ConfigServer Community Forum

Hello,

We have 127.0.0.1 in the ignore list and yet we are getting flooded with alert emails. We are running ASSP Deluxe which generates a lot of mail flow using that IP.

Could there be something that's keeping the ignore list from loading? Any guidance would be greatly appreciated.

Mark

Here's a sample:

Time: Wed Jun 10 14:21:18 2015 -0500
Type: LOCALHOSTRELAY, localhost - 127.0.0.1
Count:...

Hello, I've been attempting to enable the SMTPAUTH_RESTRICT option on our CPanel server.
It appears to be working for port 25, but causing authentication failure with port 587.

Following the instructions in /etc/csf/readme, When I add:
auth_advertise_hosts = ${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}

Authentication attempts via port 587 respond with this warning:...

Hey Team,

Version: ConfigServer Security & Firewall - csf v7.67

Have entered the dyndns information within csf in the /etc/csf/csf.dyndns file as required.

If I disable csf I have no issues in reaching my pbx that csf is installed on. Once I enable csf, all functions of csf work great except csf will not pass my no-ip fqdn (monkey.ddns.net) thru to my pbx server.

I seem to be at a loss in...

Hi everyone!
I'm trying to call a simple script at the block_report option at csf.
In my configuration file i'v got this:

# address block following for example a login failure. The following setting
# is to the full path of the external script which must be executable. See
# readme.txt for format details
#
# Leave this setting blank to disable
BLOCK_REPORT = /usr/local/bin/scripts/cban

#...

Hey there,

We had an issue wherein a server couldn't reach the Plesk licensing server, even with port 5224 added to the egress rules. We had RU added to the CC_DENY config which was very clearly the cause (I found the blocked range in iptables). After removing RU from CC_DENY, all worked fine.

I had even tried inserting a rule into csf.allow which created the corresponding iptables rule...

I'm getting a message lfd : Unable to retrieve blocklist HONEYPOT - Unable to download: Service Unavailable - how can I correct it?

Our server has been under repeated 'attacks' from overwhelming port flooding and syn flooding and http requests. Installed CSF last week and successfully blocked the syn attacks and was able to deny certain httpd IP addresses that caused most of the issues. All good.

This week - the attack resumed. This time it was more or less focused on httpd. And too many different IPs to effectively block....

Hi All,

I have a cPanel server with CSF installed. The problem that I am having is the firewall appears to be blocking users from accessing my website. I don't want to have to add their IP's to the whitelist each time, can anyone explain what I am doing wrong, maybe I have missed a config.

Joe

Lately I have been getting this error every day when my server reboots in the morning:

Error: The VPS iptables rule limit (numiptent) is too low (512/512) - stopping firewall to prevent iptables blocking all connections, at line 583 in /usr/sbin/csf
Most online references suggest that the solution to this problem is to get my VPS host to increase the numiptent value, which they will not do....

Hi,

I've added a user to csf.fignore file and restarted lfd, but the warnings keeps coming:
Suspicious File Alert - /dev/shm/
Time: Mon Jun 1 08:10:26 2015 +0200
File: /dev/shm/.3675c
Reason: Suspicious directory
Owner: myuser:myuser (506:507)
Action: No action taken

This line was added to csf.fignore:
user:myuser

Why does warning still keep coming for that user for directory in /dev/shm ?

Hello

The old csf.blocklist file contains wrong url of Emerging Threats - Russian Business Networks List. (and the new one doesnt contain that)
The new url is:

Bests

csaba

Hi

I am trying to disable email alerts for any blocks that occur. I have disabled as many LF_*_ALERT or similar I can find, including LF_EMAIL_ALERT = 0 . I only want to leave open SSH Logins alerts.

BUT I am still getting emails like the following, and I cannot see any config setting to disable these, can someone help?

Time: Sat Jul 19 05:57:39 2014 +0100
IP: 1.0.201.185...

Hi All,

I modified the email template usertracking.txt to include load averages. A simple cut and paste from the appropriate section of loadalert.txt. The variables aren't replaced?

I get as an email:

lfd on {snip}: Excessive processes running under user {snip}
From: root@{snip}
To: root@{snip}

Time:          Tue Mar 11 10:41:29 2014 -0500
Account:       {snip}
Process Count: 32 (Not...

Hello

1) When I turn off CSF and run this command manually everything is working fine.

iptables -t nat -A POSTROUTING -s 192.168.100.0/30 -j SNAT --to-source 5.175.xx.xx

iptables -t nat -A PREROUTING -p tcp -d 5.175.xx.xx --dport 80 -j DNAT --to-destination 192.168.100.2:80
iptables -A FORWARD -p tcp -d 192.168.100.2 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

2)When I...

Our new CloudLinux 7.1 VPS has an extra warning when running Check Server Security...

Check for dhclient: dhclient appears to be running which suggests that the server is obtaining an IP address via DHCP. This can pose a security risk. You should configure static IP addresses for all ethernet controllers

Here is our /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE= Ethernet # same as previous...

Hello,

(csf v7.69, ec2-ubuntu 14.04 86_x64)

I use ipset on my CSF. (when LF_IPSET = 0, iptables work perfect!)
I've been trying a simple disaster scenario. According to my scenario, I should block all countries except one to reduce effects of a DDOS attack.

After I set CC_DENY and CC_ALLOW parameters for an example, I checked whether it works or not. Unfortunately it didn't work.

I...

Hi,
I can't figure out why these proftpd login attempts are not blocked.

Snippet from /var/log/proftpd/proftpd.log

2015-05-18 11:56:02,688 server.xxx.xxx proftpd server.xxx.xxx (2002:706f:bfed::706f:bfed ): USER valid_user (Login failed): Incorrect password

2015-05-18 11:56:21,583 server.xxx.xxx proftpd server.xxx.xxx (112.111.191.237 ): USER oneuser: no such user found from 112.111.191.237 to...

How do you increase this?

We have thousands of email in queue from csf about this being exceeded.

I searched the php.ini options in the WHM and nothing is there for virtual and the memory is set to 1024 already so it's not that.

Hello,

I have used CSF on quite a few VPS machines. However, I am seeing this error in the lfd.log every few minutes:

*Lock Error* still active - section skipped

The error occurs for LF_DIRWATCH as well.

I have tried to increase the intervals, but the error still occurs (I did do a restart). Oddly, I use almost the same configuration on every server and I have not seen this error before. Any...

Hello,

I run CSF on Ubuntu 14. I have a crontab (root) running a script which creates a backup and then encrypts it using gpg.

The thing is, the tar file is created but gpg does not encrypt it. The error log shows :

cron : (*system*csf-cron) WRONG FILE OWNER (/etc/cron.d/csf-cron)

BUT the tar file owner is ROOT which is correct.

if i run the command directly in shell it works. Via crontb...