ConfigServer Community Forum

there is one problem

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 127.0.0.1 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 OWNER GID match 12
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 OWNER GID match 32001
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 OWNER UID match 0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 reject-with...

Minor bug: I am running CSF v2.69 on a non-cPanel server, and am getting duplicate SSH login alerts. Other alerts, e.g. IPs blocked, are not duplicated. All alerts are sent to the same email address, so it not a case of forwarders that are creating duplicates somewhere.

I do not have SSH alerts enabled on any of our cPanel servers, and hence cannot say if the same problem exists there too, or...

Hey,

I've managed to remove CSF... well for the most part although its left in a cron job entry which i don't know how to remove, ive tried crontab -e and the csf entry is not listed there.

Error Message:
Can't open perl script /etc/csf/csf.pl : No such file or directory :eek:

I'm getting this sent to me via email daily -_- Is there anyway i can remove the entry? (its sent from the Cron...

hello, why was my mailscanner thread deleted? that was an issue i reported, and it pretty much has impact. it's a paid service, and i think that reporting bugs ... is a good thing?

mhm . i have been experiencing this thing since a few days with cpanel.

i run mailscanner installation from configserver, and suddenly the nobody tweak from the whm is not active anymore. so user nobody can send mails out.

this is the feedback i got from the cpanel team.

Few problems we found.

1) MailScanner is bypassing some Exim configurations such as checkspam which
controls the nobody...

The segfault error I was seeing went away, and then it came back - I'm alerted after temp fills up with massive core dumps.

Apr 12 19:00:29 squirtle kernel: lfd : segfault at 0000000000000038 rip 000000000042433d rsp 0000007fbffff300 error 4
Apr 12 19:08:23 squirtle kernel: lfd : segfault at 0000000000000038 rip 000000000042433d rsp 0000007fbffff300 error 4
Apr 12 19:11:33 squirtle kernel: lfd...

hi
I just installed csf on my fedora box but I saw 98.2%% cpu usage ...

13988 root 25 0 111m 59m 1648 R 98.2 2.9 160:53.35 lfd

what s wrong whit this?

thanks for your help

2.6.11-1.1369_FC4smp #1 SMP Thu Jun 2 23:08:39 EDT 2005 i686 i686 i386 GNU/Linux

running WHM release update/cpanel
WHM 10.8.0 cPanel 10.9.0-R7965
Fedora i686 - WHM X v3.1.0

then I restarted it and now I get:

root...

I get Process Status reports at least once a day about exim
- Event Summary:
USER: mailnull
PID : 23706
CMD : /usr/sbin/exim
CPU%: 0 (limit: 85)
MEM%: 0 (limit: 15)
PROCS: 16 (limit: 10)
Which is correct HOWEVER I placed the following in csf.pignore via the interface and restarted
exe:/usr/sbin/exim
cmd:/usr/sbin/exim
user:mailnull
But lfd is STILL killing exim. Is there something I'm missing?

I've allowed an IP of a client who often generates pop3 login failures due to there being many users at a single location.

If they do something that would result in them getting blocked, such as repeat pop3 login failures, lfd still picks this behaviour up and sends me an email as would be received when an IP gets blocked.

It doesn't really matter since the IP doesn't get blocked, however I...

Running latest csf, RHEL 4.4, latest kernel, generic linux

We have an application that ssh's into a server every hour. We'll see this being logged in lfd.log and ignored as it should, then suddenly the logging stops in lfd.log, even though the logins continue. During these times, actual brute force attacks go unblocked as well. A service lfd restart seems to jumpstart things again.

After...

After upgrading to 2.63 I get this error, and an email every 5 minutes.
Before upgrading everything was working.

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Error: (iptables binary location) does not exist!, at line 22

I'd like to thank you, Chirpy, for csf.

I've installed csf to my VPS, then all hosted sites can't not be displayed and are getting Gateway Timeout.
And always getting SSH Error, The current connection has timeout when trying to login to SSH.

I'd be so appreciative if I get any recommendations.

I have a PHP script that uses mail() to send out shipping confirmations to customers whose order shipped. Typically there are anywhere from 250 - 350 emails sent each day. After each mailing I receive an lfd: Script Alert email and in the email the line that says

Count: 101 emails sent

always has 101 as the number of emails sent no matter how many emails were actually sent out.

Not sure if...

Check Server Security does not detect disable_functions in double quote , and report it with WARNING status.

In /etc/csf/csf.ignore I have, for example:
127.0.0.1
123.456.789.0/24
234.567.890.0/24

But if I ssh in from 123.456.789.32, it still triggers an SSH email alert. I restarted both csf and lfd, but it still triggers the alert. Thoughts?

Seems upgrading from 2.59 >> 2.60 when you restart CSF & LFD, you get the following:

Restarting lfd...

Stopping lfd: Done
Starting lfd: Done

...Done.

Now I go to check the LFD Daemon is running and it shows it's stopped:

ConfigServer Security & Firewall - csf v2.60

Show lfd status...

Status of lfd: Stopped

...Done.

Then to see if restarting you get this:

ConfigServer...

Hi,
just want to report somenthing that I am having in my CSF.

I have set LF_TRIGGER = 0, in order for me to set the cumulative failures in each of the following commands. So, I set the LF_POP3D = 20, but for some reazon it is not working.

Look at this print screen:

Wed Dec 20 11:06:18 2006 lfd: Failed POP3 login from 189.165.74.10 - 1 failure(s) in the last 105 secs
Wed Dec 20 11:07:40 2006...

hi configserver,

My mailbox is getting flooded with warnings about suspicious proccesses running on my server.However this is false that process is not malicious and normal ......

Time: Thu Jan 11 12:14:43 2007
PID: 27948
Account: ************
Uptime: 67 seconds

Executable:

/usr/bin/php

Command Line (often faked in exploits):

/usr/bin/php cron.php

Network connections by the process...

Hello,

I've been using csf+lfd for a while now, and just recently installed it on the server I take Modernbill orders from. I noticed that orders with credit cards fail, and it seems to be because csf is blocking port 443 outbound to them. I haven't changed any configuration options -- 443 should be open both in and out, but for some reason the customers are still getting blocked. The modernbill...

I'm having an odd problem when I try to run the security check in csf. It gets down to the point of Check shell limits and then I get a popup box notifying me that the site has sent an incorrect Message Authentication Code. No other area in WHM, or any other website has ever thrown this message up in my direction before, so I am not exactly sure what is going on. I am currently running CSF v2.50,...