ConfigServer Community Forum

For your information, you can setup a such rule within /etc/csf/csf.allow, no need to bother with csfpost.sh:

Looks like your process got killed due to the total process count of the user. Consider increasing PT_USERPROC in /etc/csf/csf.conf.

Hello,

To spot some hacked websites and some virus, I'd like to have a log of all outgoing traffic on a list of specific ports. Is this achievable on CSF or I have to manipulate directly iptables?

Thanks in advance.

Hello, Due to some requirements, I can't use PT_USERKILL to kill process over PT_USERTIME / PT_USERMEM, I need to use custom script in PT_USER_ACTION to perform advanced checks. However, I've seen that since I switched PT_USERKILL to 0, I keep receiving "Excessive resource usage" emails, n...

Yes, all IP listed in csf.allow can bypass the SMTP_BLOCK. You can just add on csf.allow the following:
(Don't forget to replace 1.2.3.4 with your server's IP address, and eventually replace the 587 port with your accurate port number)

Hello, Check the "SMTP_BLOCK" settings which block the outgoing SMTP ports (defined by SMTP_PORTS settings) for users (then only the local SMTP server like postfix or exim is allowed to connect to external SMTP). If you are using cPanel, check also if external SMTP is correctly allowed on ...

Hello, I see one IP address blocked on CSF: # csf -g xxx.xxx.xxx.xxx (...) IPSET: Set:bl_CXS_LF_HTACCESS Match:xxx.xxx.xxx.xxx Setting:CXS_LF_HTACCESS file:/etc/csf/csf.blocklists (....) As I see on LFD log, the IP was blocked by LFD for htpasswd fail. However, I'm unable to unblock it from SSH by &...

Hello,

As title said, an regex / full text signature exclusion on cxs.ignore would be very nice.

Sample use case: you are on cPanel, you only have one ClamAV, you want to scan emails with specifics commercial signatures to detect spams, but these signatures trigger false positives on files.

Hello, Currently, I get a ton of emails like this: lfd on [hostname]: Suspicious File Alert Time: Mon Nov 27 10:17:20 2023 +0100 File: /tmp/xxxxxxxx.o Reason: Linux Binary Owner: varnish:varnish (xxx:xxx) Action: No action taken These files are created by Varnish when it compiles the VCL for reloadi...

Sergio wrote: ↑06 Sep 2023, 15:00 yes, in CSF are the instructions for this:

Hello,

Thank you for your help, it works.