I currently have LFD configured for 400 Ip blocks, which is filling up fast.
I understand that once the table has reached 400, they will fall off the end.
What's a reasonable upper limit without causing too much overhead ?
I have used CSF for a number of years and never had an issue with it. All of a suden I have lost ALL access to the server. Thankfully it is running as a VPS and I can reboot it and its fine for approx 10 mins then locks again.
The ONLY way to fix this is to disable CSF and then the server is fine.
I have tried getting support but got told to ask her so I am kindly asking for some...
I keep getting blocked if I use more thna a couple options in WHM. Yet the block doesn't show in the CSF block table. maybe a temp block or something with iptables.
Basically I logged into the WHM saw CSF was off, started it and I was blocked shortly after.
So I flushed csf -f and I had access again.
But within minutes csf stopped running and I was blocked.
Hi since cPanel has upgraded, we are now using cpanel logaholic (which looks really good) we are getting Suspicious process running under user cpanellogaholic, I dont want to ignore the executable /usr/local/cpanel/3rdparty/php/53/bin/php-cgi
is there any other way to stop the warnings?
I would like to aggregate logs from multiple servers to some service like FluentD or Logstash + Kibana + Elasticsearch.
I know that CSF (LFD actually) can log everything to syslog, but there is a huge difference between information in syslog and e-mails which are sent to some mailbox. So the question is - is there a way to enable e-mail like logging to disk (where e-mail like equals all...
I'm trying to setup csf firewall on hostgator vps. I'v setup csf firewall on multiple servers before and never had an issue with it .
Unfortunately on this server each time I enable csf firewall, all traffic is beeing dropped.
e.g.
Feb 14 02:08:25 hostname kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=Macaddres SRC=UserIP DST=ServerIP LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=52420 DF...
Could someone point me in the right direction because I feel quite lost.
I have tried to search for an example or clue on this forum and Google. But I can't find a working custom regex.
I'm on a Debian server with DirectAdmin
The following is found in /var/log/proftpd/auth.log
ProFTPd 123.123.123.123 PASS (hidden) 530
Since this format is not caught by default I have tried to create a custom...
I have the following settings and have Modsecurity, CXS and CSF installed though IPs are not being blocked after 5 ModSec hits:
ModSecurity: Warning. Pattern match 200 at RESPONSE_STATUS.
ModSecurity: Warning. Pattern match 200 at RESPONSE_STATUS.
ModSecurity: Warning. Pattern match 200 at...
i have ConfigServer Security & Firewall - csf v6.43 installed on my cpanel server
iam getting too many email alerts as the most of them are like
SSH login alert for user root from XXXXXX
XXX is my ip address. can i exclude my ip adress from the watch list? so i dont recieve such emails alerts if it come from my ip, but still check other ip addresses?
Hi.
Our VPS provider has its own account on our servers with UID 0.
LFD is alerting me to a possible root compromise on this account constantly.
Is there a way to turn off the alerting for a single account?
eg tell lfd to ignore account with name VPS-provider .
I know how to turn off the system exploit checking completely but for security reasons i dont want to do that.
Hey guys,
I'm new to CSF, but I think it's amazing! I am running CSF v7.60 on CentOS 6.5 Final.
I am trying it on an asterisk PBX that is dedicated for VoIP faxing and am having some issues which I have been unable to diagnose. When the CSF is enabled, faxes fail. When I disable CSF and load a regular iptables script instead, they are flawless. I haven't been able to figure out why.
I'm running into an issue with IP's getting blocked for Port Flooding. Most specifically, Whenever I have an Iphone try and configure an email account, they will be blocked for port scanning.
Do I have something set wrong?
Any ideas on optimizing these settings to stop this behavior.
In csf ver 7.59 on CentOS 6.6 with WHM 11.46.2 (build 4), when we try to compare profile configurations by selecting protection_high as first config and /etc/csf/csf.conf (current config) as second config, it doesn't show anything! However, if we select protection_medium or protection_low, it then shows the table of comparision. Is this a bug or are we doing something wrong?!!
I just happened to notice that I am able to add the same IP as many times as I want via the Quick Deny. Checking another server, I'm not, as expected.
csf: v7.58
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum