Currently when running the security check it tells you: Check server startup for xinetd
On most servers xinetd is not needed and should be stopped and disabled from starting if it is not required.
When running Plesk xinetd is required as services such as proftpd use it. Disabling xinetd will cause you many problems.
I propose checking to see if the server is running Plesk then if so then hide...
We are using CSF firewall in a directadmin server. We are trying to use the LF_DIRECTADMIN feature so that access is denied for the abuse IP only for that particular IP. The relevant values we use are as follows.
We have run into an issue and I wanted to take the time to suggest this feature as this will help us and possibly other in the future:
We have Global Whitelist file on a remote http server and we love the feature to be able to import a GLOBAL_ALLOW, GLOBAL_DENY, and GLOBAL_IGNORE. The issue we had is our remote http server that hosts our global lists became unavailable and when it came...
Instead of showing the error message Error: The option WHM > Security Center > SMTP Tweak is incompatible with this firewall. The option must be disabled in WHM and the SMTP_BLOCK alternative in csf used instead, at line 87 , why not prompt a message asking if the user wants to disable it?
Once he confirms, just a /scripts/smtpmailgidonly off do the job.
charts.html, graphs.html is saved to /tmp correctly but all images are saved as:
/tmplfd_cc.gif
/tmplfd_hour.gif
/tmplfd_month.gif
/tmplfd_pie_day.gif
/tmplfd_pie_hour.gif
/tmplfd_pie_year.gif
/tmplfd_systemday.gif
/tmplfd_systemhour.gif
/tmplfd_systemmonth.gif
/tmplfd_systemweek.gif
/tmplfd_year.gif
I think the path is missing the last slash on the...
I keep getting the notification when clicking Check Server Security. It says:
Unable to resolve nameserver within 5 seconds
Unable to resolve nameserver within 5 seconds
I have a feeling it has to do with the fact that those are my IPv6 nameserver entries. Is this something that CSF doesn't support yet? Currently ns1 and ns2 are IPv4 while ns3 and ns4 are IPv6. I have tested extensively through...
Just wondering if when csf graphs are generated if the files could have 644 permissions vs the 600 that they are now. This would allow them to be used in third party applications that are not running as root.
i have tried to block whole US ips with CC_DENY = US but its slowing down iptables a lot. Transfers going down to 1-2mb/s.
Would it be possible for you to add this feature in combination with ipset tool?
Its quite simple in terms of use:
ipset -N geoblock nethash
for IP in $(wget -O - ipdeny ipblocks/data/countries/us.zone) #<-- sorry couldnt post urls yet
do
ipset -A geoblock $IP...
Hello chirpy!
This is a thing I wanted to ask since several YEARS ago, and never found a bit of time to come here to the forum. Really.
When you have Denied IPs, the UI shows something like Edit csf.deny, the IP address deny file (Currently: 86 permanent IP bans) . That's cool in order to know how the denied IP list is growing. But, what about the white list? It doesn't show the amount of...
May you use directadmin com/features.php?id=1590 to detect login failures to DA and block particular IPs? DA already has build-in whitelists/blacklists for DA login screen, but the firewall approach would sound great.
Hello,
DYNDNS features for IPV6 like IPV4 are required because a large residential ISP (cable) started its transition leading to impressive growth in IPv6. They are providing Shared IPV4 and Dedicated Dynamic IPV6 in 57 or 64 subnet prefix for home clients. All IPV4 ports are unreachable from outside because of Shared IPV4 so many of internet functions just available by using IPV6 only, like...
hi
can someone look into updating
PT_USERKILL
so you can set it to auto kill of only the processes that you need to kill of in a processes list
like use a list like
Process Tracking ignore file
i.e. you list the user Account (if needed) and also the processes and the kill PT_USERMEM and/or the PT_USERTIME in that list
so it kills things in that list has you setup with not the same times...
First of all, I can not tell you how much I love CSF, so please do not take this the wrong way.
We have a large number of customers who get PCI scanned, and it always happens the same way:
1. Scanning company scans website without telling us, and they get blocked (yeah CSF)
2. They complain to the customer who complains to us.
3. Only solution is to add their IP address into csf.allow, thus...
Once again thank you for this great package. I'm a donor already. ;)
Well.
1 - We have a modified version of the lfd .pl file but when an update ocurs, we need to make the modification again and it's a bit annoying. We would love a hook to trigger our modification script, some config like UPDATE_ACTION
2 - We need another hook in the logfile function inside lfd. pl, it's needed to execute...
One thing I am noticing on my server is that almost all the blocks for certain administrative services that end up being blocked are outside of the country where those that manage my server are located. SSH, SMTP, POP, FTP, and accessing CPanel URLS for example should never be done except by people who have authority to log in and use those servers, and those people are coming from either known...
I just noticed that if you run the Check Server Security option from the UI on a server running MariaDB 10, it fails and says you're running an outdated version and need to update to 5.5. Not a major bug perhaps, but with MariaDB10 hitting GA a week or so ago, it might be worth checking for it as a valid and updated equivalent to at least MySQL 5.6.
First of all i would to say thanks to CSF and it's entire team for making an outstanding firewall utility and that too for free!
I would like you to make Reset default settings for CSF & it's other tool, if anything goes wrong after making changes to csf firewall settings we can simply use Reset Default Settings
It would be good if you can implement this feature ASAP.
#RBN|86400|0|
I went through the EmergingThreats website and found these links which may be of interest:
Detail: - lists a number of links to text files which contain ips.
- last update seems to be February 2012 so not sure how accurate this list would be over two years on. There's no date in the list itself so I don't know if the list is...
Currently one of the problems with enabling email alerts on the application triggers is the number of alert emails an administrator gets. On our servers 95% of them are from Asia and Europe (areas that we don't even service or care about).
I propose a new setting that basically says send out an alert only if the IP address being blocked is from one of these countries.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum