Right now I have lfd configured to e-mail me whenever it blocks, so I get a lot of e-mails blocked for port scanning , among others. This is getting to be a lot of e-mails, 100-200 per day. It would be nice if lfd stored up the day's blocks, and sent an e-mail summary at the end of the day instead. Perhaps there could be a on/off switch for this daily reporting in the config file?
We are a small company, and the way our IT company have organised our network, our in-house administered web server is on the LAN but accessible through our NAT via a virtual server firewall rule that is not port-specific. It may not be the best configuration, but it works for us.
Since all traffic destined for its IP does get to the server, it's nice to be able to run CSF/LFD's port scan...
Is there anyway to add the option of Cluster Search to CSF? We have currently like 30 cPanel/WHM servers with CSF installed and another server which acts like a cluster master server for all the other servers with CSF installed.
We have developed a tiny little php script using csf -cr IP_ADDRESS accesibile via WEB so we can easily unblock ip addresses without entering on that...
It will be fantastic if you can include this patch in future versions of your code. The patch has been generated against csf v9.24. The patch activates the dormant code in lfd.
We needed the reason why an IP address was blocked. The reason is already recorded in the lfd.log on the host that blocks the IP address. In CLUSTER mode, the reason is not passed on, hence the patch.
Would it be possible to add temporary denies / allows and removal of those to CLUSTER cli as well?
Or just let us specify TTL and comments like: csf -cd 157.55.39.107 300 'msn bot mischief'
Virtual memory doesn't cost anything. I could have a process that maps a large file on my hard drive and this will be through the roof. I got the following error today:
Time: Sat Aug 11 21:59:45 2012 -0600
Account: mike
Resource: Virtual Memory Size
Exceeded: 1110 > 1000 (MB)
Executable: /usr/bin/kmix
Command Line: /usr/bin/kmix -session...
I was wondering if there is a way to exclude specific users (not system users) but email usernames from being blocked by lfd.
the reason for that request is that many times we deny access to users who are leaving the company or have been let go, these users which still have their email account configured on their mobile devices will prompt lfd blocks and by doing so may block ip's that...
It's great that you're moving to Bootstrap and more contemporary design but Authentic Theme in Webmin had a long-time support for it already.
I have put a lot of work to it as you know it (most likely saw it). I would like to ask you to exclude all of the new stuff that is loaded in CSF right now for Authentic Theme.
Webmin returns a global var $current_theme and it's very easy to do...
We are having a bad interaction between CSF and SSSD. SSSD starts at 12 and CSF starts at 15. When CSF starts, it starts blocking packets for a period of time (sometimes several seconds) while it sorts out its policies (csf.allow). We do not have an extensive set of policies, but maybe 20 or so lines of csf.allow. When CSF blocks these packets during startup, it confuses sssd, and makes it...
It would be a nice feature if csf had a button that when your being attacked that would automatically ban all ip's that are blocked by csf. This would help with with those who are trying to attack a server then when you feel the attack is over you click another button to stop the auto ban when blocked...It would save us system admins a lot of time!
I was thinking how the limit port access by CC was useful but so large it might be more dangerous than it needs to be (on systems where port knocking just doesn't seem to work)
But maxmind also has an ASN database (GeoLite ASN) that is updated monthly, so should be accurate enough
So could it be possible to duplicate all the CC_ALLOW, etc. settings and have ASN_ALLOW ?
I have a feature suggestion: Run a script whenever an IP is banned or unbanned. It would run on any kind of ban/unban: auto or manual and perm or temp.
It would pass similar arguments as BLOCK_REPORT to the custom script.
Currently I am using BLOCK_REPORT to run a script that talks to the CloudFlare API when an IP is auto-banned, and using bash aliases...
With the wide adoption of SSL through free SSL services like Letsencrypt, a lot of people no longer access domains by http. This is becoming a problem for people who have been blocked and can't see that they are blocked. They think that the server is down. Since the Messenger web server does not support SSL at this time, these people do not see the Messenger html page at all.
So I would like to...
hi
i need a feature in CSF Messenger that when the ip is blocked show block reason in csf messenger page
how can in see blocked reason in the csf messenger page ?
thanks
Seems CentOS 7 has deprecated net-tools Does CSF development plan to update CSF to work without ifconfig and net-tools with possibility of using iproute ?
Hello, I love the RBL checker, but I've noticed that no matter if all the checks resulted ok or some black listing is found, the subject of these reports is always the same: RBL Check on
Can you please take this into consideration and allow customization of ok/error subjects, or at least mark it in the subject with a simple suffix saying with errors . By signaling the subject when errors are...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum