Search found 27 matches

by geekytone
03 Apr 2025, 15:33
Forum: General Discussion (csf)
Topic: Configserver firewall csf csfpost.sh not executed after (cpanel or csf) update
Replies: 1
Views: 78673

Re: Configserver firewall csf csfpost.sh not executed after (cpanel or csf) update

For your information, you can setup a such rule within /etc/csf/csf.allow, no need to bother with csfpost.sh:

Code: Select all

tcp|out|d=2525|u=1004
by geekytone
03 Apr 2025, 15:30
Forum: General Discussion (csf)
Topic: CSF and Jetbackup kill
Replies: 1
Views: 47276

Re: CSF and Jetbackup kill

Looks like your process got killed due to the total process count of the user. Consider increasing PT_USERPROC in /etc/csf/csf.conf.
by geekytone
29 Mar 2025, 09:30
Forum: General Discussion (csf)
Topic: Log all outgoing traffic on specific ports
Replies: 0
Views: 26819

Log all outgoing traffic on specific ports

Hello,

To spot some hacked websites and some virus, I'd like to have a log of all outgoing traffic on a list of specific ports. Is this achievable on CSF or I have to manipulate directly iptables?

Thanks in advance.
by geekytone
10 Oct 2024, 15:10
Forum: General Discussion (csf)
Topic: Disable "Excessive resource usage" mail when PT_USERKILL=0
Replies: 0
Views: 19882

Disable "Excessive resource usage" mail when PT_USERKILL=0

Hello, Due to some requirements, I can't use PT_USERKILL to kill process over PT_USERTIME / PT_USERMEM, I need to use custom script in PT_USER_ACTION to perform advanced checks. However, I've seen that since I switched PT_USERKILL to 0, I keep receiving "Excessive resource usage" emails, n...
by geekytone
01 Mar 2024, 08:50
Forum: General Discussion (csf)
Topic: CSF SMTP Auth Blocking Issue for Mailgun
Replies: 4
Views: 12339

Re: CSF SMTP Auth Blocking Issue for Mailgun

Yes, all IP listed in csf.allow can bypass the SMTP_BLOCK. You can just add on csf.allow the following:

Code: Select all

tcp|out|d=587|d=1.2.3.4
tcp|in|s=587|s=1.2.3.4
(Don't forget to replace 1.2.3.4 with your server's IP address, and eventually replace the 587 port with your accurate port number)
by geekytone
23 Feb 2024, 08:19
Forum: General Discussion (csf)
Topic: CSF SMTP Auth Blocking Issue for Mailgun
Replies: 4
Views: 12339

Re: CSF SMTP Auth Blocking Issue for Mailgun

Hello, Check the "SMTP_BLOCK" settings which block the outgoing SMTP ports (defined by SMTP_PORTS settings) for users (then only the local SMTP server like postfix or exim is allowed to connect to external SMTP). If you are using cPanel, check also if external SMTP is correctly allowed on ...
by geekytone
22 Feb 2024, 10:11
Forum: General Discussion (csf)
Topic: How to unblock IP blocked by LFD on a blocklist
Replies: 1
Views: 4398

How to unblock IP blocked by LFD on a blocklist

Hello, I see one IP address blocked on CSF: # csf -g xxx.xxx.xxx.xxx (...) IPSET: Set:bl_CXS_LF_HTACCESS Match:xxx.xxx.xxx.xxx Setting:CXS_LF_HTACCESS file:/etc/csf/csf.blocklists (....) As I see on LFD log, the IP was blocked by LFD for htpasswd fail. However, I'm unable to unblock it from SSH by &...
by geekytone
14 Dec 2023, 16:37
Forum: Suggestions (cxs)
Topic: Ability to exclude signatures on cxs.ignore
Replies: 0
Views: 30888

Ability to exclude signatures on cxs.ignore

Hello,

As title said, an regex / full text signature exclusion on cxs.ignore would be very nice.

Sample use case: you are on cPanel, you only have one ClamAV, you want to scan emails with specifics commercial signatures to detect spams, but these signatures trigger false positives on files.
by geekytone
27 Nov 2023, 09:30
Forum: General Discussion (csf)
Topic: Unable to whitelist Varnish from LFD Suspicious File Alert
Replies: 0
Views: 14755

Unable to whitelist Varnish from LFD Suspicious File Alert

Hello, Currently, I get a ton of emails like this: lfd on [hostname]: Suspicious File Alert Time: Mon Nov 27 10:17:20 2023 +0100 File: /tmp/xxxxxxxx.o Reason: Linux Binary Owner: varnish:varnish (xxx:xxx) Action: No action taken These files are created by Varnish when it compiles the VCL for reloadi...
by geekytone
07 Sep 2023, 13:45
Forum: General Discussion (csf)
Topic: How to force to reload a blocklist?
Replies: 4
Views: 9152

Re: How to force to reload a blocklist?

Sergio wrote: 06 Sep 2023, 15:00 yes, in CSF are the instructions for this:
Hello,

Thank you for your help, it works.