ConfigServer Community Forum

Hi Chirpy,

csf v 4.69

not a big issue but when I try to read the Server Check email using Horde, it doesn't render the HTML, it just displays it raw .

I'm guessing it's an email header issue, but I haven't been able to pin it down exactly.

It may be as simple as adding the disposition header after the content-type:-

Content-Type: text/html;
Content-Disposition: inline

or maybe removing the...

On the servers we have upgraded to versions greater than 4.60, lfd has stopped sending email alerts (including latest version). Servers with versions less than 4.61 continue to send email alerts. All servers are RHEL5/cetnOS5 32 bit servers. csf.conf settings all appear correct.

As another test, we took a csf 4.23 server, triggered a block that sent an email, removed the IP from the block list,...

This is not a bug, but it appears as though Fedora 11 has brought even more IPTables changes. I'm now seeing output like this when restarting CSF:

Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`).
ACCEPT udp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 udp spt:53
Using intrapositioned negation (`--option ! this`) is deprecated in...

Editing modsec2.user.conf in Firefox via CSF and the footer containing the Submit Button, copyright and version number is missing. Appears fine for other functions.

Recently, my provider installed CSF on one of my linux-based WHM/cPanel VPS. This was done primarily to help track down heavy loads occurring on the server (I own the VPS but resell them to clients). I wanted to ensure that my VPS client received the heavy load alert messages in addition to myself.

I went into the CSF configuration in WHM and used the Edit Template on the loadalert.txt template....

v4.67
re; LF_SSH_EMAIL_ALERT, LF_SU_EMAIL_ALERT enabled
modified sshalert.txt and sualert.txt for 2 email addresses, comma delimited
1. i dont get the SSH alert no matter what - with or without change:eek:
2. on the sudo, i get 2 emails, and the 2nd is malformed
csf.pl
line 1829 open (IN, CentOS Linux 5.2 Postfix version 2.3.3 Perl 5.8.8
hope this helps.
any Q? just...

4.67 - Modified the Country Code allow/deny feature to use
iplocationtools.com now that ipdeny.com has gone offline

After this modification it stopped working and now countries that are blocked are comming true.

is there something I need to change after this modification?

Greetz

Hello,
On one CentOS 5.3 64-bit, the proftpd log lines have IP prefixed with ::ffff: , this seems to cause non detection of incorrect ftp login
(/etc/csf/regex.pm ?) :

/var/log/secure (lfd detection does NOT work)
May 7 10:49:04 vmcentos64 proftpd : vmcentos64.example.com (::ffff:192.168.0.2 ) - USER xxx: no such user found from ::ffff:192.168.0.2 to ::ffff:192.168.0.100:21
May 7 10:49:06...

Last night I found this in the exim_mainlog, but, CSF never blocked it?

IP address 195.3.136.124
Hostname ns5.a1isp.co.uk
ISP Internet On Demand Ltd
Country United Kingdom
2009-04-24 00:46:47 fixed_login authenticator failed for (localhost) : 535 Incorrect authentication data (set_id=test)
2009-04-24 00:46:48 fixed_login authenticator failed for (localhost) : 535 Incorrect authentication data...

PS_INTERVAL = 300
PS_LIMIT = 7
PS_PORTS = 0:65535
PS_PERMANENT = 0
PS_BLOCK_TIME = 3600

yes, /var/log/messages is getting flooded by SYNFLOOD but none of the IPs are getting pulled into csf.tempban

Hello,
Some of the latest versions started to report su - command wrong:

Time: Thu Apr 9 16:20:11 2009 -0400
From: root
To: root
Status: Successful login

It was an username su - to root not root to root. Please fix it.

Thanks,

Hello,

We use CSF v4.60 (generic)

When the IP is added to tempban by Connection tracking tool, we receive multiple emails with interval equal to CT_INTERVAL

Here is a CT config:
CT_LIMIT = 100
CT_INTERVAL = 30
CT_EMAIL_ALERT = 1
CT_PERMANENT = 0
CT_BLOCK_TIME = 86400
CT_STATES =
CT_PORTS =

here is the example of the last temp-banned IP and the logs

in /etc/csf/csf.tempban...

Hello,

I had the same issue as reported before by a user in (General CSF discussion).

On Debian 4.0 + DirectAdmin control Panel , pressing test iptables button in CSF interface

will kill the server instantly, the load went higher than 100 and the server became completly

inaccessible, I had to turn of the power completly from the server as normal restart wasn't

working either (like DDoSing...

I Followed the link, but my box does not have any dovecote Ciphers in that page.

Check dovecot weak SSL/TLS Ciphers (ssl_cipher_list) :

WARNING Cipher list []. Due to weaknesses in the SSLv2 cipher you should disable SSLv2 in WHM > Mailserver Configuration > SSL Cipher List > Remove +SSLv2 or Add -SSLv2

Please inform Where and How I tweak it.

Thanks

Hilario

You may correct it as follows (in bold):

Cipher list []. Due to weaknesses in the SSLv2 cipher you should disable SSLv2 in WHM > Apache Configuration > Global Configuration > SSLCipherSuite > Add -SSLv2 to SSLCipherSuite and/or remove +SSLv2. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf

Hope this helps.

i have the following in logs trying to start lfd:

pr 2 10:27:39 server1 lfd : Email Script Tracking...
Apr 2 10:27:39 server1 lfd : Email Queue Tracking...
Apr 2 10:27:39 server1 lfd : Email Relay Tracking...
Apr 2 10:27:39 server1 lfd : Temp to Perm Block Tracking...
Apr 2 10:27:39 server1 lfd : Port Scan Tracking...
Apr 2 10:27:39 server1 lfd : Process Tracking...
Apr 2 10:27:40 server1 lfd :...

Hello

I have installed csf as other time

Setting on csf.ignore IP of our office

But when login ssh we receive email alert for login access

??

We would like to receive login alert but not for IP on csf.ignore, as other server that we have set..

Any solution ?

Thanks

when logged into the server with Firefox, I can try logging into someones Cpanel via firefox endlessly, no lockout. I do receive email notices that my ip is locked out but checking /etc/csf/csf.deny, my ip is not listed and I can still access the server.

Trying a different way, I add my IP manually to the deny list and I still can access the server with Firefox. Only when using then a different...

Jonathan,

I'm not sure if this is a 'bug' or not If it is not, please forgive the post here.

I am running CSF 4.03

I have configured /etc/syslog.conf so that firewall logging is put in /var/log/kernel.log instead of in /var/log/messages.

In WHM, in the CSF configuration, I changed the IPTABLES_LOG file.

Was: IPTABLES_LOG = /var/log/messages

Now: IPTABLES_LOG = /var/log/kernel.log

I can...