Hello,
It is common when a computer is infected with virus, sent to other computers mail password you have set, then these computers are beginning to use the mailbox to send viruses or spam.
When this happens, they come in a short time many alerts like AUTHRELAY, Remote IP - xxx.xxx.xxx.xxx , where each of these alerts the IP is different (the firewall is blocking each IP) but when the block...
Would it be possible to add a 'quick allow current IP' feature?
I'm constantly finding myself having to check what my IP is before allowing it through CSF. It would be much less time-consuming if we could just click a button/run a cmd to allow the current IP through the firewall.
We have to add often new IP in the quick allow option but can you add the possibility to add them in block and to save them in a file in case of we have a server crash please ? Same for quick deny please ?
Thank you very much for your great tool. We love it.
anyone could build some decent regex for dovecot fail loggin because right now CSF do not ban any ip from dovecot service. and im not usual enough with perl to do it myself
after a close look into regex.pm its look like the regex is not valid for dovecot versus Direct admin
here is some exemple of error logs for dovecot into /var/log/maillog
I had the CPanel Service Package applied to my server a few months ago and it has been brilliant. One thing missing is I would find it very useful if I could run reports/analytics against historical data captured via CSF/lfd so I could run a report to see how many port scans have occurred, how many login attempts, blocked IP's, recurring IP's, IP ranges, successful root logins and so on - could...
I am able to use the Joomla extension sh404sef to block ips from project honeypot from viewing my sights by using a simple API key from the honeypot, so I believe this would be a relatively easy add-on to hook up csf & lfd to the project as well. That way I could secure my whole server from the known hacking hot spots and overly permissive ISP's.
Not sure if it is ok to post this...so any mods...
Would you consider making a Announcements forum where you post all updates and patches? Would just make it a little easier for all the people out there using CSF to stay up to date as they could subscribe to that forum and be automatically updated.
So just updated one of the servers to the latest csf. csf v5.55
Ran a Check Server Security scan and under PHP Version info it says this:
Check php version (/usr/local/bin/php) WARNING Any version of PHP (Current: v4.*) older than v5.3.* is now obsolete and should be considered a security threat. You should upgrade exclusively to PHP v5.3.*
But I'm not running version 4 and have not for quite...
I'd love to see ban user using MAC address in addition to IP bans. The IP address can change but the users MAC address rarely changes.
I noticed that the MAC address is recorded in the IPTABLES log so this should be possible.
Once an offending MAC address if found you could ban all IP's coming from that MAC address.
I'm just configuring a CSF instance for a client and he required that certain countries should not be able to access his website. We're talking China, Ukraine and Russia due to their famous botnets. The problem is that the firewall is loaded with thousands of rules representing the subnets allocated to those countries.
I have no intention however to load the firewall rule set with a huge...
LFD doesn't seem to recognise pop3-login failures after upgrading to Dovecot 2.1.0
We are running Direct Admin current with Dovecot 2.1.0
/var/log# csf --version
csf: v5.46 (DirectAdmin)
These are the log entries that don't work now
Server1
Feb 22 11:21:39 bob1 dovecot: pop3-login: Disconnected: Inactivity (auth failed, 1 attempts): user= , method=PLAIN, rip=211.142.85.44, lip=192.194.199.1
Feb...
I've been searching around the web, and I really could not find anything. I have webmin also logging to syslog (/var/log/secure) and was wondering if some of the LFD functionality could watch for webmin messages just as it does for cPanel.
Email on login, ban on multiple failed login attempts, etc.
Can you please add the following Blackberry server IP's to the permanent whitelist for future CSF releases.
I'm sure many hosts will have clients who wants to use their Blackberry phones for email, and it would make everyone's lives easier if it was automatically whitelisted in the next CSF release(s)
I guess it's impossible to rate limit connections via CSF because it would require kernel changes but could a feature be implemented to limit (inbound) connections per IP range instead of just blocking it outright as a sort of throttle?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum