ConfigServer Community Forum

Recently started using CSF/LFD on a new server (physical) and so far it has been a real gem. Using the latest version 6.37 in a WHM/cPanel environment. Got hit today by a number of sshd login attempts, nothing unusual, but when they eventually went away I noticed that one of the blocked IPs keeps hitting the DENYOUT chain. As per:

# csf --grep 190.91.71.77
Chain num pkts bytes target prot opt...

Hi,

I want to set up this alert if the queue gets to 100. I was testing the alert and set it down to 40. Both cmq and exim -bpc tell me I have 44. What am I missing?

TIA!
Diane

Hello guys, I'm having a little problem, when active csf after a certain time my teamspeak server is turned off and this only occurs when the csf is connected.

If I leave off the server is turned on without a problem, what can I do to make the csf stop killing the process.

During the installation of this CSF appearing this error.

install.generic sh: line 323: update-rc.d: comando não encontrado
install.generic sh: line 324: update-rc.d: comando não encontrado
install.generic sh: line 325: update-rc.d: comando não encontrado
install.generic sh: line 326: update-rc.d: comando não encontrado
/etc/csf/csfwebmin.tgz -> /usr/local/csf/csfwebmin.tgz

ps.: I do not...

It appears that the ConfigServer firewall doesn't work on systems that call their ethernet ports something else besides eth0 and eth1.

Details:

I'm trying to use ConfigServer firewall on a DirectAdmin based system running on Dell Hardware.

The Dell Hardware names it's ethernet ports em1 & em2 instead of eth0 and eth1.

When I start the firewall the server no longer has access to the Internet,...

I am gettin the following error randomly and frequently when CSF is enabled:

If I disable CSF i dont get the error. Have you seen this before?

Hi can anyone tell me if there is a way to backup all the settings so when you install csf on another server you can just upload a file ?

CSF can't block scripts or web pages, it only blocks IPs.

In order to know what is going on with that file, go to SEARCH SYSTEM LOGS and grep for configproducts.php and check all the errors in there and post info gathered from there.

Email User gets this response:

Diagnostic information for administrators:
Generating server: DBXPR04MB031.eurprd04.prod.outlook. com
Receiving server: emea01-internal.map.protection.outlook. com (10.47.216.25)

user@ourdomain. com

11/10/2013 1:31:03 AM - Remote Server at emea01-internal.map.protection.outlook. com (10.47.216.25) returned '550 4.4.7 QUEUE.Expired; message expired'
11/10/2013...

I looked through the csf.conf file and searched the forum but didn't happen to see if this was possible...

Is it possible to configure the emails being sent out to use the user account's GECOS field in /etc/passwd as the From Name in the email that is sent out? If not, can that be set manually somewhere?

I'm looking at this for email organization purposes (easier to identify a server owner by...

Since upgrading to WHM 11.40.0 (Build 6), LFD is sending me regular alerts about excessive resource usage:

Time: Mon Oct 14 07:16:29 2013 -0700
Account: dovecot
Resource: Process Time
Exceeded: 31883 > 1800 (seconds)
Executable: /usr/libexec/dovecot/auth
Command Line: dovecot/auth
PID: 30873 (Parent PID:30861)
Killed: No

and

Time: Mon Oct 14 07:16:29 2013 -0700
Account: dovecot
Resource:...

The update package does not work.
Csf-u command to get the following answer:
Oops: Unable to download: Can not connect to (timeout)
Ping the site works correctly

The X between letters were placed to prevent the post appears to contain links

root @ server1 # csf-u
Oops: Unable to download: Can not connect to (timeout)
root @ server1 # ping-c5
Configserver.coxm PING (85.13.195.235) 56 (84) bytes...

I have got alert form csf regarding suspicious file bc. pl on the server with the following content.

#!/usr/bin/perl
use Socket;
$iaddr=inet_aton($ARGV ) || die( Error: $!\n );
$paddr=sockaddr_in($ARGV , $iaddr) || die( Error: $!\n );
$proto=getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die( Error: $!\n );
connect(SOCKET, $paddr) || die( Error: $!\n );
open(STDIN,...

I am would like to use CSF to block all traffic from all ports from all ips except for ours and a client's.

There are a couple of threads that are close to this but not exactly the same. I want to do this correctly because I am concerned about locking myself out.

If there is anyone out there that could help me out I would appreciate it.

Thanks
Alex

Hi,

I have installed and used csf for a while now, and am thankful it worked so well from the get go. I just stumbled upon a problem that is stumping me.

My Virtuozzo based VPS server has 3 IPs, each on its own adapter: venet0:0, venet0:1 and venet0:2.

Any blocking action has effects on one of the IPs (the initially installed IP on venet0:0), but has no effect whatsoever on any of the 2...

Hi now and then i get an email saying Please use the following links to add to the black list: and says single IP then 24 and 16 can someone tell me where to add them please.

Hello,

We have ConFigServer firewall installed on our server but since 3 days we are having lot of attack and server is going down often. Also our lfd is showing down. Can someone please help?

Regards,
Jay Kay

Hi,

I have CSF 6.37 Installed on two servers, i have noticed today that when an IP is blocked permanently, its logged under (permanent IP bans)) but the number stays the same.

for example:

before some IP is perm. banned : Currently: 552 permanent IP bans)

After few IP's get's banned permanently: Currently: 552 permanent IP bans)

so what Can I do? or its a bug?

thanks

Hi there, I use csf in some servers and VPSs, but this time we're using it to protect one proxmox debian node, but for any reason, csf doesn't load the country tables so there's no block and nothing in the iptables.

We tried exactly the same in another system (a couple of external VPSs, one openvz and another KVM) and this worked without any problem.

We didn't see anything weird in the logs....

Hi!
I have a eth0 with ADSL conection and two aliases for public ips and the eth1 is my lan.
I can't configure the csf for my system.
Anyone have something like that? may have or provide your experience?
Thanks!!!