ConfigServer Community Forum

I've discovered that some email notifications fail on Plesk servers:

e.g.
When running the command csf --logrun the email is never sent out. LFD reports that the email was sent successfully (with debug on) but I see this in the mail logs:

Apr 12 09:16:40 web1 plesk sendmail : handlers_stderr: SKIP
Apr 12 09:16:40 web1 plesk sendmail : _mh_fork(): Error occured during waiting the child process...

Hi,

Running Centos 7.1 on my VPS with firewalld disabled and iptables installed. CSF has been working without incident for 5 months until today when an update was available today which I installed.

When trying to restart csf/lfd it freezes at the line below. Although CSF states it is running it is not effective after several tests I did.

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing...

Unsure when it exactly started but we have disabled the login failure email alerts as such:

LF_EMAIL_ALERT = 0

However, we since started receiving login failure alerts for various services (FTPD, SMTP, etc). Again, not sure when it started up again, though believe it was within the last month or so.

Any assistance is appreciated.

I am getting the following error, in CSF, under WHM:

Unable to connect to download configserver com, retry in 135 seconds. An Upgrade button will appear here if new version is detected

I have never had an issue, with CSF, until today. I checked my server and can ping download configserver com. There doesn't seem to be any issues with my server (no DNS or connectivity issues found). Could my IP...

We have a couple of servers being regularly attached by a single Russian IP address - I've added it to the block list but 24 hours later it's removed (presumably by the 100 IP limit?) - is there a way to permanently permanently block an IP address?

Cheers

Hi there,

In csf.conf, I have SMTP_BLOCK set to 1.

I have SMTP_PORTS set to 25,465.

Allowed users include the user that runs the PHP script.

Using WHMCS, I set up amazon SES for sending emails over port 587.

When I send an email, the first email goes through but after that, every other email times out. If I restart CSF, I can get 1 email through again, but then the rest time out.

Any...

Hi All,

I'm running into a strange issue where CSF is throttling or blocking Infinite WP (A wordpress plugin/theme manager).

IWP uses ajax requests to check on plugin status as well as updates them.

When I watch the access_log for apache, I see a lot of AJAX requests.

If I have CSF on, most of them time out, usually 2/22 get through.

However, if I turn off CSF, they all go through, and...

Hello

from 2 days ago all my websites on the server goes down , I've disabled CSF and its up again

when i enable CSF port 80 got closed when i disable it port 80 is open

I've checked TCP in out port 80 is included

what is the problem ?

I just wonder if there is a way to ensure that csf is enabled at server startup. I am asking this because I noticed today that when my server, due to a scheduled restart, was restarted, lfd did not start and it remained so until several hours later when I came to knwo about the problem after I checked my mails and had to restart csf manually.

I found this in /var/log/lfd.log

Mar 10 03:50:35...

Hello,

When I visit my website from my cellphone through my routers wifi I can access my site without a problem.

However, when I switch off the wifi on my phone and access my site from the phone I can not access, csf blocks me. After doing a lfd and csf restart I can access without a problem.

When I switch wifi back on I can continue to browse my site. I switch wifi off again and same problem...

HI,

what is distributed SMTP Logins on account ??

there is many entries in CSF firewall dely list like

31.128.187.117 # lfd: 31.128.187.117 (UA/Ukraine/214-187-117.shostka.uacity.net), 5 distributed SMTP Logins on account in the last 300 secs - Thu Nov 14 16:14:43 2013
77.121.93.203 # lfd: 77.121.93.203 (UA/Ukraine/77-121-93-203.dynamic.kits.zp.ua), 5 distributed SMTP Logins on account in...

I'm currently having a huge amount of port tracking hit on one server : Sample Hit message :

Sample of port hits:
Aug 12 08:12:49 web17 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth3 SRC=174.142.183.40 DST=69.46.36.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19088 DF PROTO=TCP SPT=50260 DPT=9050 WINDOW=14600 RES=0x00 SYN URGP=0 UID=568 GID=565 Aug 12 08:12:51 web17 kernel: Firewall: *TCP_OUT...

Hello,

I am getting the following email many times since a blocked hacking attempt by almost the same IP. What is the meaning of this message ? How to ride of the message ?

202.0.0.0/8 is blocked by CSF.

Sample of port hits:
Apr 16 20:08:03 server kernel: Firewall: *UDP_OUT Blocked* IN=
OUT=venet0 SRC=xxx.xx.xxx.xxx DST=202.137.3.120 LEN=73 TOS=0x00 PREC=0x00 TTL=64
ID=51303 PROTO=UDP...

Hello,

What is this all about? We receive this when our clients install a new San Andreas server

We receice this email:

Sample of port hits:
Sep 29 11:03:10 server1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.176.*.* DST=83.103.133.168 LEN=117 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=7777 DPT=52209 LEN=97 UID=32043 GID=32044
Sep 29 11:03:12 server1 kernel: Firewall: *UDP_OUT...

Hi, I'm using Mandrill's SMTP sending method, which works OK but periodically (sometimes 1 day, sometimes 5 days) stops working. At that point if I go into the CSF configuration and simply click Change without changing anything, after it reloads CSF and LFD the mail sends again.

The error message that shows when it stops working is smtp error: could not authenticate.

The SMTP is set to send...

I have done a look through the forum and (amazingly) didn't find anything that matched - so, I guess I used the wrong search term!

I am testing (hence the seemingly strange restrictive values) my SSH Configuration and have these settings:

LF_TRIGGER = 1 (I don't care what service you try to access)
LF_TRIGGER_PERM = 1 (permanently block)
LF_SELECT = 0 (complete block)
LF_SSHD = 1 (active)...

What does this mean?

Excessive resource usage: lotusm (549 (Parent PID:23184))

Time: Fri Nov 15 10:09:15 2013 -0800
Account: lotusm
Resource: Process Time
Exceeded: 3261 > 1800 (seconds)
Executable: /usr/local/cpanel/3rdparty/perl/514/bin/perl
Command Line: spamd child
PID: 549 (Parent PID:23184)
Killed: No

Hi,

It appears that after an upgrade from CSF/LFD v7.58 to 7.59 (01/27/15) the System integrity check e-mail is no longer being send on one of our servers.

I've already tried to solve this by restarting the firewall and changing LF_INTEGRITY from 3600 to 0 and then back to 3600 again, but this did not fix it.

Any ideas would be appreciated!

The server is running CentOS 6.6, WHM 11.48.0 build...

Hello,

This is happening on a brand new server. (I.e. which was setup recently running latest cP with mod_security and CSF + CXS setup)

I have white listed Google bot, pingdom and Cloudflare IPs in csf.allow but they keep getting blocked due to mod_security (cPanel's new mod_sec rules are messy)

See the example.
root@server # csf -g 188.138.118.144
Chain num pkts bytes target prot opt in out...

Hi @ all,

how can I enable full access to a IP address? With full access I mean on any port range TCP and UDP, without having to add this port to the TCP_IN.

I've tried it with csf.allow but looks like it's not opening all ports.

Thank you very much in advance.

Regards
Andreas