This issue is making me crazy -- however, one of our servers is accepting connections on all ports even though it's not specified in csf.conf, it's like iptables isn't even running, even though it is.
Is there anything we can add to log all packets (and their iptables rule) so we can figure out why these packets are being accepted, despite being in the TCP_IN list?
re Distributed Attacks especially LF_DISTSMTP
I have a user who uses Hotmail to retrieve her emails from the server along with emails from her other pop accounts. She also uses the Hotmail interface to send emails via the pop account on my server.
Unfortunately this results in her being blocked ( or at least Hotmail is blocked)
I have had to completely disable LF_DISTSMTP which I don't want...
We run the same config on all of our servers, however this one spits out an iptables error.
debug : Command:/sbin/iptables -v --policy FORWARD DROP
debug : Command:/sbin/ip6tables -v --policy INPUT DROP
debug : Command:/sbin/ip6tables -v --policy OUTPUT DROP
debug : Command:/sbin/ip6tables -v --policy FORWARD DROP
*ERROR* line:
Command:
Error:
You should check through the main output...
I recently installed a Promox server (Debian Wheezy) and I want to use CSF with this server. I have been using CSF successfully for a long time now but I would also like to use the graphical user interface. I tried to activate it but the page won't load for me.
Here is the relevant part of my CSF configuration...
Please help my lfd has been failing for quite some time. I do not knwo what is going on.
I also notice this error:
Error: FASTTART: iptables-restore v1.3.5: host/network `08.15.48.47' not found, at line 3759
RESTRICT_SYSLOG is disabled
Status: Firewall Status: Enabled but Stopped . I tried re-starting it and nothing happen.
Hola, me pueden indicar como puedo pasar por alto el proceso de backup, ya que el csf firewall asesina este proceso y no permite que el backup se realice con exito.
aqui el error:
18 de ago 11:07:12 servidor lfd : * usuario procesamiento * PID:25912 Kill: 1 usuario: arodico1 VM:251(MB) EXE: / usr/local/cpanel/3rdparty/perl/514/bin/perl CMD:pkgacct - arodico1 - av: 3
18 de ago 11:07:12 servidor...
I'm running the latest csf on CentOS 6.5 with no control panel, and I'd like to use the csf gui. Reading through the readme.txt though, it appears that I may not be able to - is the gui *only* for those with supported control panels (cpanel, etc)?
I've tried setting up the UI options in csf.conf but it won't let me even access a login page for it, so I'm wondering if it's because I don't use a...
I spoke with my Data center about adding SPAMHAUS DROP support to my CSF for my server. They added the following to my /etc/csf/csf.conf
Placed after GLOBAL_DYNDNS_IGNORE
# Enable IP range blocking using the Spamhaus DROP List at
#
# To enable this feature, set the following to the interval in seconds that you
# want the block list updated. The list is reasonably static during the...
I'm running a few cPanel servers, all of them with CSF Firewall.
Since last update (from v7.07 to 7.11), I'm getting a lot of IPs getting blocked and the sample of block hits:
We installed CSF on a Plesk 12 server (CentOS 6.5).
It seems to work fine, I can see in /var/log/lfd.log that it blocks IPs, but I don't receive any email.
I have set the LF_ALERT_TO parameter to my email address, and have enabled all email alerts in /etc/csf/csf.conf.
No logs are recorded in /var/log/maillog about CSF's outgoing emails!
Also, I had two servers with Plesk 11.5 and CSF, which...
Hello,
I'm not sure how to fix this, A few users have reported being blocked by the CSF firewall after attempting to use wordpress's admin interface.
Log's below, IP's blocked out for security and URL's removed for same.
Time: Sun Aug 10 14:44:00 2014 -0400
IP: xxx.xxx.xxx.xxx
Failures: 60
Interval: 300 seconds
Blocked: Temporary Block
We are receiving hundreds of email notifications similar to the one pasted below.
-----------------------------------------------------------------------------------------------------
5 failed login attempts to account ACCOUNT NAME
(smtp) -- Large number of attempts from this IP: 61.245.163.1
Origin Country: Sri Lanka (LK)
Please use the following links to add to the black list:
I have used CSF in many cpanel envionments and it is great. I just installed in on a non-whm (webmin) environment.
I installed the module and have access to it via the admin interface.
My question is, how do I go about getting it to check the mail, apache, php and server services similar to the WHM install? Right now it only checks Firewall, Server and SSH.
I would like csf to add blocked IP's to an address list on a Mikrotik Cloud Router Switch or maybe Cloud Core Router, for blocking at the edge switch or router for my rack.
It's trivial to turn a CRS into a stealth firewall, just split off port 1 from the switchgroup and bridge it to the master port for the remaining ports. This would be the ideal place to filter traffic, as a hit on one server...
I'd like to edit the the following alert template in CSF to CC the contact email address listed in CPanel
/usr/local/csf/tpl/resalert.txt
I tried to add CC field as shown below but suspect this will just send to the default CPanel user on the domain cpaneluser @ serverhostname . com instead of their email address in CPanel > Contact Info.
==============================
From: root
To: root
CC:...
hello
I use my server mostly for joomla websites.
I use updated CSF.
I have a strange and annoying problem,
in administrator of joomla when clicking to move
from managing modules to components or all other options
the system is stuck in loading endlessly.
when i disable the ModSecurity the problem is gone
but i can not work without the ModSecurity of course.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum