ConfigServer Community Forum

After updating to ConfigServer Security & Firewall - csf v3.32 I have been getting this alert every 5 minutes and it is going through each account on the server: lfd: SU login alert - Successful login from (uid=0) to username

This only started happening after my update so can someone please tell me if this is because of the update or is someone really logging into these accounts with SSH

As a...

Hello,

I have this problems on 2 servers , after 6 mounth I use CFS on this servere, but about 2 weeks on 2 servers CSF block all server IPs and the server need reboot, one of the server have this problem one time of a week , a ramdom day, and on second server this is happen after 2-3 days, now i disable CSF on this server , please help me with some suggestions.

It`s possible to have active...

Since the update to csf v 3.30 csf does not block failed login attempts to any service. here is an example of one of the 87 emails I found this morning.

Time: Mon May 19 03:09:16 2008
IP: user (Unknown)
Failures: 6 (pop3d)
Interval: 240 seconds
Blocked: Yes

Log entries:

May 19 03:09:08 server pop3d: LOGIN FAILED, user=user, ip=
May 19 03:09:09 server pop3d: LOGIN FAILED, user=user, ip=
May...

Hi,

I noticed that when CSF bans an IP temporarily, it's not checking for duplicate IPs. So, in the screen for Show Banned IPs , I see duplicate IPs. I have also verified that these same IPs are blocked in the IPTABLE for multiple times as well (which consumes more resources).

See the screenshot at .

Can you please look into this issue & fix it in the next release?

Thanks.

This is starting to drive me nuts. I have several lines of custom IPs in csf.deny. They are placed above the section that CSF records entries to. Every few days they all completely disappear, but the entries that were placed there by CSF are untouched. An example is below - all IPs above the line that begins with Begin Firewall Blocks will be removed, though oddly enough, the commented out...

Since upgrading to 3.19, when I run the Security and Settings report in CSF I get a message saying a fatal error or timeout occurred while processing this directive

This is on a CentOS 4.4 VPS running Cpanel 11 with Apache 1.3.

Other than that 3.19 and 3.20 seem to work great and I love the new features.

Hello,

I just upgraded CSF from 3.16 to 3.17. Upon restarting CSF, a bunch of these errors were spammed:

iptables v1.3.8: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.8: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.8: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information....

This isn't detrimental to the operation of CSF/LFD but is worth pointing out.
Any ConfigServer software, including CSF/LFD, CMM, CMQ and MailScanner, seems to output the following error at the top of the WHM interface page.

I'm not quite sure what the difference is between this VPS and my other as only one VPS outputs this error. Here's the cPanel error_log incase it's of any use.

(internal...

Hi, wondering if this closed thread -->

are being discussed somewhere else? This has not changed and we have receiving hundred of emails per day.

Thanx in advance!

I have rules like this in my csf.deny:

tcp:out:d=80::u=99

CSF keeps removing these rules after updates it seems. As far as I know these rules are correct. The same example is mentioned in csf's readme file . Although there it also shows the format with 1 colon before 'u=uid'. I have tried that as well in the past, but that didn't help either.

tcp/udp:in/out:s/d=port:s/d=ip:u=uid

# TCP...

Hi I just wanted to report this bug, and my (perhaps kludgy) workaround.
Please let me know if this needs to be fixed on my end or on yours.

-Thomas aka Zxin
-------------------------------------------
/var/log/messages reports:
lfd: LOG_NOFATAL is not a valid Sys::Syslog macro at /usr/sbin/lfd line 2659

Host info:
OS: CentOS release 4.6 (Final)
PERL: Version : 5.8.5
Sys::Syslog is up to...

Hi. I have being having outages since two days. My host has been looking at it. We tried putting my main host IP behind a Cisco guard etc, changed the MaxClients in Apache (and other tuning) but nothing works. I restart Apache and the server soon enough goes down again.

Yesterday, I was told I'm getting SYN attacks. So I enabled the syncookie and enabled the SYN option in LFD options -- with 5...

i searched around and i found 2 more people having this problem.
if i install csf, hours later my server goes down.
but if i uninstall it, it never goes down.

:(

I'm not too sure if this is a bug or not, but here goes.
I have a new VPS running on Centos 5.

The install of CSF works flawlessly apart from one thing. When I click Check server security it runs through a few tests and then freezes at the PHP Check point.
Looking in the /usr/local/cpanel/logs/error_log file I see the following created each time I run the security check.

53/udp:
php:...

Csf v3.06 (generic)

It seems Lfd bans each IP 2 times in about 40 seconds one after another.

e.g. this log:

Fri Feb 8 15:47:26 2008 lfd: (CT) IP 81.174.65.77 found to have 186 connections - *Blocked in csf* for 10800 secs
Fri Feb 8 15:47:26 2008 lfd: (CT) alert email sent for 81.174.65.77
Fri Feb 8 15:48:07 2008 lfd: (CT) IP 81.174.65.77 found to have 109 connections - *Blocked in csf* for...

Hello everybody, thats my first post here :)

I am testing csf v3.06 (generic) and I've noticed that banned IPs from csf.tempban are not applied to iptables upon csf restart (csf -r)

Well, I am not sure if thats a feature of csf or a bug. but I beleive those rules should apply, otherwise the integrity is broken (the IPs are still in tempban file, lfd thinks they are banned, but they are not...

Since 3.04, LFD has started sleeping and its CPU utilization is so great that it caused the server load to hike at extreme levels. Does anyone know why?

top - 12:22:35 up 30 days, 11:49, 1 user, load average: 11.77, 13.56, 16.67
Tasks: 808 total, 14 running, 787 sleeping, 2 stopped, 5 zombie
Cpu(s): 57.3% us, 9.9% sy, 0.0% ni, 20.0% id, 12.1% wa, 0.1% hi, 0.6% si
Mem: 4140968k total, 3946648k...

we have noticed on a couple of servers running 3.05 that they wont upgrade to 3.06.

Click on the upgrade link and it does its thing but after restarting we are still showing up as 3.05

anyone have any ideas?

I'm getting warnings about mod_security and SuPHP not being installed when it is.
Anyone else see this with Apache 2 and PHP 5?

Wait a sec.. this is a PHP4/5 server. Maybe it's only seeing PHP 4 which does not have SuPHP? Not sure about mod_sec though, it is installed.