ConfigServer Community Forum

Hi all,

I see that my csf blocks a lot of IP that are just trying to ping my server.
I understand that a lot of people ping before they attack.. but a lot ping just to check the latency.

Is it possible to block ICMP/8 in csf, but NOT block an IP address who is trying to ping ? (Basically, the server will not answer anything, but will not block the IP neither).

Thank you.

Using Litespeed 4.2.16. Excerpts of our /usr/local/apache/logs/error_log:

ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity:...

Hi all, I've been running CSF for years and I don't think I've ever seen this one... tonight I got an email saying 0.0.0.1 was blocked permanently. Checked the lfd logs and see entries like:

(CT) IP 0.0.0.1 (-/-/-) found to have 80 connections - *Blocked in csf* for 1800 secs

This appears to have started on Oct 5 (it's the first entry in the gzipped LFD log). I didn't think 0.0.0.1 was a...

I just installed csf on a cPanel vServer (OpenVZ).
I can't access the WHM CSF/LFD GUI.

WHM --> ConfigServer Security & Firewall (click on)

I see
ConfigServer Security & Firewall - csf v7.50

and nothing else. Configuration over GUI is impossible.

/var/log/lfd.log is not available.

csftest.(pl)
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing...

/var/log/messages:
Oct 3 14:57:01 mail auditd : Audit daemon rotating log files

ignore rule: ^(\S+|\S+\s+\d+\s+\S+) + mail auditd\ :

Still reporting though?

I am on cloudlinux + cpanel

Time: Mon Oct 6 22:30:11 2014 -0500
Error: Failed to detect code in SYSLOG_LOG

SYSLOG may not be running correctly

How I can fix this?
Bless

Hello,

I'm been receiving this e-mail from all my web hosting accounts. I have researched the web and can't find a solution. I'm aware of being able add this script to the ignore file. However, I'd like to make sure this is not a problem and hopefully find the cause.
Thank you for your help!

I'm using the stable version of cPanel with Cloud Linux.

Email Subject: lfd on server-domain-name:...

Hi all,

I am trying to find a way to add logs (iptables -A INPUT -J LOG) at the end of the default INPUT, so when a rule is not matched, it shows up in /var/log/messages (centos).

Anyone know how to do that ?

Thank you

--

Never mind, I found out and it is working now.

Hola, alguien puede explicarme que es este mensaje que me indica CFS

Time: Thu Oct 2 08:59:37 2014 -0500
Type: LOCALRELAY, Local Account - securema
Count: 101 emails relayed
Blocked: No

Sample of the first 10 emails:

2014-10-02 08:49:55 1XZglX-0004bu-Jk for locke41@XXXXXXXX
2014-10-02 08:49:55 1XZglX-0004c1-Mv for mmoore21@XXXXXXXX
2014-10-02 08:49:56 1XZglX-0004cA-Qp for...

hello
i have some problem when i start or restart my csf

csf: FASTSTART loading TCP_IN (IPv4)
Error: FASTTART: (TCP_IN IPv4) . Try restarting csf with FASTSTART disabled, at line 4138

how can i fix it ?
and i use this port for gameserver

Hello, I got CFS running under Ubuntu 14.04 and webmin 1.710, but I am still having issues getting the view IPTables Log button to show the log. says no log entries found . I did see and adjust the log files path for /var/log/syslog but still the same error.

I took a closer look at csf(dot)pl and found --log-prefix was set to add the word Firewall: and Knock: to the syslog. So i added a new...

Error processing command for line (6 times): , at line 1301

Sorry if this is not the correct subforum to put this in. I did use the search function of both this forum and Google in general. I submitted a ticket with the helpdesk but got sent to the forums, so I'll just copy/paste the ticket contents.

-bash-3.2# uname -a
Linux 3.8.2 #6 SMP Thu Jun 27 16:29:32 UTC 2013 i686 i686 i386 GNU/Linux...

This may be a coincidence, but a few minutes after I saw the
csf/lfd auto update email, I could no longer access my linux server.
So, I'm just checking if anyone else is seeing any dyndns problems.

My csf.dyndns file has two lines. Something like:

tcp|in|d=993|s=test1.exampledomain
test2.exampledomain

When I tried to access my server from test2, I got connection refused.

Other notes...

Hi,
I have a weird issue. Server has been running smoothly for a few years now.

But some weird issue occured today where I noticed alot of these from 1 IP:

kernel: nf_ct_ftp: dropping packetIN= OUT=eth1 SRC= DST=
LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=14581 DF PROTO=TCP SPT=21 DPT=42213
SEQ=6214852 ACK=4228557922 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=0 GID=0

The load on server went from...

hello all - i tried to activate qos and tried to visit my status webpage:

but only got this message:

Forbidden
You don't have permission to access /server-status on this server.

any thoughts on this?

Hi there
it seems the default amount of lfd is 3,
can i change it to 10? and how

many thanks

best
Charlie

Hi there

thanks for the great product.

my office has static ip : eg 100.100.100.128

we cannot login the webmail/cpanel using the office wifi (same ip)
but we can login in mobile 3G , with another ip

we can double checked that ip is unblocked in the white list, still can not login with the ip
even try disable csf and lfd, still not working

is any idea for this ?

best
Charlie

ConfigServer Security & Firewall - csf v7.15
CSF not passing DYNDNS traffic:

For several months I have been using CSF installed on a PBX server without problems. I lost a hard drive and reinstalled PBX SOFTWARE and CSF. Since install I have not been able to get CSF to pass traffic from DYNDNS. In other words, when I use I see the IP address of the network I am on being blocked by CSF. And yes,...

Hi all,

Weird one I noticed today is that none of my mod security rules are being blocked anymore? I have LF_MODSEC set to 3. Is there something else I'm missing?

For eg.

ModSecurity: Access denied with code 403 (phase 2). Pattern match (?i:(?:\\\\sexec\\\\s+xp_cmdshell)|(?: \\\\s*?!\\\\s*?...

hello all - i set this:

CT_EMAIL_ALERT = 1

but where is the email supposed to be sent? should the address be in the quotes rather than then 1 ?

thank you!