IP, more than 850 failed logins were logged.
Hi,
what is the best way to permanently bypass some ip/networks?
Ip listed in /etc/csf/csf.allow will never be rotated (as in csf.ignore after reaching DENY_IP_LIMIT)?
Thank you
Hello, im receiving this alerts and i want to know if there is a way to avoid them,
I have a vps , i do not allow ssh root login on this server, so i use a wheel user instead,
Everytime i login with my wheel user, few minutes after login I start receiving a lot of these notifications depending on the time im logged in.
--------------------------
lfd on hostname: Excessive resource usage:...
Due to a lot of distributed SMTP auth attacks I used the advanced EXIM editor as outlined in the readme.txt file for CSF/LFD. Worked like a charm, thank you!
But now Google has decided if you wish to 'send mail as' another address than the Google account's own - you have to provide Google direct SMTP access to your server.
But Google's IPs for sending SMTP is variable and ever changing so I...
I have tested my csf firewall protected server using one Windows VPS and XOIC ddos attacker application. TCP protection seems fine but for UDP flood csf does nothing.. I have attacked my website server on 22 port which is not used or allowed by UDP_IN, but even so I see huge UDP and increasing. Is it possible to enable automatic block IPs for UDP flood ?
After setting up a cluster, will the servers automatically sync any lists they already have or do they only sync new entries?
Also, with regard to the config... same question. I have set a Master and an initial slave... and communication appears to be OK. What I'm asking is do I have to do anything to have the slave sync with the master's config or will this happen by itself.
How to block referral spam completely by help of csf?
I don't need google analytics filter advise, as I have tried it and it just block the stuff showing in GA and not actually preventing the request hitting the server and chewing my resources.
I need some solid way to prevent these sites at CSF level (if exists). Thanks.
sitevaluation . org
100dollars-seo . com
trafficmonetize . org...
Not sure if this can be fixed from CSF/LFD's side or not, however, my bosses (at a major hosting provider) consider this a CSF bug since users can be blocked even when using correct passwords. Assume cPanel centOS server here.
problem: If authdaemond is busy or down, logins (even with the correct password) to the mailserver will fail, and are logged like this:
I need to sync files from the main server to a remote server with the rsync command in a scheduled job which runs frequently, however I can't sync files successfully without whitelisting another server's IP with csf on both side. I'm concerned that adding the remote server's IP address to the whitelist of the main server, will cause the security issue, if the remote server is hacked, is...
A VPS I admin recently needed to upgrade from a 2.4 series kernel to 3.12.27. It appears that csf/lfd are no longer working to do any iptables firewall filtering. When I try to add an address with csf -d, I get this error:
# csf -d xxx.xxx.xxx.xxx
Adding xxx.xxx.xxx.xxx to csf.deny and iptables DROP...
iptables v1.4.21: Couldn't load target `LOGDROPIN':No such file or directory
I have a CentOS 6.6 server, running OpenVZ with two nodes. The nodes are typical web servers, and my intention is to have inbound and outbound HTTP, HTTPS, and SSH open. To make this work, I've created a file under /etc/csf/csfpre.sh:
iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT...
Only just noticed that CSF is blocking my FTP i use (FileZilla) And also a new program im looking to use (SyncBack). I can only login through FTP if CSF is disabled.
I've put my needed rules in csfpost.sh, used the full path to /sbin/iptables-restore in my case, and I can verify that my rules are in place after I start `csf -r`
` iptables -t nat -L -v -n` tells me they are in.
my rules are:
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.3.5:80
-A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE
I have a small VPS that I run and am always looking at things I can do to make my system more secure as well as increase performance with my limited resources, two things that sometimes conflict. After a discussion the other day with a friend about blocklists, number of iptables rules and performance, I was curious about the number of IPs in the blocklists and decided to do a little analysis....
Hello, I am using a PHP application that sends emails by going through SMTP. The port it goes through to sends emails is 587. I tried to send a test email but no luck. I contacted CPanel about this and they checked csf.conf and saw that it was whitelisted in both TCP_OUT and TCP_IN. They then stopped CSF and testing sending an email and it worked perfectly. They turned CSF back on and then came...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum