ConfigServer Community Forum

So I'm sure that's exactly what's happening. My question is can the users see the impact of this. I have a fair sized server but with one major website that probably should be on it's own server. They are selling videos - not streaming - just video downloads.

I get these messages all the time:

Time: Wed Nov 26 08:56:47 2014 -0500
Account: llpubco
Resource: Process Time
Exceeded: 5423 > 1800...

I have explicitly allowed an IP in /etc/csf/csf.{allow,ignore}. I understand allowing in /etc/csf/csf.allow will allow the IP to reach all ports on the server, while /etc/csf/csf.ignore should prevent LFD from blocking the IP. Upon client's request due to a lot of attempted accesses on server we have Country Code blocking enabling only a few local countries and an exception or so for developers....

Hi Folks,

I have a WHM server running CSF that has an intermittent DNS problem.

Here are the symptoms.

..............
ping dns1.xxxxxx.com -t

Request timed out.
Request timed out.
Request timed out.
Reply from xxx.xxx.xxx.xxx: bytes=32 time=15ms TTL=57
Reply from xxx.xxx.xxx.xxx: bytes=32 time=16ms TTL=57
Request timed out.
Request timed out.
Request timed out.
Reply from xxx.xxx.xxx.xxx:...

Hello,
I run CSF/LFD on several cPanel servers. I'm very happy with it and LFD always emails me whenever an IP tries too many logins and triggers a temporary block.

I was asking myself (and now asking you guys :) ) if there's a way to make CSF/LFD also run a script when it blocks an IP, so I can collect blocked IPs in a database for further analysis.

I read the docs but I can't find a clue...

Has anybody started to recently get Excessive processes and Suspicious process message from LFD regarding the prelinking of /lib64/libfreebl3.so?

These appear to be running under normal user accounts, i.e.:

lfd on host: Excessive processes running under user user1

User:user1 PID:10116 PPID:10099 Run Time:7(secs) Memory:1832(kb) exe:/usr/sbin/prelink cmd:/usr/sbin/prelink -u -o -...

I want know about CSF messenger service. what it is and how it works ?

I have CSF installed on all server and since last month I am receiving attacks with 15~30Mbps traffic and with CSF enabled the server crash, I need to access with KVM and disable the CSF than the server back to respond.

I am already enable SYN flood protection but not resolved.

Changed the size of tables of conntrack and not resolved(echo 65535 > /proc/sys/net/nf_conntrack_max). The server have...

Hello,

on an Linux CentOS 2CPU core OpenVZ VPS

one of the top processes returned by linux top command are:

lfd - scanning log files
lfd - (child) closing
lfd - (child) Statistics..
lfd - (child) Process tracking

even couple of same processes at same time

Please why it takes too much CPU? Which commands to do?

Hi,

I have 3 servers at different locations and i have different csf.deny on all of them. i want to implement a kind of central database server for all of these servers for blocked ips. also for the csf.allow.
what will be the easiest way to do that?

thanks

hello,

since I added country CA & US to CC_allow_ports , when CSF restarts, I receive that error:

csf: FASTSTART loading CC_ALLOW_PORTS (IPv4)
csf: FASTSTART loading CC_ALLOW_PORTS (IPv4)
CC_ALLOWP all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
Error: Connection timeout! at /usr/sbin/lfd line 7422, line 61....

Hello,

With LF_FTPD does csf/lfd check number of connects/disconnects on FTP port ?

I have 722 lines of connects disconnects inside a 10 min period that happened today (13-Nov-2014). csf/lfd was running when this attack took place. I might have left something out in csf/lfd config for this to be dealt with.

What settings do I need to tweak to deal with this ?...

Hey there,

I'm getting TONS of RELAY Alert emails for one of my servers and can't for the life of me figure out where they're coming from. The emails state:
=======================================================================
Time: Thu Nov 6 18:22:06 2014 -0800
Type: RELAY, Remote IP - (US/United States/ )
Count: 101 emails relayed
Blocked: No

Sample of the first 10 emails:

2014-11-06...

I had an account that got sent a load of emails all of once (about 100) and lfd picked this up as relayed mail.

This has happened a few times.

Is this expected behaviour?

I need a rules to direct port 80 to port 8080 on the loopback interface, but the rule CSF generated excludes loopback (!lo). Is there a way I can have
iptables -t nat -I OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 8080

Hi,
am using VPS VZZO machine, I recently face very critical issue that csf firewall blocks all ports of the server globally automatically.

I install csf firewall by default setting but now after a day its block my all ports and now am unable to access server.
Kindly tell me how I can access my VPS without lossing data.
Even SSH each and every thing blocked.

Since 7.14 update, the config server script appears to be broken, has a bug or something is fubar'd. I've had to manually install all updates via command line since the GUI will not display an upgrade button. It constantly displays the following error:

Unable to connect to , retry in 167 seconds. An Upgrade button will appear here if new version is detected

So now i've done over a dozen...

Hi all

We keep getting this email every night from LFD/CSF which says:

Unable to obtain exim queue length within 30 seconds - Timed out

Yet, the email queue is normal, it can be accessed ok via Configserver's mail queue manager and the WHM Mail queue manager.

The load is reasonable (1.00-2.00)

Any idea why it keeps having issues with the queue?

Tried restarting both Exim and CSF, but still...

Hello,

I have setup modsecurity rules to give permission denied (403) on multiple brute force attempts; which works great, but now I want CSF to block their IP if they continue. So my thoughts were to configure LF_APACHE_403 to automatically block their IP. Unfortunately, it is not working.

An example of this:
192.95.29.115 - - POST /wp-login.php HTTP/1.1 403 1139 - -
192.95.29.115 - - POST...

Not sure what to look for here. Upon restarting CSF in shell, I am getting this error near the bottom of the output:

*ERROR* line:
Command:
Error:
You should check through the main output carefully

I've checked though the csf.conf file carefully, yet I can't quite spot what might be causing this.

Thanks for any assistance.

Hello,

I've set PT_USERMEM = 0 but I'm keep getting this kind of messages.

Time: Thu Dec 12 13:32:02 2013 +0200
Account: someuser
Resource: Virtual Memory Size
Exceeded: 206 > 200 (MB)
Executable: /usr/selector/php
Command Line: /usr/bin/php /home/someuser/public_html/index.php
PID: 1008625 (Parent PID:986235)
Killed: No
After that I've csf-r but I'm still getting this kind of messages. Isn't...