ConfigServer Community Forum

After new CSF ver. 6.41 CSF is not blocking FTP failed attempts, I have the following config:
RESTRICT_SYSLOG = 1
LF_FTPD = 4
LF_FTPD_PERM = 1

But now LFD report is showing the following attempts:

Jan 29 21:02:40 server pure-ftpd: (?@212.99.45.168) Authentication failed for user
Jan 29 21:02:48 server pure-ftpd: (?@212.99.45.168) Authentication failed for user
Jan 29 21:02:57 server...

Hello,

The screen (UI) after a CSF security check has changed since the last update. Is it normal?

I can't post a photobucket screenshot because I am not currently authorised to post url links. I don't understand why.

Regards

hi,

My csf stats have the xx country code as the most often blocked (aside from cn/china). I couldn't find any information on this country code online. 1) what is it (besides being user assigned ? 2) is it safe to block, or might I be blocking legit visitors too that use VPNs, proxies, some other reason they are being tagged as xx ?

According to this:
if you go to wikipedia's site then...

Hi,

I do see the many options available in the csf.conf file but is there anywhere on the site which provides a more in depth explanation of the options in there?

Im trying to figure this out .

Is CSF a firewall or is it a software to manage a firewall?

Because i see some features like SYN flood prevention makes it sound like a firewall

noob here so pardon me .

The mails sent out from my server to gmail accounts (mainly) are getting blocked, the mail fails after around a day or 2 saying connection refused.

Initially i thought this was gmail error, seeing the mail bounce. But on investigating on the issue, i found the mails in queue

When i click deliver now, it says Connection refused to the gmail server ip 74.125.155.27

This has been happening for...

Hi Jonathan / Sarah,
I have declared the following custom rule in regex.custom.pm and it is not working:

if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\S+\s+dovecot\wlogin authenticator failed for \(ylmf\-pc/)) {
return ( smtp_auth attack ,$1, SMTPYLMF , 1 , 1 );
}

I have defined my CUSTOM2_LOG as /var/log/exim_rejectlog
I have double checked the regex syntax with different...

hello
i would like to disable LT_POP3D for one of my clients domain.
they use several computers to connect to the same email box so they get blocked each time
i want to disable just for their domain this rule

please advice where i can configure per domain LT_POP3D or which rule id to disable for them
thanks
Barnea

Hi,

Can anyone please advise as to how to go about pigonore the following command line, cannot see to get it right:

Resource: Process Time
Exceeded: 1838 > 1800 (seconds)
Executable: /bin/tar
Command Line: /bin/gtar -c -f - -S .
PID: 227153 (Parent PID:227144)
Killed: No

Hello,

Which file can I edit to change the 300 seconds in the following setting. The UI Configuration utility just gives the option to turn it on or off. I would like to change the period of time between checks.

Check whether csf appears to have been stopped and restart if necessary,
unless TESTING is enabled above. The check is done every 300 seconds

Thank you in advance,
Vlus

I'm using csf on shared hosting server.

I have many e-mails about exceeded of time of precesses:

Resource: Process Time
Exceeded: 1841 > 1800 (seconds)
Executable: /usr/share/cagefs-skeleton/usr/selector/php
Command Line: /usr/bin/php

My configuration on the server is php as fastcGI on CloudLinux
What do You do in such case ? Do You kill such processes that exceeded time ie. 1800 s ?

I'm seeing syslog entries several times per day from bind9 along the lines of
success resolving 'whateverdomain/A' (in 'whateverdomain?) after reducing the advertised EDNS UDP packet size to 512 octets.

Apparently I'm not allowed to post links, but a post on the ISC forum indicates we are probably not permitting UDP > 512 bytes through the firewall.

I have setup a new dedicated server with Debian 7.2 stable ( Wheezy ) and installed apache, Webmin and CSF with the webmin modules.

During testing, I'm getting expected results. SSH access is fine. and when I disable testing mode on every thing is fine
but when I reboot the server I'm locked out, I have to use the server rescue mode to revert back into testing mode.

SSH is on 4215 and webmin...

Hi all,

I'm looking for a way to block FTP access from every country but mine, the Netherlands. Also in some cases I should be a able to whitelist a country per account. Is this possible using CSF?

Thanks!

I have a developer working on a project on my server. He only connected to port 22 and 80 and it would block him. I have also seen this happen to http traffic. I have turned it off for now, as it blocks legitimate traffic. Is this normal?

Block:

Temporary Blocks: IP:112.110.51.230 Port: Dir:in TTL:3600 (lfd - *Port Scan* detected from 112.110.51.230 (IN/India/-). 11 hits in the last 285...

I have

TOR|86400|0|

in /etc/csf/csf.blocklists. But no csf.block.TOR is created in /var/lib/csf/

--
CENTOS 5.10 i686 virtuozzo – vps
csf v6.40

Hello,

I am very thankful to this message board for some great information. I am running CSF v6.39 on a Centos 5.1 server using WHM 11.4.31 web interface. This is a quad dual xeon server w/32GB ram.

I am successfully using CC_DENY to block several countries. I have been able to add up to about 15,000 IP blocks in a few minutes, however, adding any more country codes seems to cause the...

Hi, my name is Maxi and I'm new to this product. Ever since I've installed and configured csf I've been receiving several spamd notifications a day, with subjects like:
lfd on xxxxxx: Excessive resource usage: xxxx (1557 (Parent PID:193))

almost always followed by:
lfd on xxxxxx: Suspicious process running under user xxx

My csf.pignore file includes the following line
cmd:spamd child

but still...

Hi there

we use CSF on most if not all of our servers on the internet, except when behind hardware firewalls

what i'd love to do is also setup csf/lfd on these devices as well, not for the firewall port blocking/acl as we manage this at the hardware firewall level, but for all the brute force blocking goodness

is it possible to configure CSF in such a way that it only blocks IP's when...

We block Russia using the DENY_CC feature, but one account using their own dedicated IP address on the server has customers in Russia.

Is it possible to create an exception for the general DENY_CC ban, so that one dedicated IP on the server can maintain access with Russia?