I purchased and installed CSF and now I am facing issue with my ftp connection, FTP gets connected but files do not get uploaded and show no progress, says 0%. I turned off firewall and its now working.
I am getting a lot of alerts of individual IPs that are being blocked even though I have a CIDR block setup to deny the block that would included the IP that is being blocked. I love Configserver and like that it is mostly working, but all the individual blocks are making me increase my Deny limit. This has been happening for several months now and I am running the latest version. Any...
I am trying to be passed for pci compliance by trustwave.
I set:
IGNORE_ALLOW = 0 and add their IP(s) to csf.ignore
But they are being blocked. Explanation from them is so:
Desc:
During the course of the scan, TrustKeeper detected an unidentified protocol on common web ports. In some cases, this may be caused by network security devices actively blocking the vulnerability scan, which it may...
Hi, i run centos7.1 with csf firewall + directadmin and try unblock one ipv6 address and not success
first i enable Requires ip6tables and then i did it:
$ csf -a 2001:0503:ff39:1000:0000:0000:0000:0074 test
Adding 2001:0503:ff39:1000:0000:0000:0000:0074 to csf.allow and iptables ACCEPT...
ACCEPT all opt in !lo out * 2001:503:ff39:1000::74 -> ::/0
ACCEPT all opt in * out !lo ::/0 ->...
With the updated version 6 of CSF I can no longer use Country Codes to block. I used to block CN,RU and I do not want anything to do with these countries at all. All I ever get is a constant barrage of attacks a day by the hundreds. Now I need to add the Middle East and North Korea. any time I use a country code in the CC_DENY = Box I get an error if FASTSTART = is set to (true) 1. I can load...
Recently been hit by a distributed attack from many geo location on SMTP, system, FTP etc.
I tried and liked CC_ALLOW_FILTER = and added my country there and it was great, but little later realize that this block everyone (great) on all ports (including port:80).
Wondering if there is any way to block all ports except 80 from everywhere except my country?
I've googled this a bit, but am not having any luck. Part of our perl libraries seems to be corrupted, and I have tried to --force to reinstall, but I am not sure which exact modules or command I should run to get this back up.
It is on a cpanel ( WHM 11.48.4 (build 4) ) /CentOS system, and when I try to reinstall csf, I get this:
Checking Perl modules...mode of `os.pl' retained as 0700...
I've noticed that one server is getting a hammering, looks like IPs are trying POP3, IMAP, SMTP, HTTP, HTTPS and SSH etc, resulting in 5+ lines of blocks in /etc/csf/csf.deny for just one IP.
At this rate and by the amount of attacks, any blockings are for 24 to 36 hours because the oldest line is deleted to make room for the current block at the end of the file. So some IPs could return in 48...
Hi,
I just installed CSF on a cPanel server (CentOS 5.11) - TESTING mode OFF.
One of my customer are complaining about problems with pop3 connection.
I gained access through Teamviewer on his machine and I verified that, from this specific ip, it is impossibile to connect to my server (I tried with telnet on port 25, 80, 110 and so on.. I always got connection timeout issue).
I stopped csf (csf...
I just noticed that some failed smtp login attempts logged into exim_mainlog were not blocked by lfd after the limit I configured (LF_SMTPAUTH is set to 10). It works most of the time, but I don't know if there is something different with these attempts, they don't get blocked and in two days, from the same IP, more than 850 failed logins were logged.
Hi,
what is the best way to permanently bypass some ip/networks?
Ip listed in /etc/csf/csf.allow will never be rotated (as in csf.ignore after reaching DENY_IP_LIMIT)?
Thank you
Hello, im receiving this alerts and i want to know if there is a way to avoid them,
I have a vps , i do not allow ssh root login on this server, so i use a wheel user instead,
Everytime i login with my wheel user, few minutes after login I start receiving a lot of these notifications depending on the time im logged in.
--------------------------
lfd on hostname: Excessive resource usage:...
Due to a lot of distributed SMTP auth attacks I used the advanced EXIM editor as outlined in the readme.txt file for CSF/LFD. Worked like a charm, thank you!
But now Google has decided if you wish to 'send mail as' another address than the Google account's own - you have to provide Google direct SMTP access to your server.
But Google's IPs for sending SMTP is variable and ever changing so I...
I have tested my csf firewall protected server using one Windows VPS and XOIC ddos attacker application. TCP protection seems fine but for UDP flood csf does nothing.. I have attacked my website server on 22 port which is not used or allowed by UDP_IN, but even so I see huge UDP and increasing. Is it possible to enable automatic block IPs for UDP flood ?
After setting up a cluster, will the servers automatically sync any lists they already have or do they only sync new entries?
Also, with regard to the config... same question. I have set a Master and an initial slave... and communication appears to be OK. What I'm asking is do I have to do anything to have the slave sync with the master's config or will this happen by itself.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum