csf sending invalid emails from root
Posted: 04 May 2018, 23:56
I find CSF very difficult to understand, perhaps because it is so low-level in its configuration. I am getting an email message for every malicious intrusion to my web server, and each message is sent to an invalid address, in spite of editing file ! I've searched the Web, and all I can find is advice to edit internal csf files, instead of using the WHM csf interface to fix this. So frustrating!
Here is a typical email. Let me know if you need the headers, too.
Code: Select all
/etc/csf/csf.pignoreHere is a typical email. Let me know if you need the headers, too.
Code: Select all
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
root@root.springtimesoftware.com
root cannot accept local mail deliveries
Reporting-MTA: dns; root.springtimesoftware.com
Action: failed
Final-Recipient: rfc822;root@root.springtimesoftware.com
Status: 5.0.0
ForwardedMessage.eml
Subject:
lfd on root.springtimesoftware.com: blocked 14.202.146.131 (AU/Australia/14-202-146-131.tpgi.com.au)
From:
<root@root.springtimesoftware.com>
Date:
5/3/2018 6:02 PM
To:
root@root.springtimesoftware.com
Time: Thu May 3 18:02:05 2018 -0400
IP: 14.202.146.131 (AU/Australia/14-202-146-131.tpgi.com.au)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Permanent Block [LF_SSHD]
Log entries:
May 3 18:01:50 root sshd[2246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.202.146.131 user=root
May 3 18:01:52 root sshd[2246]: Failed password for root from 14.202.146.131 port 56162 ssh2
May 3 18:01:54 root sshd[2246]: Failed password for root from 14.202.146.131 port 56162 ssh2
May 3 18:01:56 root sshd[2246]: Failed password for root from 14.202.146.131 port 56162 ssh2
May 3 18:01:59 root sshd[2246]: Failed password for root from 14.202.146.131 port 56162 ssh2