csf sending invalid emails from root

Post Reply
david5372
Junior Member
Posts: 11
Joined: 29 May 2014, 16:13
Location: Maine, USA

csf sending invalid emails from root

Post by david5372 »

I find CSF very difficult to understand, perhaps because it is so low-level in its configuration. I am getting an email message for every malicious intrusion to my web server, and each message is sent to an invalid address, in spite of editing file

Code: Select all

/etc/csf/csf.pignore
! I've searched the Web, and all I can find is advice to edit internal csf files, instead of using the WHM csf interface to fix this. So frustrating!

Here is a typical email. Let me know if you need the headers, too.

Code: Select all


This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  root@root.springtimesoftware.com
    root cannot accept local mail deliveries



Reporting-MTA: dns; root.springtimesoftware.com

Action: failed
Final-Recipient: rfc822;root@root.springtimesoftware.com
Status: 5.0.0


ForwardedMessage.eml
Subject: 
lfd on root.springtimesoftware.com: blocked 14.202.146.131 (AU/Australia/14-202-146-131.tpgi.com.au)
From: 
<root@root.springtimesoftware.com>
Date: 
5/3/2018 6:02 PM
To: 
root@root.springtimesoftware.com

Time:     Thu May  3 18:02:05 2018 -0400
IP:       14.202.146.131 (AU/Australia/14-202-146-131.tpgi.com.au)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked:  Permanent Block [LF_SSHD]

Log entries:

May  3 18:01:50 root sshd[2246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.202.146.131  user=root
May  3 18:01:52 root sshd[2246]: Failed password for root from 14.202.146.131 port 56162 ssh2
May  3 18:01:54 root sshd[2246]: Failed password for root from 14.202.146.131 port 56162 ssh2
May  3 18:01:56 root sshd[2246]: Failed password for root from 14.202.146.131 port 56162 ssh2
May  3 18:01:59 root sshd[2246]: Failed password for root from 14.202.146.131 port 56162 ssh2
Top
david5372
Junior Member
Posts: 11
Joined: 29 May 2014, 16:13
Location: Maine, USA

Re: csf sending invalid emails from root

Post by david5372 »

I think the answer is to select WHM > Plugins > ConfigServer Security & Firewall > Firewall Configuration, and make the following changes:
1. LF_ALERT_TO=EmailAddressForNotices
2. LF_EMAIL_ALERT=NO (no alert on IP blocks)
3. LF_CPANEL_ALERT=NO (no alert on normal cPanel usage)

You must then go to bottom of page, click Change.
On next page, click Restart csf+lfd.

That's all a guess based on experiments. Can anyone confirm?
Top
david5372
Junior Member
Posts: 11
Joined: 29 May 2014, 16:13
Location: Maine, USA

Re: csf sending invalid emails from root

Post by david5372 »

Nope. I'm still getting these unnecessary notices, and sent to an invalid address. Is there a way to submit a bug ticket? Frustrated!
Top
Post Reply

Return to “General Discussion (csf)”