ConfigServer Community Forum

Hi, today i get this csf.error Error: FASTTART: (CC_DENY IPv4) [] . Try restarting csf with FASTSTART disabled, at line 3767 in /usr/sbin/csf after this command line csf -r command (used via webmin).
LFD.log entrys May 17 13:49:54 lfd : csf (re)start requested - running *csf startup*...
May 17 13:50:09 lfd : csf (re)start completed
May 17 13:50:14 lfd : *Error* You have an unresolved error when...

Hello Guys,

I would like to know if it's possible: we want to receive alerts if someone reached RT_AUTHRELAY_LIMIT limit (for example, 100) and blocks an IP (and alert) if someone reached second RT_AUTHRELAY_LIMIT limit (for example, 200).

If this possible to do?

Thanks.

As I'm still pondering (in another thread) why csf won't block an IP at all and actually miscategorizes it as IPV6, here's another email sent that appears to have issues identifying the IPs in question:

Banned the following ip addresses on Tue May 20 13:09:01 EDT 2014

2400 with 266 connections

That number 2400 is supposed to be an IP, correct?

My /var/lib/csf/csf.logtemp is quite large on both servers where I have csf installed. By quite large I mean about 500 MBs. Is that normal? Can it be cleared? If so, what is the best way to clear it if something other than deleting it and restarting csf?

I did trying restarting csf and lfd but it didn't clear the log.

FYI, the log contains entries that are months old at the beginning.

Thanks

Hi CSF community...

This will be my second question in here. I hope that I am asking to right place.

What is the best settings to prevent DDOS attacks?

Maybe the answer is simple for you, but I am a newbie, am trying to learn VPS and CSF. I've just rented a VPS this week as first time.

Hi CSF community...

This will be my first question in here. I hope that I am asking to right place.

I have been getting error emails like this:

Time: Sun May 18 07:45:11 2014 +0000
IP: 115.238.236.85 (CN/China/-)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Permanent Block

Log entries:

May 18 07:45:01 ** sshd : Failed password for root from 115.238.236.85 port 53445 ssh2
May 18...

I know that blocking countries in iptables is bad news - particularly if they run into 1,000 and more.

What is not clear to me is the consequence of having an absolutely huge /etc/exim.smtpauth file based on the new feature you recently provided.

For Example allowing all countries except for a few dozen would be pretty much most of the IP range. Would this kill EXIM?

The CPAN Net::CIDR package...

Hello, I am frustrated, hence the choice of a username. :(

Getting port-flooded daily, at times that I am supposed to be catching some ZZZ's.

Once the portflooding begins, this IP appears in the email notifications, of which there are plenty:

tcp6: 19.245.64.24:50654 -> :80

The port number ie 50654 in this example, varies with every entry.

I've blocked 19.245.64.24 manually and it's in...

Hi,

I cannot seem to figure out how to get CSF to ignore my WHMCS cron:

Time: Wed May 14 09:00:37 2014 +0200
Account: ***
Resource: Virtual Memory Size
Exceeded: 342 > 300 (MB)
Executable: /home/virtfs/register/usr/bin/php
Command Line: php -q /home/****/public_html/admin/cron.php
PID: 29408 (Parent PID:29407)
Killed: No

Please assist in how I can get CSF to ignore this cron

Hello,

I would suggest options to filter access to ports for dyndns. That would be great if csf.dyndns support same syntax as same as csf.allow, for example:

tcp|in|d=888|s=remotehost.dyndns

Or if you can support DYNDNS_PORTS which allow ports dyndns hosts can access in additional to TCP_IN/TCP_OUT

Let me know if you have any questions.

Thanks.

Hi,

Weird bug to report. This is from a csf download around 4 days ago. Fresh install of Ubuntu 12.04LTS. Virtualmin/Webmin control panel. The reported csf version upon csf installation is 6.48. Upgrader reports 7.03 is available.

When clicking upgrade, it runs through the upgrade sequence (sucessfully downloads replacemebt package apparently) and reports success. however, when returning to the...

hi

i install and configured csf firewall.

now i want to set messenger in csf .

i set it and it dosent work !!!
this is configuration of messenger in csf.conf :

MESSENGER = 1

# Provide this service to temporary IP address blocks
MESSENGER_TEMP = 1

# Provide this service to permanent IP address blocks
MESSENGER_PERM = 1

# User account to run the service servers under. We recommend...

One thing I am noticing on my server is that almost all the blocks for certain administrative services that end up being blocked are outside of the country where those that manage my server are located. SSH, SMTP, POP, FTP, and accessing CPanel URLS for example should never be done except by people who have authority to log in and use those servers, and those people are coming from either known...

I've noticed for awhile that CSF stops accepting certain ports occasionally. Noticeably, they seem to coincide with auto updates. For example, the 7th-9th saw an update each night, and each night I got an emergency call that a ddos protection proxy host we use (similar to cloudflare, but for game servers), wasn't able to pass traffic through.

A 'csf -r' resolves this. The setup of part of this...

I'm new to CSF, loving it so far, thank for a great product.

I noticed today that there's a 404 for the Emerging Threats - Russian Business Networks List link
.../blockrules/rbn-ips.txt

I've changed the link to
.../fwrules/emerging-Block-IPs.txt

Is this acceptable or is there a better method?

Thanks

I must be doing something wrong, because I cannot seem to get csf.fignore to work. I am trying to ignore the following files/folders, but they are still being logged by LF_DIRWATCH_FILE and they continue to trigger warning emails. Here is what I have in csf.fignore:

/home/username/public_html/cgi-bin/script/admin/data/text_dump\.txt
/home/username/public_html/cgi-bin/script/admin/backup/*...

After I upgrade to 7.1 I start received this message:
Error: FASTTART: iptables-restore: line 68174 failed, at line 3759

After start using the FASTSTART to use the CC_DENY and csf broken.

On the first install and configuration work normal, but on next day the csf crash and I need to disable the FASTSTART to work...

See the error:

csf: FASTSTART loading DROP no logging (IPv4)
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG tcp...

Hi,

How I can config CSF to
send email when CSF is stopped, dissabled, or restarted ?

Thanks

Hello,

after the last update we have the following error.

Error: FASTTART: ip6tables-restore: line 14 failed, at line 3787

and we cannot start lfd
csf is installed in a openvz ct
here the loaded modules

ip6t_REJECT 4711 0
ip6table_mangle 3669 0
ip6table_filter 3033 0
ip6_tables 19714 2 ip6table_mangle,ip6table_filter
ipt_REDIRECT 1888 0
iptable_nat 6302 0
nf_nat 23213 4...