ConfigServer Community Forum

I'm using csf on shared hosting server.

I have many e-mails about exceeded of time of precesses:

Resource: Process Time
Exceeded: 1841 > 1800 (seconds)
Executable: /usr/share/cagefs-skeleton/usr/selector/php
Command Line: /usr/bin/php

My configuration on the server is php as fastcGI on CloudLinux
What do You do in such case ? Do You kill such processes that exceeded time ie. 1800 s ?

I'm seeing syslog entries several times per day from bind9 along the lines of
success resolving 'whateverdomain/A' (in 'whateverdomain?) after reducing the advertised EDNS UDP packet size to 512 octets.

Apparently I'm not allowed to post links, but a post on the ISC forum indicates we are probably not permitting UDP > 512 bytes through the firewall.

I have setup a new dedicated server with Debian 7.2 stable ( Wheezy ) and installed apache, Webmin and CSF with the webmin modules.

During testing, I'm getting expected results. SSH access is fine. and when I disable testing mode on every thing is fine
but when I reboot the server I'm locked out, I have to use the server rescue mode to revert back into testing mode.

SSH is on 4215 and webmin...

Hi all,

I'm looking for a way to block FTP access from every country but mine, the Netherlands. Also in some cases I should be a able to whitelist a country per account. Is this possible using CSF?

Thanks!

I have a developer working on a project on my server. He only connected to port 22 and 80 and it would block him. I have also seen this happen to http traffic. I have turned it off for now, as it blocks legitimate traffic. Is this normal?

Block:

Temporary Blocks: IP:112.110.51.230 Port: Dir:in TTL:3600 (lfd - *Port Scan* detected from 112.110.51.230 (IN/India/-). 11 hits in the last 285...

I have

TOR|86400|0|

in /etc/csf/csf.blocklists. But no csf.block.TOR is created in /var/lib/csf/

--
CENTOS 5.10 i686 virtuozzo – vps
csf v6.40

Hello,

I am very thankful to this message board for some great information. I am running CSF v6.39 on a Centos 5.1 server using WHM 11.4.31 web interface. This is a quad dual xeon server w/32GB ram.

I am successfully using CC_DENY to block several countries. I have been able to add up to about 15,000 IP blocks in a few minutes, however, adding any more country codes seems to cause the...

Hi, my name is Maxi and I'm new to this product. Ever since I've installed and configured csf I've been receiving several spamd notifications a day, with subjects like:
lfd on xxxxxx: Excessive resource usage: xxxx (1557 (Parent PID:193))

almost always followed by:
lfd on xxxxxx: Suspicious process running under user xxx

My csf.pignore file includes the following line
cmd:spamd child

but still...

Hi there

we use CSF on most if not all of our servers on the internet, except when behind hardware firewalls

what i'd love to do is also setup csf/lfd on these devices as well, not for the firewall port blocking/acl as we manage this at the hardware firewall level, but for all the brute force blocking goodness

is it possible to configure CSF in such a way that it only blocks IP's when...

We block Russia using the DENY_CC feature, but one account using their own dedicated IP address on the server has customers in Russia.

Is it possible to create an exception for the general DENY_CC ban, so that one dedicated IP on the server can maintain access with Russia?

Is it possible to establish a remote list of IPs for GLOBAL_DENY to reference which contain IP ranges like this:

198.177.120.202-198.177.120.212
198.177.121.122-198.177.121.143
198.177.123.50-198.177.123.118
198.177.126.86-198.177.126.149

?

Hello,

I have searched the forums and do not see this specific question.

I am running a new installation of CSF v6.39 on a Centos 5.1 server using WHM 11.4.31 web interface. This is a quad dual xeon server w/32GB ram.

I have CSF config'd for CC_ALLOW_FILTER=US

After 2 unsuccessful restarts, I disabled fast start and firewall status is shown to be running according to the banner at the top of...

I am already ignoring the user via it's ID, but keep getting this email

Subject: ...Suspicious process running under user postgrey

Time: Tue Dec 31 12:24:39 2013 -0400
PID: 14373 (Parent PID:14373)
Account: postgrey
Uptime: 18584 seconds

Executable:

/usr/bin/perl

Command Line (often faked in exploits):

/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=10023

Network...

Hi
Trying to use the CT_LIMIT to block 2 different type of floods:

1) a simple DOS attack towards a client where someone keeps flooding them with calls to different images and pages in order to consume their bandwidth
This block has worked fine for quite some time and it blocks the way it should.

2) simple brutes on wp-login.php from one IP each time (they change IP, but do loads of attempts on...

Hi

I've set the following parameters:
LF_APACHE_403 = 60
LF_APACHE_403_PERM = 3600
LF_INTERVAL = 300.

The reason I needed to turn that on is because I'm being bombarded by attempts to access a blocked resource. The file /etc/httpd/logs/error_log is generating about 10 lines per second (about 1 or 2 from the same IP each second) with the following (truncated):

AH01797: client denied by...

Hi all,

I'm seeing quite a few entries in my logs that look like the below, only changing the username. Looks like someone is trying to guess user/pass combinations. It appears like CSF isn't blocking these failed login attempts, any idea why? Im using the latest CSF version.

Dec 29 13:39:15 server3 authdaemond: Failed to getpwnam for user dell
Dec 29 14:00:16 server3 authdaemond: Failed to...

We are currently undergoing a brute-force attempt by various IP addresses(looks like a botnet to me). CSF has blocked all IPs whenever the no. of authentication failures due to wrong password exceeds 3. However, since recently, we are getting a different type of error, and despite of lots of attempts from the same IP, it is not getting blocked by CSF.

Dec 29 15:22:44 ud01 sshd : Received...

I have some rules set up in CSF to block unwanted login attempts to SMTP.
But apparently my setup blocks also the reception/delivery of mail from GB.

CC_DENY_PORTS = GB, plus a lot more of country codes
CC_DENY_PORTS_TCP = 25,465,587
CC_DENY_PORTS_UDP = 20,21,53

Perhaps my understanding of how a server works is incorrect.

I also enabled Enable login failure detection of pop3 connections and...

In this case the topic title doesn't say it all.

We've got a set up where we handle a number of rules through csfpost. Earlier today we noticed that the rules that are in that file were suddenly removed on one server. Just a minute ago, we noticed the same on another server. When I restart CSF the issues are resolved straight away and the content from csfpost is in the active ruleset.

I have no...

Hi

Need your advice

I'm using CSF on router with 2 external and 1 internal nic
currently csf filtering all traffic to router but packets that FORWARDING to internal network (real addresses) do not filtering

how to do filtering for packets that going to internal network ?