Any suggestions to block IP addresses based on the text ylmf-pc within log entries or packets?
I would say about 90 percent of our CSF alerts look like this and contain this text. They are getting blocked but by other means.
Not sure what to do with this but it seems that this text is common in the majority of the log entries where people are trying to guess SMTP passwords and such. All...
On Sept 6, csf.deny stopped updating. The only entries now in the file are the 15 manually entered lines. We have not changed any settings since the 6th. Just now updated to 7.15 but the csf.deny still is not changing. The lfd.log is updating ok. I restarted both lfd & csf but still not working. Where can I look for troubleshooting this?
We did setup up remote mysql , then add both Server IP - Main server & Mysql Server - to firewall whitelist . you need know we use CSF Firewall plugin.
But when CSF enabled Query slowed and not good communication between 2 server . but when disable CSF this problem resolved and Query run quickly .
Is it any misconfig ? How can resolve this issue , we need CSF .
Please don't shoot me down, I'm still learning all of the masses of WHM/cPanel features etc for my personal VPS but I've had an issue with which I've been speaking with cPanel support about.
It's in relation to when I have cphulkd enabled, as my broadband provider here in the UK doesn't give you the opportunity to purchase static IP addresses, unless you're a business user, of which I'm...
BUT when time reach 00.00 (of night) i start to receve email with the subject lfd suspicious process i have reached 1000 email yesterday from CSF..
I have tried to put off this invasive email by changing the settings in Process tracking so changed PT_LIMIT = 60 to 0 for disable, i have also tried to set PT_INTERVAL = 0 for tun off
This issue is making me crazy -- however, one of our servers is accepting connections on all ports even though it's not specified in csf.conf, it's like iptables isn't even running, even though it is.
Is there anything we can add to log all packets (and their iptables rule) so we can figure out why these packets are being accepted, despite being in the TCP_IN list?
re Distributed Attacks especially LF_DISTSMTP
I have a user who uses Hotmail to retrieve her emails from the server along with emails from her other pop accounts. She also uses the Hotmail interface to send emails via the pop account on my server.
Unfortunately this results in her being blocked ( or at least Hotmail is blocked)
I have had to completely disable LF_DISTSMTP which I don't want...
We run the same config on all of our servers, however this one spits out an iptables error.
debug : Command:/sbin/iptables -v --policy FORWARD DROP
debug : Command:/sbin/ip6tables -v --policy INPUT DROP
debug : Command:/sbin/ip6tables -v --policy OUTPUT DROP
debug : Command:/sbin/ip6tables -v --policy FORWARD DROP
*ERROR* line:
Command:
Error:
You should check through the main output...
I recently installed a Promox server (Debian Wheezy) and I want to use CSF with this server. I have been using CSF successfully for a long time now but I would also like to use the graphical user interface. I tried to activate it but the page won't load for me.
Here is the relevant part of my CSF configuration...
Please help my lfd has been failing for quite some time. I do not knwo what is going on.
I also notice this error:
Error: FASTTART: iptables-restore v1.3.5: host/network `08.15.48.47' not found, at line 3759
RESTRICT_SYSLOG is disabled
Status: Firewall Status: Enabled but Stopped . I tried re-starting it and nothing happen.
Hola, me pueden indicar como puedo pasar por alto el proceso de backup, ya que el csf firewall asesina este proceso y no permite que el backup se realice con exito.
aqui el error:
18 de ago 11:07:12 servidor lfd : * usuario procesamiento * PID:25912 Kill: 1 usuario: arodico1 VM:251(MB) EXE: / usr/local/cpanel/3rdparty/perl/514/bin/perl CMD:pkgacct - arodico1 - av: 3
18 de ago 11:07:12 servidor...
I'm running the latest csf on CentOS 6.5 with no control panel, and I'd like to use the csf gui. Reading through the readme.txt though, it appears that I may not be able to - is the gui *only* for those with supported control panels (cpanel, etc)?
I've tried setting up the UI options in csf.conf but it won't let me even access a login page for it, so I'm wondering if it's because I don't use a...
I spoke with my Data center about adding SPAMHAUS DROP support to my CSF for my server. They added the following to my /etc/csf/csf.conf
Placed after GLOBAL_DYNDNS_IGNORE
# Enable IP range blocking using the Spamhaus DROP List at
#
# To enable this feature, set the following to the interval in seconds that you
# want the block list updated. The list is reasonably static during the...
I'm running a few cPanel servers, all of them with CSF Firewall.
Since last update (from v7.07 to 7.11), I'm getting a lot of IPs getting blocked and the sample of block hits:
We installed CSF on a Plesk 12 server (CentOS 6.5).
It seems to work fine, I can see in /var/log/lfd.log that it blocks IPs, but I don't receive any email.
I have set the LF_ALERT_TO parameter to my email address, and have enabled all email alerts in /etc/csf/csf.conf.
No logs are recorded in /var/log/maillog about CSF's outgoing emails!
Also, I had two servers with Plesk 11.5 and CSF, which...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum