This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
A couple of versions ago, something changed with the way that CSF treats hostnames listed in the lfd Dynamic DNS .
I am now receiving email alerts of the form lfd: SSH login alert for user XXXXX from AAA.BBB.CCC.DDD (Unknown)
each time I login to the server from this IP addresss, which one of the hostnames listed in the lfd Dynamic DNS list resolves to.
Working with cPanel, they seem to locate an issue with CSF/LFD that is causing the packaging of a full backup to end prematurely from cpanel, but yet the the file is sent to the remote destination.
The package restores fine, but again, not everything is restored.
After much testing, I have been able to replicate
the issue with the test1 account and a test account, using 2 different ftp
hosts....
After updating to ConfigServer Security & Firewall - csf v3.32 I have been getting this alert every 5 minutes and it is going through each account on the server: lfd: SU login alert - Successful login from (uid=0) to username
This only started happening after my update so can someone please tell me if this is because of the update or is someone really logging into these accounts with SSH
I have this problems on 2 servers , after 6 mounth I use CFS on this servere, but about 2 weeks on 2 servers CSF block all server IPs and the server need reboot, one of the server have this problem one time of a week , a ramdom day, and on second server this is happen after 2-3 days, now i disable CSF on this server , please help me with some suggestions.
Since the update to csf v 3.30 csf does not block failed login attempts to any service. here is an example of one of the 87 emails I found this morning.
Time: Mon May 19 03:09:16 2008
IP: user (Unknown)
Failures: 6 (pop3d)
Interval: 240 seconds
Blocked: Yes
Log entries:
May 19 03:09:08 server pop3d: LOGIN FAILED, user=user, ip=
May 19 03:09:09 server pop3d: LOGIN FAILED, user=user, ip=
May...
I noticed that when CSF bans an IP temporarily, it's not checking for duplicate IPs. So, in the screen for Show Banned IPs , I see duplicate IPs. I have also verified that these same IPs are blocked in the IPTABLE for multiple times as well (which consumes more resources).
See the screenshot at .
Can you please look into this issue & fix it in the next release?
This is starting to drive me nuts. I have several lines of custom IPs in csf.deny. They are placed above the section that CSF records entries to. Every few days they all completely disappear, but the entries that were placed there by CSF are untouched. An example is below - all IPs above the line that begins with Begin Firewall Blocks will be removed, though oddly enough, the commented out...
Since upgrading to 3.19, when I run the Security and Settings report in CSF I get a message saying a fatal error or timeout occurred while processing this directive
This is on a CentOS 4.4 VPS running Cpanel 11 with Apache 1.3.
Other than that 3.19 and 3.20 seem to work great and I love the new features.
I just upgraded CSF from 3.16 to 3.17. Upon restarting CSF, a bunch of these errors were spammed:
iptables v1.3.8: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.8: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.8: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information....
This isn't detrimental to the operation of CSF/LFD but is worth pointing out.
Any ConfigServer software, including CSF/LFD, CMM, CMQ and MailScanner, seems to output the following error at the top of the WHM interface page.
I'm not quite sure what the difference is between this VPS and my other as only one VPS outputs this error. Here's the cPanel error_log incase it's of any use.
CSF keeps removing these rules after updates it seems. As far as I know these rules are correct. The same example is mentioned in csf's readme file . Although there it also shows the format with 1 colon before 'u=uid'. I have tried that as well in the past, but that didn't help either.
Hi I just wanted to report this bug, and my (perhaps kludgy) workaround.
Please let me know if this needs to be fixed on my end or on yours.
-Thomas aka Zxin
-------------------------------------------
/var/log/messages reports:
lfd: LOG_NOFATAL is not a valid Sys::Syslog macro at /usr/sbin/lfd line 2659
Host info:
OS: CentOS release 4.6 (Final)
PERL: Version : 5.8.5
Sys::Syslog is up to...
Hi. I have being having outages since two days. My host has been looking at it. We tried putting my main host IP behind a Cisco guard etc, changed the MaxClients in Apache (and other tuning) but nothing works. I restart Apache and the server soon enough goes down again.
Yesterday, I was told I'm getting SYN attacks. So I enabled the syncookie and enabled the SYN option in LFD options -- with 5...
i searched around and i found 2 more people having this problem.
if i install csf, hours later my server goes down.
but if i uninstall it, it never goes down.
I'm not too sure if this is a bug or not, but here goes.
I have a new VPS running on Centos 5.
The install of CSF works flawlessly apart from one thing. When I click Check server security it runs through a few tests and then freezes at the PHP Check point.
Looking in the /usr/local/cpanel/logs/error_log file I see the following created each time I run the security check.
It seems Lfd bans each IP 2 times in about 40 seconds one after another.
e.g. this log:
Fri Feb 8 15:47:26 2008 lfd: (CT) IP 81.174.65.77 found to have 186 connections - *Blocked in csf* for 10800 secs
Fri Feb 8 15:47:26 2008 lfd: (CT) alert email sent for 81.174.65.77
Fri Feb 8 15:48:07 2008 lfd: (CT) IP 81.174.65.77 found to have 109 connections - *Blocked in csf* for...
I am testing csf v3.06 (generic) and I've noticed that banned IPs from csf.tempban are not applied to iptables upon csf restart (csf -r)
Well, I am not sure if thats a feature of csf or a bug. but I beleive those rules should apply, otherwise the integrity is broken (the IPs are still in tempban file, lfd thinks they are banned, but they are not...
Please revert back! As i get every hour a lot emails!
I've had a marked difference in inbound mail too. Went from maybe 4 a day to well over 100. This isn't a problem generally. The problem is that I've added the user and executable associated with the e-mail reports to the ignore lists and yet the e-mails are still flooding in.
Since 3.04, LFD has started sleeping and its CPU utilization is so great that it caused the server load to hike at extreme levels. Does anyone know why?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum