ConfigServer Community Forum

When CSF blocks an IP, it shows all the information of where and why including the country code. I'm not sure where CSF gets the country code information but why can't you simply block by the country code instead of huge lists of CIDR's? I am able to do this in Modesecurity but I would rather block for the entire server instead of just http.

Example block list:
218.155.106.83 # lfd:...

We are trying to block all incoming IPs and only allow cloudflare IPs. We've whitelisted this in csf.allow we still wanted to check if from CSF side if we can block all other traffic.

Hello Everyone :)

I hope you are well. I now manage numerous servers running WHM; and I have lately begun integrating config server security and firewall and login failure daemon to improve the security of these systems. While I have some familiarity with server management; I am new to the more advanced configurations and optimizations that CSF and LFD provide. I am seeking out this informed...

Hello,

After setup MESSENGERV3 when IP is blocked, return this error bellow on log, and show 404 page of Litespeed:

Failed to open : Permission denied

My csf.conf:

MESSENGERV3 = 1

MESSENGERV3LOCATION = /etc/apache2/conf.d/

MESSENGERV3RESTART = /scripts/restartsrv_httpd

MESSENGERV3TEST =

MESSENGERV3HTTPS_CONF = /usr/local/apache/conf/httpd.conf

MESSENGERV3WEBSERVER = apache...

Hi.

On a machine with CSF (although on others the problem has appeared after writing this ticket)

It has been installed and running for years.
The settings are very restrictive. Only port of entry 53 is open, the rest are not.
Access is only allowed to my ips. One of them dynamic, added to csf.dyndns

Today I couldn't get in. So I logged into the server via KVM (it's a proxmox)

The first thing...

In order to sort (some) compatibility with Docker and CSF we are working on an approach to allow docker to handle its iptables adding a chain on prerouting added in csfpost.sh

The problem is that for this to work we need to store all docker generated chains on each csf restart and reload them in csfpost.sh

For my surprise, csfpre.sh is not executed first on that process. CSF first clears all...

Hi, we do not see any CSF email alerts in the exim_mainlog, and we aren't receiving any either. The server is also running cPanel and WHM. We have taken the following steps to check that everything is set:
Testing = 0 in the configuration
LF_ALERT_TO AND X_ARF_TO are set to the correct email
Alerts are turned on in the configuration
LF_EMAIL_ALERT is set to 1 or true
/etc/aliases root is...

Hello everyone

Recently I'm receiving a lot of logs regarding spamd.
Do I need to worry about this?

Aug 21 05:57:24 cloud lfd : *User Processing* PID:270555 Kill:0 User:icaro Time:4337 EXE:/usr/local/cpanel/3rdparty/perl/536/bin/perl CMD:spamd child

Aug 21 06:01:24 cloud lfd : *Suspicious Process* PID:270556 PPID:269407 User:icaro Uptime:4577 secs...

Hello Guys,

I'm new to firewall/server configurations and I have a PCI scan result saying:

THREAT:
Your firewall policy seems to let TCP packets with a specific source port pass through.

IMPACT:
Some types of requests can pass through the firewall. The port number listed in the results section of this vulnerability report is the source
port that unauthorized users can use to bypass your...

Hi,

We have the following issues with Almalinux any suggestions?

# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...FAILED - Required for csf to function
Testing ipt_LOG...FAILED - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED - Required for csf to function
Testing ipt_REJECT...FAILED - Required for csf to function
Testing...

Hello,

First its good to be back, its been since 2014/16 since i was here last, long long time.... I see you have changed support forum structure, looking good :) Hope you are all doing well...

I have a WHM/cPanel VPS that i am setting up with only 1 cPanel account, which is me, noone else will be using the VPS. The only access is root and my account login, SSH and FTP are disabled as is...

Hello,

There are hackers trying to find vulnerabilities by testing every 2 seconds.
Response is 404 or 301. Sometimes also 403
Shouldn't CSF block that?

Hi all,
Is there a way to exclude one user (or few) from blocks in CSF?

How can we disable the passive mode that we had previously enabled as well as activate the SPI that we had disabled.
Thank you very much in advance for your help

Hello,
i try to use csf firewall with docker
i read some tutorial, and i create a working solutions but i have a small problem...

m S.O. is almalinux 9

of course i try to enable
DOCKER = 1
in csf.conf but doesn't work.

so i use this setings and work
nano /etc/docker/daemon.json

{
iptables : false
}

nano /etc/csf/csfpost.sh

#!/bin/bash...

Viewing in WHM> ConfigServer Security & Firewall - csf v14.20 and it says enabled and also confirmed in lfd.log but it references mod_cloudflare which is no longer supported, so I'm using mod_remoteip. Is this integration still working? If so, how to verify?

Hi
I have a very bad problem , i put some ip in csf.allow and even in csf.ignore but they still blocked by firewwall.
can anyone help me?

Hi all,
Where does csf keep the list of blocked emails that are associated with IP address?
I remember on one of my previous csf installations I had the ability to see blocked emails and from which IP addresses these emails tried to connect but now I can't find it on this new server.

Hello, every 5 minutes I receive this email. What I can do ? You never did this before and the configuration is the same as when you did it several years ago, I have not modified anything since then

Time: Wed Jul 10 10:31:06 2024 -0400
Type: LOCALHOSTRELAY, IPv4 localhost - 127.0.0.1
Count: 101 emails relayed
Blocked: No

Sample of the first 10 emails:
******

What I can do ?

Below is a sample of these recent attacks:
juli 5, 2024 4:58f m 185.190.24.99 (Panama) Blocked for SQL Injection in POST body: Display_FAQ = 1575') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PCCz
juli 5, 2024 4:58f m 185.190.24.99 (Panama) Blocked for SQL Injection in POST body: Display_FAQ = 1575') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- zFlw...