ConfigServer Community Forum

Hi,

The questions is in regard to this:
# Send an email alert if anyone logs in successfully using SSH
LF_SSH_EMAIL_ALERT = 0

Is it possible to whitelist a username that logs in via SSH so that when it happens I do not get an email?]

I tried to whitelist the source IP and also added user:USERNAME to csf.pignore but nothing helped

Please advise
Thanks

Hi,

can anybody help me with this error MSG. Is this something I can ignore or its something really serious? Thanks!

Time: Thu Oct 10 17:28:01 2013 +0200
PID: 22646 (Parent PID:12999)
Account: postfix
Uptime: 99 seconds

Executable:

/usr/libexec/postfix/smtp

Command Line (often faked in exploits):

smtp -t unix -u

Network connections by the process (if any):

tcp: MYIO:52335 ->...

Hello,

I have been and am very grateful for this specail feature of CSF as it helps me catch problems like pop accounts with bad passwords getting hacked ;) However, during the last couple weeks I noticed to of my newer Cpanel machines not sending me out any emails for pop accounts that send out a lot of email. I saw in both cases tons of emails sent out by pop accounts, verifiable via the...

Dear,
I have an packet lost issue when Config Firewall is enable and when is disable everything is OK.

Any advice?

Thanks, Mario

Hi there, we have a cPanel server which is doing both mail and web hosting, we're finding that periodically yahoo and google mail servers are getting blocked, which stops exim delivering mail to those servers, leading to it getting held up in the queue. Here's an example block of a google server (1e100 net) from this morning:

Time: Tue Sep 17 06:48:40 2013 +0100
IP: 173.194.66.26 (US/United...

Hello,
I've a curious problem (CSF 6.35, cPanel 11.38.2.7):
I can see blocked ip ad rules in mod security page of WHM, and I can see rules and ip with ConfigServer ModSec Control (ModSecurity Log with last 20 entries).
So, my system works. Now, i've installed CSF, and that are my settings:
LF_MODSEC = 2
LF_MODSEC_PERM = 1800
MODSEC_LOG = /usr/local/apache/logs/modsec_audit.log (restricted UI...

Hello,
Brand new to CSF and really enjoy it's features. I am running Centos 5.9 with DirectAdmin and would like to know where I can enable and configure the Block IP features to operate in the Brute Force Monitor section. In advance I thank you for your response.
B -

Hello,

I have checked my own server and my own servers provider. NO routing issues nor firewall issues on our side. Possible, csf website blocking my server?

Thanks

I start the csf but in exactly 1 min
I see in the cron log

host crond: (root) CMD (/etc/init.d/iptables stop)

then I see my csf is
Firewall Status: Enabled but Stopped

I did not stop the iptables !

It goes on every Min and turns off the csf automatically like a cron

I check my crons but did not find any thing
Where should I look for the problem?

I'm sure I'm missing something simple...

I have SMTP_BLOCK disabled:
SMTP_BLOCK = 0

I can manually open a connection to my SMTP Server over Port 465 from the command prompt, which tells me iptables is allowing outbound connections properly.

# iptables -L | grep -i smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp

However, a script fails to connect to my SMTP server (SMTP using...

I keep getting this error in logs today
Unable to retrieve blocklist DSHIELD - Unable to download: 599 - Net::SSLeay 1.49 must be installed for https support

I have Net::SSLeay1.55 and I don't intend to downgrade. Have you any idea what is wrong

Hi There,

I've just installed csf (v.635) on a fresh server, which should meet all the prerequisites of csf, but when trying to start it I can given:

Undefined subroutine &main::cleanup called at /usr/sbin/csf line 119.

Everything is basically a clean install, so I'm not sure what it could be that is causing it to fail...

The line in question from the file is:

sysopen (CSFLOCKFILE,...

Hi, can anybody tell me how can I allow bots from Google, MSN etc. to crawl my website without being temporally blocked?
Thanks a lot!

Hello,

How to block IP address range?

91.200.12.0 - 91.200.15.255

csf -d 91.200.??????

Thanks

Hi,

First of all thank you for creating this great security suite.

I believe LF_CPANEl isn't working propperly for me, I've set it to a low value (3) but CPHulk is still registering login failures past 3 failed attempts per IP.

In Watch System Logs I can see blocks made by LF_FTPD, LF_MODSEC and LF_SSHD but none by LF_CPANEl.

Here are some of my settings:

LF_CPANEL = 3
LF_CPANEL_PERM = 1...

I am running an Asterisk system with the SIP port open to the internet. I would like csf to block SIP brute force. I have spent many hours searching and testing but my custom regex doesn't do anything. I don't see anything logged from my custom script in lfd.log and my ip is not being blocked.

under /etc/csf/csf.conf

CUSTOM1_LOG = /var/log/asterisk/full

under /etc/csf/regex.custom.pm...

hi
i need block ip for all country Except for Iran
how can ?
thanks

The documentation (readme.txt) states:

However, you can also set up a cluster such that some members only provide
notifications to others and do not accept blocks from others. For example, you
may have a cluster of servers that includes one that hosts a support desk that
you do not want to block clients from accessing. In such an example you might
want to exclude the support desk server from...

Found several attempts from an IP address in Russia that is attempting a brute force attack
on a sites wp-login.php script. I see every few seconds an attempt in the users domlogs file.

This causes the servers load to increase, and as soon as I block the IP, the load comes down.

/usr/local/apache/domlogs/USERNAME/domainname.tld

Can lfd monitor these logs as well, and block IP's that hit...

Hello,

After installing csf on vps the wget command from ssh stopped from getting any file.

I've modified iptables in main nod to be able to run csf, and it is running good.

but I faced that issue, I must put site ip in allow list to be able use wget from this site.

Please advise.