ConfigServer Community Forum

Hi,
Currently in the watch/search log in CSF we only have :
/var/lib/mysql/myserver.myhost.err

Do you think it would be possible to have also the mysql Slow Query Log file access ?
/var/lib/mysql/myserver-slow.log

And why not also the general log ?
/var/lib/mysql/myserver.log

Thanks
Best regards

Hi.
Is possible to have an enable on/off setting that could be set to add white listed IPs in cPhulk as well?

This will be a great addition, right now it should be done manually and most of the time is forgoten and is not white listed in cPhulk.
Also, Could it be possible that when doing a search for a blocked IP that the search could include cPhulk?

Regards,
Sergio

This double not seems like an error:
»
csf.ignore - a list of IP's and CIDR addresses that lfd should ignore and not
not block if detected
«
at

Hestia CP is fork of Vesta CP.

Vesta CP - Support added in CSF v13.05 ( changelog )
Hestia CP - Support will be added in which CSF version?

I was able to get CSF working on Hestia CP using the following simple sed snippet (from within the install directory):
find . -type f -exec sed -i 's/VESTA/HESTIA/g' {} + && \
find . -type f -exec sed -i 's/Vesta/Hestia/g' {} + && \
find . -type f -exec...

Hello,

Having too many data in /etc/csf/csf.deny makes it impossible to edit the file in a web-interface of Directadmin.
It is a built-in limit in DirectAdmin when a loading variable 'POST' is limited to hard-coded 125749 bytes. Whenever a 'POST' request of a bigger size arrives it gets rejected by DirectAdmin and no changes are actually saved.

In Directadmin logs one can see a line of the...

Simple - Add a quick deny form to the top of the page or in the header.

Thanks! Have a great day!

That.Is.All.

Hello ,

Will Plesk panel support come in the near future?

Would it actually be good? I don't know your roadmap but I think plesk panel is really necessary.

Hi,
I have configured below settings in csf.conf
LF_HTACCESS = 5
LF_HTACCESS_PERM = 1
HTACCESS_LOG = /usr/local/apache/logs/error_log
PORTS_htpasswd = 80,443

This settings blocks the IPs which makes brute force attempts to password protected directories through http requests, apache logs :

AH01618: user not found: /manage/
AH01618: user not found: /manage/
AH01618: user not found:...

I'm getting a lot of single IP's hitting multiple domains on a server in a DDOS attack. Something like this - 1x IP (sometimes 3, 4 or more) calling:

domain1/index.php
domain2/index.php
domain3/index.php
domain4/index.php
etc

Often they will call 20 url's on the single domain and hit 5,10,20 domains at once, over loading the server. Some of the URL's exist, some don't.

A simple way to block...

Most new operating systems are switching to journald instead of syslog for logging as it provides a much needed unified interface for logging. It would be good if CSF could support this similar to fail2ban.

fail2ban:

A good tutorial on using journalctl:

I find csf will not check ip in list or not, if same ip for multi attack, csf will add multi times
I know we can't realtime to check ip list because it will slow down server, but can you add a function let us click on it and check ip list then remove duplicate one?

Thank you

As per CSF v14.17
SMTPAUTH_LOG= /var/log/maillog handles
.* postfix/smtpd : warning: unknown : SASL LOGIN authentication failed: authentication failure
but it does not handle
.* postfix/smtps/smtpd : warning: unknown : SASL LOGIN authentication failed: authentication failure
so for the latter lines you still need to use CUSTOM?_LOG and /etc/csf/regex.custom.pm

Hello
I propose to add the option to disable unsupported encryption protocols for Messenger, currently the Messenger server in LFD even works SSLv3.0

The same applies to ciphers, I also suggest adding the possibility of setting your own options.

Hi, would love to see integration with crowdsec

It would make CSF SUPER powerful and leverage the crowd

I'm getting single IP's hitting dozens of websites on my web server and they're not getting locked out.

Need to have auto lockout as an option, if not a default. I'd suggest if same IP hits 3 or more websites, lock them out.

Since some time DirectAdmin (custombuild?) Apache config password protects the URL.

The username and password are re-configured every time build rewrite_confs is run.

The current values are printed (in plain text) at the bottom of /etc/httpd/conf/extra/httpd-info.conf. Eg.

#Authenticate using:
#Username: USERNAME_STRING
#Password: PASSWORD_STRING

The LDF load check calls the URL above but...

Hello,

It seems CSF blocks DHCPv6 ports by default, which can cause some confusion. I suggest that by default, CSF allows UDP6_IN for port 546.

DHCPv6 clients listen on UDP 546, and send responses to servers on UDP 547.

Reference:

Example log

/var/log/directadmin/login.log

2022:05:29-21:10:34: '1.2.3.4' failed login attempt. Account 'awdasdawd'

with this new format, currently CSF Firewall doesn't block on failed login activities.

Currently I temporary fix myself by adding new regex to regex.custom.pm

I notice that when I run my csf installer script on my ipv6-only hosts, it fails. Seems like download.configserver.com isn't reachable over ipv6. Could you please enable ipv6? I know there aren't many ipv6-only hosts around, but I'm pretty sure that will change in the upcoming few years.

Angelo.

--2022-05-22 17:15:46--
Resolving download.configserver.com (download.configserver.com)......

Similar to existing ST_APACHE and PT_APACHESTATUS, it would be nice to be able to collect nginx and PHP FPM statistical data based on status information they provide: