Page 1 of 1

here: [] in LFD Log

Posted: 22 Dec 2021, 17:51
by mbabbitt
I recently discovered a very odd entry in the lfd.log file (I have replaced my actual domain with 'domain.com'):

Dec 19 14:20:11 cobalt lfd[28273]: here: [] [<pascal.gerard@domain.com>]
Dec 20 00:28:25 cobalt lfd[10882]: here: [] [<pascal.gerard@domain.com>]
Dec 20 17:15:07 cobalt lfd[10882]: here: [] [<pascal.gerard@domain.com>]
Dec 20 19:54:16 cobalt lfd[10882]: here: [] [<pascal.gerard@domain.com>]
Dec 20 22:59:28 cobalt lfd[10882]: here: [] [<pascal.gerard@domain.com>]
Dec 20 23:00:48 cobalt lfd[10882]: here: [] [<pascal.gerard@domain.com>]
Dec 21 00:35:36 cobalt lfd[28237]: here: [] [<pascal.gerard@domain.com>]
Dec 21 01:43:09 cobalt lfd[28237]: here: [] [<pascal.gerard@domain.com>]

First, we do not have an email account with these credentials associated with our domain. I've never seen anything like this in our lfd.log before recently.

In the access_log I searched for that same email address and found entries that match the timestamps listed in the lfd.log:

server.ip.redacted - root [12/22/2021:17:45:30 -0000] "GET /cpsess8661976026/cgi/configserver/csf.cgi?action=loggrepcmd&grep=pascal.gerard@domain.com&lognum=10&nocache=1640195126556 HTTP/1.1" 200 0 "https://server.domain.com:2087/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0" "s" "-" 2087

Can anyone tell me what might be going on here?

Thank you,

Michael

Re: here: [] in LFD Log

Posted: 22 Dec 2021, 18:32
by ForumAdmin
It's some debug code that you can safely ignore. It will be resolved in the next release of csf.

Re: here: [] in LFD Log

Posted: 22 Dec 2021, 21:49
by mbabbitt
Thank you for the quick reply! I was worried due to the fact that we just also got notification of a DMARC quarantine email and thought they may have been related, and possibly pointing to a breach.