When SMTP_BLOCK = 0, but SMTP_ALLOWLOCAL = 1, attempts to connect to a port on the SMTP_PORTS list by a user not in SMTP_ALLOWUSER are actually redirected to loopback device.
I'd suggest that either SMTP_ALLOWLOCAL = 1 be ignored when SMTP_BLOCK = 0, or that the description of SMTP_ALLOWLOCAL be clarified. The description presently reads enable this option to allow outgoing SMTP connections to...
Is someone can explain me does it mean and what should i do?
This IP from RU did this several times on the server on a website with a WP install.
i am relatively new with csf and server administration
Any help will be much appreciate !
thx
JC
Recently I have been receiving hundreds of e-mails per day for failed SMTP authentications.
These are from many countries including Serbia, Russia, Taiwan, Vietnam, Libya and many more.
The site is running cPanel and the sites on the server send out e-mail, but any mail clients are set to send out e-mails via our own ISP (rather than via the server).
I have a question about the operation of the system CSF firewall vs.cPanel's IP Deny Manager.
Say we host 30 domains, and say that two of the domains we host are getting hammered by a single IP - 221.231.103.199
That IP is part of a /24 originating in China.
Now the owners of the domains can go into cPanel IP Deny Manager and add 221.231.103.0/24 in order to block all ip addresses in the /24...
We have CSF and Cpanel and have been using it with good results for years now.
We have a new issue our datacenter is giving us a hard time about (and we understand it). We have a CMS installation that is attempting to exploit remote wordpress installs by brute forcing. The offended servers are complaining to our datacenter (understandably so) and of course our datacenter wants this to...
I have configured the following setting in CSF/LFD:
# Enable login failure detection of DirectAdmin connections
# This option also detects login failures on DA for Roundcube, SquirrelMail and
# phpMyAdmin if installed and logging enabled via CustomBuild v2+
#
# If you do not want to scan for one or more of DIRECTADMIN_LOG_*, simply set
# the respective option to
LF_DIRECTADMIN = 5...
Just a quick note here; I noticed that while LFD was blocking some pure-ftpd bruteforce attempts, there were still times when my server was getting hammered repeatedly. Pure-ftpd logs in /var/log/messages, and the bruteforce attempts that were not being blocked looked like:
Apr 13 23:41:32 brightstar pure-ftpd: (?@84-241-32-107.shatel.ir) New connection from 84-241-32-107.shatel.ir
Bit of a noob question, each time i log into vps, i get a root login notification email, it gets quite annoying and fills my inbox, i would like to basically allow my IP so that it will not cause this root login notification if its from my IP address, of course any other IP address will give a notification.
Hi, I was just wondering if when I ban an IP, does it just get banned from being able to log into our WHM or does it ban them globally from the server, including all domains and WHM.
I am using some blocklists from several weeks ago, and now I wanted to test OpenBL. I have uncommented the line in order to use it: Here you have my csf.blocklists lines:
# OpenBL.org 30 day List
# Details:
OPENBL|86400|0|
First of all, I don't see any new file at /var/lib/csf location, such as csf.block.OPENBL or something similar. So I suppose it is not blocking based in that list....
We've been informed that this is an OVH server. We have had several reports in the last few days of customers and csf users with OVH servers unable to connect. One csf user reported that he discovered it was OVH's permanent mitigation feature. Since we are not familiar with this or how it is configured, I'm afraid we can't really help, and can only suggest that you follow up with OVH.
CSF/LFD updated automatically on my Debian 8.0 Jessie servers last night and now I am unable to start LFD and CSF is no longer working as well (iptables shows no rules anymore, tried csf -r ). The CSF/LFD Update was from 7.66 (which worked great!) to 7.67. Here is the error that I received when the update was running:
Restarting csf and lfd...
Flushing chain `INPUT'
Flushing chain...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum