ConfigServer Community Forum

Hestia CP is fork of Vesta CP.

Vesta CP - Support added in CSF v13.05 ( changelog )
Hestia CP - Support will be added in which CSF version?

I was able to get CSF working on Hestia CP using the following simple sed snippet (from within the install directory):
find . -type f -exec sed -i 's/VESTA/HESTIA/g' {} + && \
find . -type f -exec sed -i 's/Vesta/Hestia/g' {} + && \
find . -type f -exec...

Hello,

Having too many data in /etc/csf/csf.deny makes it impossible to edit the file in a web-interface of Directadmin.
It is a built-in limit in DirectAdmin when a loading variable 'POST' is limited to hard-coded 125749 bytes. Whenever a 'POST' request of a bigger size arrives it gets rejected by DirectAdmin and no changes are actually saved.

In Directadmin logs one can see a line of the...

Simple - Add a quick deny form to the top of the page or in the header.

Thanks! Have a great day!

That.Is.All.

Hello ,

Will Plesk panel support come in the near future?

Would it actually be good? I don't know your roadmap but I think plesk panel is really necessary.

Hi,
I have configured below settings in csf.conf
LF_HTACCESS = 5
LF_HTACCESS_PERM = 1
HTACCESS_LOG = /usr/local/apache/logs/error_log
PORTS_htpasswd = 80,443

This settings blocks the IPs which makes brute force attempts to password protected directories through http requests, apache logs :

AH01618: user not found: /manage/
AH01618: user not found: /manage/
AH01618: user not found:...

I'm getting a lot of single IP's hitting multiple domains on a server in a DDOS attack. Something like this - 1x IP (sometimes 3, 4 or more) calling:

domain1/index.php
domain2/index.php
domain3/index.php
domain4/index.php
etc

Often they will call 20 url's on the single domain and hit 5,10,20 domains at once, over loading the server. Some of the URL's exist, some don't.

A simple way to block...

Most new operating systems are switching to journald instead of syslog for logging as it provides a much needed unified interface for logging. It would be good if CSF could support this similar to fail2ban.

fail2ban:

A good tutorial on using journalctl:

I find csf will not check ip in list or not, if same ip for multi attack, csf will add multi times
I know we can't realtime to check ip list because it will slow down server, but can you add a function let us click on it and check ip list then remove duplicate one?

Thank you

As per CSF v14.17
SMTPAUTH_LOG= /var/log/maillog handles
.* postfix/smtpd : warning: unknown : SASL LOGIN authentication failed: authentication failure
but it does not handle
.* postfix/smtps/smtpd : warning: unknown : SASL LOGIN authentication failed: authentication failure
so for the latter lines you still need to use CUSTOM?_LOG and /etc/csf/regex.custom.pm

Hello
I propose to add the option to disable unsupported encryption protocols for Messenger, currently the Messenger server in LFD even works SSLv3.0

The same applies to ciphers, I also suggest adding the possibility of setting your own options.

Hi, would love to see integration with crowdsec

It would make CSF SUPER powerful and leverage the crowd

I'm getting single IP's hitting dozens of websites on my web server and they're not getting locked out.

Need to have auto lockout as an option, if not a default. I'd suggest if same IP hits 3 or more websites, lock them out.

Since some time DirectAdmin (custombuild?) Apache config password protects the URL.

The username and password are re-configured every time build rewrite_confs is run.

The current values are printed (in plain text) at the bottom of /etc/httpd/conf/extra/httpd-info.conf. Eg.

#Authenticate using:
#Username: USERNAME_STRING
#Password: PASSWORD_STRING

The LDF load check calls the URL above but...

Hello,

It seems CSF blocks DHCPv6 ports by default, which can cause some confusion. I suggest that by default, CSF allows UDP6_IN for port 546.

DHCPv6 clients listen on UDP 546, and send responses to servers on UDP 547.

Reference:

Example log

/var/log/directadmin/login.log

2022:05:29-21:10:34: '1.2.3.4' failed login attempt. Account 'awdasdawd'

with this new format, currently CSF Firewall doesn't block on failed login activities.

Currently I temporary fix myself by adding new regex to regex.custom.pm

I notice that when I run my csf installer script on my ipv6-only hosts, it fails. Seems like download.configserver.com isn't reachable over ipv6. Could you please enable ipv6? I know there aren't many ipv6-only hosts around, but I'm pretty sure that will change in the upcoming few years.

Angelo.

--2022-05-22 17:15:46--
Resolving download.configserver.com (download.configserver.com)......

Similar to existing ST_APACHE and PT_APACHESTATUS, it would be nice to be able to collect nginx and PHP FPM statistical data based on status information they provide:

Hi all,
I use Csf in all my production and testing servers (mostly Debian and Debian like) and never got a single problem....but...I also use a lot of OpenWrt routers and I think it would be a lot better to install a Csf on them, to centralize firewalling and not having Dmz or similar on the routers avoiding each server manage the firewalling...

Installing on the OpenWrt, behind which there are...

Hello,
Emails as a basic notification system is not enough and even not-contemporary, definitely.
Same messages sent to own log file at-least allow to write own parsing script to process the ones.
It should not be so difficult to implement, I hope...just add two options to /etc/csf.conf
SEND COPY of email body to own log file = 0(not) / 1(yes)
OWNLOGFILEPATH = /var/log/path/lfdown.log/
+ add a...

Hello, guys,

We have received few bug reports from our users saying that some Webmin modules `index.cgi` files are getting destroyed and overwritten with a symlink to CSF. :) I have checked your code and added few fixes to add extra protection before making such changes and also fix message formatting.

Could you please be kind to fix that for the next 14.16 release?

File DisplayUI.pm , lines...