Ok I have posted this before and still no luck. Any help would be great. Anyway I only deal with about 7 countries and like to block all others. So when I use either CC_Allow or CC_ALLOW_FILTER with these settings CA,CH,CN,DE,GB,TW,UM,US, the issue begins to arise in my main log. I'm getting some errors now and would like some help to get them resolved or a place to look and see how to get them...
The readme.txt file states:
To take advantage of kernel logging of iptables dropped connections you should
ensure that kernel logging daemon (klogd) is enabled. Typically, VPS servers
have this disabled and you should check /etc/init.d/syslog and make sure that
any klogd lines are not commented out. If you change the file, remember to
restart syslog.
I just installed a brand new DA server w/CentOS 6.5. There are no domains on this account yet the mainlog file is flooding with errors. I'm not sure why. I have no experience with CSF as previously I used APF & BFD.
Exactly where do you set the temporary ban duration? My temporary blocks are lasting only 60 seconds and I can't seem to find the place in the configuration to make it longer. I'm getting hit with excessive SMPTAUTH failures, and although my LF_SMTPAUTH setting is 5, the bans only last a minute and then the game continues...
I'm having a bit of an issue. I have setup a KVM VPS on my CentOS 6.5 which has routed networking.
I have a DNAT rule in csfpre file which as traffic comes in (PREROUTING), the external IP is changed to the local IP. As the traffic traverses the iptables chain, it seems to be dropped (not rejected) somewhere in the FILTER FORWARD table. This is not being logged in /var/log/messages.
Background:
I like the way that CSF warns (via email) about Excessive resource usage
I have learned to use the csf.pignore file to ingnore a process that I know is resource intensive.
For example, in csf.pignore I added cmd:spamd child and no longer get warnings about spam assasin running.
Problem:
Every night when my daily backups run I get many email alerts about...
Hello to everyone !
Is it possible to use CSF to allow access to a port only from a certain IPs ?
It seems to be a simple question - but I did not find an answer yet.
Let's say I have SMTP on 110 port.
I want to allow access only from external IP 68.192.172.14 and 85.5.39.156 (what means only these 2 IPs are allowed to send emails)
All other Ips must be blocked by default.
We use CSF since three years and never had any problems. Great script!
Since about 48 hours, though, there is a problem with CSF running on Linux VPS servers (both, with node running 5.x and 6.5 of CentOS, and the VPS themselves running 6.5). This seems independent of the control panel installed in the VPS -- I see it in case of DirectAdmin as well as cPanel.
I've got a server with multiple public-facing IPs, and I'd like certain services to only be bound on certain IPs. Services like SSH and FTP can simply be configured to only bind to a single interface, but I've got a couple stubborn ones that insist on binding to them all.
What I'm basically looking for is something like the TCP_IN option, but address-specific. For example, connections to...
I'm using a subset of the OWASP ruleset, and I'm still getting lots of false positives. Almost every time that happens, the IP responsible gets a permanent block in iptables, which I think is a little strict even if they were trying to attack the server.
I've tried Googling around a bit, and I can't find a way to make bans temporary. I think a block of 5~30 minutes would be reasonable.
If the server has a high load level, I get a nice little email that contains a snapshot of the running processes, vmstat and a dump of the server-status page.
The problem here is that our server-status page is behind a http password protection so all I ever see in the report is:
Unable to retrieve Apache Server Status - Unable to download: 401 - Authorization Required
i alreandy tryed everyting as in the doc. to ignore this process but I still become around 100 email notifications with this. Could you helpe me how I can ignore this on the csf.pignore, Process Tracking? And could this process be a virus? I opned the file session_mm_cgi-fcgi501.sem and is empty :s. Thanks in advance for any help
I really love the solution you are providing, but there is one function that we are missing.
Is it possible to make a ip block on the SSH service (port).
What I mean is to make a config file with some IP adresses, when somebody connects to SSH it will check the config file or the IP is allowed to connect to SSH.
Can anyone explain exactly what situations cause this message? Has the CRON process been killed or not? What should I do in response to this message? I am not familiar with Linux.
Remote server: Centos with CPanel and WHM
Local email client: Thunderbird on Windows 8
I deleted many small parts of the message because your forum software complains that there are URLs in it when there are no URLs...
At my server If an user try to 10 times wrong password, my server banning the user's ip address. After that i should remove the ban by manually. Otherwise they cannot use their email address.
But if I want to set a bantime on my server, is that possible or not or how can i do it ?
May 28 11:28:32 moodle2 lfd : daemon started on moodle2 - csf v7.03 (generic)
May 28 11:28:32 moodle2 lfd : CSF Tracking...
May 28 11:28:32 moodle2 lfd : IPv6 Enabled...
May 28 11:28:32 moodle2 lfd : LOAD Tracking...
May 28 11:28:32 moodle2 lfd : csf Integrated UI running up on port 6666...
May 28 11:28:32 moodle2 lfd : Country Code Filters...
May 28 11:28:32...
May 26 03:12:43 host pure-ftpd: (?@66.249.64.165) Authentication failed for user
May 26 03:12:25 host pure-ftpd: (?@66.249.64.134) Authentication failed for user
May 26 03:14:00 host pure-ftpd: (?@66.249.64.216)...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum