ConfigServer Community Forum

I see that csf blocked ips are logged in /var/log/messages.
Is there a way to have it log the name of the blocklist that triggered the block?
I am using /etc/csf/csf.blocklists to specify blocklists.
something like iptables LOG --log-prefix some name: ?

thanks.

Hi!
Newbi on CSF
Perhaps obvious answer but I dont find

If I allow 1 country in the allow list and the deny list is empty, does it mean that all countries exept the one allowed is denied

I'm trying to switch over from the Comodo ruleset (Since they are dead now) to OWASP.
CSF/LFD is being used with CWP (Control Web Panel).

Need some help.

I use to get LFD notifications and automatic blocks when using Comodo, but now I get neither.

/etc/csf/csf.conf shows:

LF_MODSEC = 5
LF_MODSEC_PERM = 1
..
..
MODSEC_LOG = /usr/local/apache/logs/error_log

I tried changing it to...

I have the following port range open in TCP-OUT in firewall configuration 49152:65534
I'm trying to use ftp client to copy some backups on FTP, which cannot switch to passive mode.

Firewall: *TCP_OUT Blocked* IN= OUT=ens224 SRC=192.168.1.248 DST=192.168.1.203 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=10054 DF PROTO=TCP SPT=44083 DPT=55600 WINDOW=32120 RES=0x00 SYN URGP=0 UID=0 GID=0

The firewall is...

I changed from cPanel to CWP Control Panel and I am running the latest version of CSF and everything was fine until the otherday I could not access any domain on my server, yet I can access any IP on the server so when I need to access a domain I have to disable CSF.

I have my IP in csf.allow & csf.ignore and it is still blocking me on Port 80 and I cannot figure out why, anyone have...

csf v 14.22

I have noticed a lot of cloudflare IP's accessing my site. I added them to my csf.deny file but see they are still accessing my site.

Using cPanel and WHM.

Any ideas why they can still access the site? Been using csf successfully prior to this.

csf.deny:

cPanel latest visitors:

WHM showing csf running

WHM server status:

Hi,

I recently installed CSF with default rules in a cPanel/AlmaLinux with LiteSpeed.
When accessing a link like Safari keeps loading until error connecting...
If I disable CSF it works.

I can't find any logs about this issue... no logs for blocked or other issues, it just drops...

Does this error indicate a Zone file error? If so, what is the best way to correct it?
*ERROR* line:
Command:
Error:

This network is found in /var/lib/csf/Geo/ip2asn-combined.tsv & /var/lib/csf/zone/us.zone

HI I enabled the web UI for CSF, getting connection reset by peer while doing a curl

The webpage at might be temporarily down or it may have moved permanently to a new web address.

ERR_UNSAFE_PORT

UI = 1

# Set this to the port that want to bind this service to. You should configure
# this port to be >1023 and different from any other port already being used
#
# Do NOT enable access to this...

Hi guys, I'm new here, but I've been using CSF for many years! Over 2024, there has been a surge in Internet attacks and I've recently discovered something with my CSF install that I think is weird and wanted your opinion and eventually maybe a suggestion to mitigate the issue:

In my config, I have:
LF_TRIGGER = 0
LF_APACHE_404 = 200
LF_APACHE_404_PERM = 3600 (1 hour)
LF_INTERVAL = 300 (5...

Hi,

I think CSF doesn't attention to allow list of IPs when we temporary deny an IP address
But it fails deny when we want to deny normally

Thanks

Hi, i already set email notification to off but seem like i still received notification like almost 1k per day.

May i know how to completely disable all the notification please?

I have a VPS with Almalinux8, Cpanel and CSF installed and with a 600Mpbs port. I started experiencing speed issues with FTP uploads (because it limited data upload) and so to check the speeds from the server, I installed speedtest cli.

The results with CSF/LFD activated are:

Idle Latency: 9.79 ms (jitter: 6.93ms, low: 2.03ms, high: 24.56ms)
Download: 50.82 Mbps (data used: 60.1 MB)
363.07...

Greetings. I have a Virtualbox with debian 12 freshly installed. I installed CSF but cannot access the UI.

Im following the tutorial at:

The output log of installing is as follows:

sudo sh install.sh

Selecting installer...

Running csf generic installer

Installing generic csf and lfd

Check we're running as root

mkdir: foi criado o diretório '/etc/csf'
'install.txt' ->...

Hi there,

I have setup a modsec script to help protect my wp-login.php file. Essentially the script that I've found will block access for the offending IP address for 5 minutes upon 10 failed login attempts over a 3 minute duration.

I'd like to utilize the LF_MODSEC portion of CSF to add them to the iptables firewall so that they're blocked right at the front door.

In testing, modsec is...

Hi,

Dmesg is flooded by logs like:
OS=0x08 PREC=0x20 TTL=239 ID=54321 PROTO=TCP SPT=49541 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0
Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:03:eb:25:ed:d2:74:7f:6e:37:e3:08:00 SRC=92.255.85.147 DST=138.199.144.66 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=64262 PROTO=TCP SPT=54582 DPT=3364 WINDOW=1024 RES=0x00 SYN URGP=0
Firewall: *TCP_IN Blocked* IN=eth0...

Support

I currently have the generic version and would like to migrate to cpanel version.

I initially installed the generic version but I am using cpanel.

I was able to install the cpanel version but it still says generic.

How do I change this?

csf -v
csf: v14.22 (generic)

I posted this on cpanels support and they told me to raise the issue here.

Thanks

John

Hi there,

We allow remote MySQL access for specific IP adress, by adding a rule to the csf.allow file as following;

d=3306|s= #

This has been working fine for a couple of years now.

However, since a few days we got multiple complaints that MySQL access is blocked. When checking the logs I see these entries; indicating that the port is blocked. I have seen multiple cases of this, on...

OK I know, CSF is an IP based firewall, but we are already working with domain name.
In csf.dyndns.
Could we get something like csf.blockeddomain that will work the other way?
Check every 10min what IP the domain has and add it to block list?

Or is already a way to block domains in CSF?

Hi, I'm looking at logs and finding that src ip's are looking for trouble, but they are spreading their attack times to a couple of tries over a spread of minutes. Cannot find a way in csf config to set a ban for this. Here is a sample of the syslog to show what I'm seeing (pruned the log down for viewing):

15: 17:26 xx krnl: Firewall: *TCP_IN Blocked* IN=eth0MAC=zz:zz SRC=m:m DST=x:x PROTO=TCP...