ConfigServer Community Forum

Hello,

There is a problem in removing IPV6 with double colon at the start or end of IPV6 from csf.deny or csf.allow

Line 1339 and 1424 of csf.pl, it seems \b is not compatible with some IPV6 in the perl regular expression.

Regards

#### Tested on CentOS 7 - Perl v5.16.3

$ csf -c
csf is already at the latest version: v8.26

$ csf -d 2001:41d0:1000:f6a1::
Adding 2001:41d0:1000:f6a1:: to...

Hello,

current version (8.25) does not install /etc/init.d/lfd in systemd systems so the following command is incorrect:
/etc/init.d/lfd restart
You should make some change in the installer to install a compatible cron job like:
systemctl restart lfd.service

Regards

Recently I enabled LF_Netblock for Class C and NetBLock Count=2 after seeing many scrapers/bots coming from the same networks. I also enabled notifications.

After restarting CSF/LFD I got my first notification (as expected) in minutes.. Then, it went silent, not blocking any other Class C's even though in the logs I could see many hits that should have triggered a NetBlock.

I disabled the...

Using csf v8.21 (cPanel) on CloudLinux 6.7 I am given a warning when trying to deny (-d) an ip address if I use an address raised on a local interface however I am not given a similar warning when trying to tempdeny (-td) the same address. Is this behavior to be expected or should there be similar checks done by the tempdeny (-td) option?

So this has started hitting us after the latest update (v8.20).

What is happening is that our LFD is stuck in a restart loop. This is due to a misconfiguration in the csf.conf value GENERIC on our side combined with a logic error in lfd.pl. We had this value set to 1 (probably due to our use of clustering and it copying from a server that didn't have cPanel installed).

What occurs is that when...

Hello,

( Its resolved after the new update :) )
After today latest auto upgrade to 8.17, CSF dosent load on WHM/cPanel it keeps loading

UPDATE Temporary Solution :

After I SSH and execute csf -r, the process didnt completed, andI watched the logs:

Apr 4 20:08:59 xxx lfd : *Error* Excessive number of children (201), restarting lfd...
Apr 4 20:08:59 xxx lfd : daemon restart requested
## .......

This bug is back in version 8.16. The current problem is that if you have a DENY_IP_LIMIT set when an IP address is pushed out of the list it is not being removed from /var/csf/csf/tempip. Since the record has the PERM flag set the bad IP address will never be banned again. Here's the code from CSF that removed the IP address from /etc/csf/csf.deny:

print csf: DENY_IP_LIMIT...

Hello!

Following a few spam episodes gone undetected by the Relay Tracking in CSF/LFD, we have determined that mails sent from cPanel Webmail are not tracked at all by CSF/LFD.

Relay Tracking is working for mails sent from email clients (we have tested this). But mails sent from Webmail are not tracked. We have tested this with all the email software in cPanel (Horde, RoundCube and Squirrel)...

The Last 12 Months pie chart in lfd blocking statistics is showing the last 30 days data instead.

I think this might just be a copy/paste error in ServerStats.pm

$year_pie_graph->plot(\@hpiedata);

I think that should be:

$year_pie_graph->plot(\@ypiedata);

I've tested the fix on my own servers and it looks good to me.

Hi ConfigServer,

We've recently noticed that the function 'LF_SCRIPT_ALERT' stopped working across all of our servers (operate approximately 100 servers in total).

Stopped working on Thursday 3rd March 2015 (date in Australia at the time).

There's only a single thing on that date that I can see has changed with exim - see:

Please note the log_selector function is set to default by cPanel:...

Hi,

I'm using CentOS WebPanel and after I upgraded CSF to 8.15, I receive this error when accessing the CSF GUI from CWP:

The requested URL /csf/cwp_csf.php was not found on this server

Is there a way to fix this?

Though regexes for port-scan detection at the start of pslinecheck are OK, a couple lower down do not allow for the square brackets which can follow the kernel: prefix. I can't remember now whether I was experiencing too many or too few blocks, but something wasn't working for sure! The patch below fixes it. I hope you're able to include this or a similar change in CSF/LFD.

---...

Hoping someone can help point me in the right direction...

I've developed a solution to generate a global list for both allowing IP's & denying IP's. Populating the csf.gdeny works perfectly, every seven (7) minutes the server calls for the file reads it and blacklists the IP's.

Unfortunately, the server does not seem to be releasing IP's that have been removed from the list. csf.gdeny no...

Hi,

we're mounting a backup drive over NFS on a private network. This network is connected through a separate VLAN on a failover bond with two interfaces. When I add bond0.821 to csf.conf:ETH_DEVICE_SKIP I get this error message on csf -r :

*WARNING* ETH_DEVICE_SKIP device not listed in ifconfig

*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.
root@host03 #...

None of these files exist

my @files = ( /var/named/chroot/etc/named.conf , /etc/named.conf , /etc/bind/named.conf , /var/named/chroot/etc/bind/named.conf );

we use dnsmasq

but still get Check for DNS recursion restrictions

(dnsmasq is set to only lo / 127.0.0.1)

It appears firewall removals are not flushing iptables with v8.02. Even after removing, flushing stopping CSF the blocks are still there.

/etc/init.d/iptables stop
csf -r

is working as a work-around in the interim.

Do not check double of the added IP address (-p port).

csf -td 89.222.186.1 -p 80
DROP tcp opt -- in !lo out * 89.222.186.1 -> 0.0.0.0/0 tcp dpt:80
csf: IPSET adding to set
csf: 89.222.186.1 blocked on port 80 for 3600 seconds inbound

csf -td 89.222.186.1 -p 80
DROP tcp opt -- in !lo out * 89.222.186.1 -> 0.0.0.0/0 tcp dpt:80
csf: IPSET adding to set
csf: 89.222.186.1 blocked on port 80 for...

Hi, i have a very strange error, i cant enable the firewall using the botton ENABLE im WHM interface.

I try usign diferents PCs, connections, nothing works.

Do you have any information about this ?

LFD failed when reseller unblock a IP:
lfd : cPanel Reseller : UNBLOCK XXX.XXX.XXX.XXX

# cat /etc/csf/csf.error
Error: IPSET: , at line 4446 in /usr/sbin/csf

Clicking in button Firewall Restart LFD returns to work normally.
This error occurs only with ipset enabled.

Whenever changes are made, applied (via Change ), and you select the Restart csf+lfd option (button) the GUI crashes and cannot load. Here's where it gets interesting.

If you do systemctl restart csf.service and systemctl restart lfd.service no dice still.

For some reason you have to revert back to the old service csf restart and service lfd restart to bring the GUI back online as systemctl...