I am getting the following email many times since a blocked hacking attempt by almost the same IP. What is the meaning of this message ? How to ride of the message ?
202.0.0.0/8 is blocked by CSF.
Sample of port hits:
Apr 16 20:08:03 server kernel: Firewall: *UDP_OUT Blocked* IN=
OUT=venet0 SRC=xxx.xx.xxx.xxx DST=202.137.3.120 LEN=73 TOS=0x00 PREC=0x00 TTL=64
ID=51303 PROTO=UDP...
Hi, I'm using Mandrill's SMTP sending method, which works OK but periodically (sometimes 1 day, sometimes 5 days) stops working. At that point if I go into the CSF configuration and simply click Change without changing anything, after it reloads CSF and LFD the mail sends again.
The error message that shows when it stops working is smtp error: could not authenticate.
I have done a look through the forum and (amazingly) didn't find anything that matched - so, I guess I used the wrong search term!
I am testing (hence the seemingly strange restrictive values) my SSH Configuration and have these settings:
LF_TRIGGER = 1 (I don't care what service you try to access)
LF_TRIGGER_PERM = 1 (permanently block)
LF_SELECT = 0 (complete block)
LF_SSHD = 1 (active)...
It appears that after an upgrade from CSF/LFD v7.58 to 7.59 (01/27/15) the System integrity check e-mail is no longer being send on one of our servers.
I've already tried to solve this by restarting the firewall and changing LF_INTEGRITY from 3600 to 0 and then back to 3600 again, but this did not fix it.
Any ideas would be appreciated!
The server is running CentOS 6.6, WHM 11.48.0 build...
This is happening on a brand new server. (I.e. which was setup recently running latest cP with mod_security and CSF + CXS setup)
I have white listed Google bot, pingdom and Cloudflare IPs in csf.allow but they keep getting blocked due to mod_security (cPanel's new mod_sec rules are messy)
See the example.
root@server # csf -g 188.138.118.144
Chain num pkts bytes target prot opt in out...
I currently have LFD configured for 400 Ip blocks, which is filling up fast.
I understand that once the table has reached 400, they will fall off the end.
What's a reasonable upper limit without causing too much overhead ?
I have used CSF for a number of years and never had an issue with it. All of a suden I have lost ALL access to the server. Thankfully it is running as a VPS and I can reboot it and its fine for approx 10 mins then locks again.
The ONLY way to fix this is to disable CSF and then the server is fine.
I have tried getting support but got told to ask her so I am kindly asking for some...
I keep getting blocked if I use more thna a couple options in WHM. Yet the block doesn't show in the CSF block table. maybe a temp block or something with iptables.
Basically I logged into the WHM saw CSF was off, started it and I was blocked shortly after.
So I flushed csf -f and I had access again.
But within minutes csf stopped running and I was blocked.
Hi since cPanel has upgraded, we are now using cpanel logaholic (which looks really good) we are getting Suspicious process running under user cpanellogaholic, I dont want to ignore the executable /usr/local/cpanel/3rdparty/php/53/bin/php-cgi
is there any other way to stop the warnings?
I would like to aggregate logs from multiple servers to some service like FluentD or Logstash + Kibana + Elasticsearch.
I know that CSF (LFD actually) can log everything to syslog, but there is a huge difference between information in syslog and e-mails which are sent to some mailbox. So the question is - is there a way to enable e-mail like logging to disk (where e-mail like equals all...
I'm trying to setup csf firewall on hostgator vps. I'v setup csf firewall on multiple servers before and never had an issue with it .
Unfortunately on this server each time I enable csf firewall, all traffic is beeing dropped.
e.g.
Feb 14 02:08:25 hostname kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=Macaddres SRC=UserIP DST=ServerIP LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=52420 DF...
Could someone point me in the right direction because I feel quite lost.
I have tried to search for an example or clue on this forum and Google. But I can't find a working custom regex.
I'm on a Debian server with DirectAdmin
The following is found in /var/log/proftpd/auth.log
ProFTPd 123.123.123.123 PASS (hidden) 530
Since this format is not caught by default I have tried to create a custom...
I have the following settings and have Modsecurity, CXS and CSF installed though IPs are not being blocked after 5 ModSec hits:
ModSecurity: Warning. Pattern match 200 at RESPONSE_STATUS.
ModSecurity: Warning. Pattern match 200 at RESPONSE_STATUS.
ModSecurity: Warning. Pattern match 200 at...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum