ConfigServer Community Forum

I keep getting this error in logs today
Unable to retrieve blocklist DSHIELD - Unable to download: 599 - Net::SSLeay 1.49 must be installed for https support

I have Net::SSLeay1.55 and I don't intend to downgrade. Have you any idea what is wrong

Hi There,

I've just installed csf (v.635) on a fresh server, which should meet all the prerequisites of csf, but when trying to start it I can given:

Undefined subroutine &main::cleanup called at /usr/sbin/csf line 119.

Everything is basically a clean install, so I'm not sure what it could be that is causing it to fail...

The line in question from the file is:

sysopen (CSFLOCKFILE,...

Hi, can anybody tell me how can I allow bots from Google, MSN etc. to crawl my website without being temporally blocked?
Thanks a lot!

Hello,

How to block IP address range?

91.200.12.0 - 91.200.15.255

csf -d 91.200.??????

Thanks

Hi,

First of all thank you for creating this great security suite.

I believe LF_CPANEl isn't working propperly for me, I've set it to a low value (3) but CPHulk is still registering login failures past 3 failed attempts per IP.

In Watch System Logs I can see blocks made by LF_FTPD, LF_MODSEC and LF_SSHD but none by LF_CPANEl.

Here are some of my settings:

LF_CPANEL = 3
LF_CPANEL_PERM = 1...

I am running an Asterisk system with the SIP port open to the internet. I would like csf to block SIP brute force. I have spent many hours searching and testing but my custom regex doesn't do anything. I don't see anything logged from my custom script in lfd.log and my ip is not being blocked.

under /etc/csf/csf.conf

CUSTOM1_LOG = /var/log/asterisk/full

under /etc/csf/regex.custom.pm...

hi
i need block ip for all country Except for Iran
how can ?
thanks

The documentation (readme.txt) states:

However, you can also set up a cluster such that some members only provide
notifications to others and do not accept blocks from others. For example, you
may have a cluster of servers that includes one that hosts a support desk that
you do not want to block clients from accessing. In such an example you might
want to exclude the support desk server from...

Found several attempts from an IP address in Russia that is attempting a brute force attack
on a sites wp-login.php script. I see every few seconds an attempt in the users domlogs file.

This causes the servers load to increase, and as soon as I block the IP, the load comes down.

/usr/local/apache/domlogs/USERNAME/domainname.tld

Can lfd monitor these logs as well, and block IP's that hit...

Hello,

After installing csf on vps the wget command from ssh stopped from getting any file.

I've modified iptables in main nod to be able to run csf, and it is running good.

but I faced that issue, I must put site ip in allow list to be able use wget from this site.

Please advise.

The CSF works after installing and activating the CSF. Test IPtables shows that everything is ok. All configuration is in default mode.

I tried to block an IP from the main screen with Quick Deny, server became inaccessible. I can't connect with putty, webmin, and all websites are down.

I can only connect through the console access provided by the hosting company, and if I disable the CSF and...

Yesterday I re-ran EasyApache (version 3.22.5) on my Cpanel / WHM server and since that time I have been getting 10-15 of these messages every hour or so:

Email subject line is:
lfd on : Suspicious process running under user
Me being my username, it's not nobody

Executable:

(deleted)/usr/bin/php

The file system shows this process is running an executable file that has been deleted. This...

Hi Guys, My question is for clarification really.

1. To block by CIDR addressing do you enter it manually in to the csf.deny
2. I need to block a country / district.
180.254.50.81
180.254.24.22

180.246.47.79
180.246.55.220

There are a many more for each range but the format i'm looking at blocking is

180.254.x.x
180.246.x.x

Would this be the correct format at enter in to the csf.deny...

Hi,

CSF is not running on vps server. Trying to restart gives this :

Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Restarting bandmin acctboth chains for cPanel

Upgrading csf gives:
Oops: Unable to download: 599 - Could not...

OK so we decided to block some well known exploit and spam IPs and countries (mainly China and similar) using BOTH csf (CC_Deny setting) on the server and htaccess on specific domains.. Now here's the kicker and problem.
These blocked IPs are still getting thru to Apache and other services and generating page requests, email login hack attempts, etc..

here is a couple of examples:
Apache hits:...

Hi guys,
fantastic product. And like so many my first post is a query to ask for your help.
Basically im looking for what used to be listed as the csf.tempban file.
previously the temp ban information was kept in this file which i would get its contents and send it as daily log an e-mail.

I can see from the change log that it had caused problems in the change log back in version 4 but i'm now...

Hi all,

When clicking View System Logs , and any of the dropdown boxes, the following error shows immediately (not after a 30 second timeout)

TIMEOUT: tail command took too long. Timed out after 30 seconds

Doing a Search system logs shows the following error also:

TIMEOUT: grep command took too long. Timed out after 30 seconds

Any ideas on what to check regarding this? I have already...

Hello,

In WHM I see a blank page with the title ConfigServer Security & Firewall .
I cannot uninstall CSF as well. I get the error sh: uninstall. sh: Too many levels of symbolic links .

Any idea to solve it?

Thanks in advance.

I get this error message in console after installing:

Failed to write /var/cpanel/apps/csf.conf: Not a directory
/usr/local/cpanel/bin/register_appconfig: Summary
This tool allows you to install an appconfig file an ensures that it is
registered with the system and available for use. For more information
please see the documentation for this system:
http:// go. cpanel. net /appconfig (I am not...

Dear users
i was wondering if some one can make a small script/daemon for me to get the live status of the lfd blocking per 28 days

after some looking on the script does it seems that the images get generated after you visit the page
the thing i like to have is that the images are updated every 15 min so i can show them on my public/private status page

in short
i was wondering if it could be...