ConfigServer Community Forum

Hi,

It would be nice to include result of mysqladmin -v processlist command as attachment of High 5 minute load average alert email from LFD.

Thanks!

lfd . pl: Using the loop with separate print for each line of @message only displays first line of index.text (multiline unix text file) is dispalyed:

Connected to ...
FIRSTLINEHERE
Connection closed by remote host.

When I send the file contents in a single print then ALL lines get diplayed on client.

map { s/\ /$peeraddress/ } @message;
map { s/\ /$hostname/ } @message;
print $client join( \n...

I was thinking/hoping there could be someway to set it up when there is an alert of a certain type to relay it to an IRC Channel.

Thats the basics of what I want, i'm not sure if there is an appropriate way to make this work in csf.

What would be a good feature for this is to have the IP address listed in numeric order. Like alphabetical. Makes it tough to see the IP blocked by certain numbers if there all over the place.

I just had the cPanel Service Package + MailScanner work done to a dedicated LAMP server, and LOVE it! It was money very well spent indeed! :-)

There was just one IP so far that I had to manually enter in order to block. I don't know if this is a bug, something specific to my server, or what. I didn't see anything in the documentation or in this forum about this.

There were hundreds of lines...

We are seeing an interesting thing today. We have been hit by a sudden spam attack that seems to be taking advantage of a script tracking problem. The 1H tracking you guys implemented no longer appears to be working. Today we have tracked several outgoing spam issues launched by scripts that have not trigger the usual script alert. We have CSF set to chmod and chattr these scriptsvia...

First off, I really REALLY like CSF. It's an awesome piece of work! Thank you so much for creating and supporting it!

One small suggestion that would be really useful: CSF already allows me to limit outgoing SMTP connections to specific users and groups (SMTP_ALLOWUSER and SMTP_ALLOWGROUP). It would be very handy if the same type of exceptions could be made for all outgoing TCP connections. In...

Hello Chirpy and Sarah,
could it be possible to include on the details of a blocked IP in CSF.DENY made by mod_security, the rule number that was triggered by the IP? If there were a few different rules, to write the last one?

This an actual line in CSF.DENY:
113.64.81.10 # lfd: (mod_security) mod_security triggered by 113.64.81.10 (CN/China/-): 3 in the last 3600 secs - Mon Sep 9 21:25:06 2013...

All of our servers have been banned from fetching spamhous blocklists because lfd was trying every 30 minutes on drop/edrop.

Please note I do not mean the download frequency setting in the csf.blocklist file, I mean the internal retry rate on download failures.

They clearly state do not download more than once per hour in their faq.

Please set the internal retry to 61 minutes or give us an...

This is really big on my wishlist because it makes syslog monitoring very difficult on a busy system.

Right now to have Port Scan Tracking enabled, you must allow dropped connection logging which can only go to the syslog.

There is no option to log to any other file to reduce syslog clutter and retain port scan monitoring.

Is it just a system limitation that the firewall cannot log anywhere...

Hello, from the last 5 days we get real ddos on 53.

EX:
.....
.....
Aug 4 22:34:08 s1 named : client 85.25.2.8#21707: view external: query (cache) 'isc .org/ANY/IN' denied
Aug 4 22:34:08 s1 named : client 85.25.2.8#21707: view external: query (cache) 'isc .org/ANY/IN' denied
Aug 4 22:34:08 s1 named : client 85.25.2.8#21707: view external: query (cache) 'isc .org/ANY/IN' denied
Aug 4 22:34:08 s1...

Hi Jonathan,
Happy New Year!

In the CSF.DENY list we have the following:
219.134.42.87 # lfd: (ftpd) Failed FTP login from 219.134.42.87 (CN/China/87.42.134.219.broad.sz.gd.dynamic.163data.com.cn): 4 in the last 3600 secs - Tue Dec 27 08:40:52 2011
188.121.60.40 # lfd: (PERMBLOCK) 188.121.60.40 has had more than 4 temp blocks in the last 86400 secs - Mon Dec 5 16:28:38 2011

As you can see, the...

I recently setup cPanel and built EasyApache with Apache 2.4.6 & PHP 5.5.1. After installing CSF v6.30 and running Check Server Security, Check php for register_globals is coming up as WARNING .

I opened /usr/local/lib/php.ini and confirmed it contained the following lines:

; You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form...

I have a specific cipher list for the built-in UI and I just noticed it's not being obeyed?

Perhaps it's not enforcing server-side cipher order?
Or maybe it's a limitation of the perl ssl libraries?

I cannot seem to find newer libraries for centos and I'd rather not install them outside of rpm management
perl-IO-Socket-SSL noarch 1.31-2.el6 base
perl-Net-SSLeay x86_64 1.35-9.el6 base

CSF...

It would be nice if you would add block/unblock by string in CSF, iptables example:

iptables -t raw -A PREROUTING -m string --algo bm --string string_that_you_are_filtering -j DROP

CSF (servercheck.pm) produces a big fat warning when running under OpenVZ/Virtuozzo:

Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module
is currently broken you have to open a PASV port hole in iptables for
incoming FTP connections to work correctly. See the csf readme.txt
under 'A note about FTP Connection Issues' on how to do this.

I have checked that ip_conntrack_ftp is working...

I'm seeing port scan lockouts for hitting port 80 and 443

Would it be possible to add a setting to say how many different ports are considered a scan .

ie. 3

CSF block on repeated auth. POP/SMTP/IMAP failure. This blocks all POP on IP. Customer need the details of which POP has caused the failure.

Is it possible to CSF to email cPanel user just as it email admin ?