It would be great if we could have a central CSF&LFD standalone console. That should be a completely separate product that will run alone on separate server/vps, and allow complete control of all CSF&LFD servers in a cluster. It should also have multiple admin user authentication with different authorization levels for admin user/group.
Basically everything that we already have just from...
It would be nice to be able to temporary whitelist an IP for a pre-defined amount of time.
i.e.: Having consultants needing to do specific types of work on the server that end up blocking their IP address at the moment I have to allow their IP then when the job is done I have to remember to remove this permission (not that I don't trust them) so if I could set the allow on their IP to expire...
I understand the problems with having both of these enabled, and maybe I have something misconfigured or am missing something.
The way I understand it if DROP_IP_LOGGING is disabled then no packets to blocked ip addresses are logged. Due to limited resources on the VPS I remove permanent blocks after a period of time, but only if I am not still seeing traffic from them. I also like to use the...
Good Morning,
I've had a server that was allowed in a csf cluster (within csf.allow) that went bad and started attacking. Because it was in the csf.allow, it (of course) wasn't being blocked. I found that I couldn't remove it from the csf.allow file with a cluster command. My cluster includes 37 servers and I'm only about half-way through at this point. It would be really nice if a cluster...
I've recently enabled LF_SYMLINK and have found its been blocking genuine traffic.
I use suPHP so of coarse all users should own their own files, but some users have files owned by nobody for whatever reason, these users are triggering the LF_SYMLINK because their userid is accessing the 'nobody' userid.
Could you add an option so that such triggers can be ignored?
Found several attempts from an IP address in Russia that is attempting a brute force attack
on a sites wp-login.php script. I see every few seconds an attempt in the users domlogs file.
This causes the servers load to increase, and as soon as I block the IP, the load comes down.
/usr/local/apache/domlogs/USERNAME/domainname.tld
Can lfd monitor these logs as well, and block IP's that hit...
Hi i have a dedicated server CentOS 5,9 with WHM 11.36.0.11 and in the last update CSF v6.00 at 2 weeks agoo become a problem to me.
This server only have one site vbulletin forum , and after this upgrade my users say the site is extrem slow.
After a quick tests with a browser cleaned with no cache i can duplicate the problem, and the page sometimes takes 20 secounds to open and other times...
I have a couple custom regexes that scans apache access_log and modsec_audit log. The regexes work correctly. When these rules match there is a flood of errors from a single ip, 10's of accesses per second.
Looking at strace, LFD seems to be trying to resolve the hostname for every logline that matches the pattern? Is this correct? On hosts with...
Parallels H-Sphere logs to /var/log/proftpd/current for proftpd
The format for no such users is as below:
@4000000050813b0f0dc55a3c OUR_SERVER_IP (119.131.139.79 ) - USER .DOMAIN_NAME: no such user found from 119.131.139.79 to OUR_SERVER_IP:21
@4000000050813b1334953c2c OUR_SERVER_IP (119.131.139.79 ) - USER admin: no such user found from 119.131.139.79 to OUR_SERVER_IP:21...
We run quite a few CentOS 5 and a week or so ago serveral of our servers were the target of brute force SSH attacks. What we found though was that with:
LF_SSHD = 15
ST_DISKW_FREQ = 5
LFD was not blocking the the IP's (and there were many more than 15 brute force attempts per IP address per 5 minutes). As it...
Is it possible to block certain country (for example China) for certain services (eg. FTP)? We see many hacking attempts from compromised servers from China using users FTP details, but we can't block China from all services because many of our users send emails to from China.... Any idea how to setup such rules? Maybe with csfpost.sh?
First to thank the CSF developers for giving us this wonderful product.
I have read and googled all the dovecot regex examples, and other users samples, but cannot find one that would work for me.
I have spent hours trying to self-help but unsuccessfully, due to my not being good in perl, or regex.
Am using Centos 6.3 and dovecot v2.0.9.
dovecot log file is in /var/log/dovecot-info.log (thus...
We really like csf, but in my humble opinion i do miss the definition of interfaces in csf.
as a hoster we also use internal network link with a 10.0.0.0/8 range for internal backups so we need to disable bogon network completely enabling this on the public facing interfaces is preferred. (i also read iod's question here for the same issue)
I'm using on OSPF/Quagga tunnel interface for allocation pool of IPs to my server. When I'm enabling CSF firewall IPs doesn't work anymore. I'm trying to whitelist OSPF router IP and tunnel network, but this is doesn't help me. How I can whitelist raw proto into CSF?
raw 0 0 0.0.0.0:89 0.0.0.0:* 7 238321/ospfd
raw 0 0 :::58 :::* 7 238136/zebra
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum