Just a thought for the fantastic CSF server security check
Maybe scan my.cnf and if skip-networking doesn't appear at the start of a line, suggest that if they do not require external mysql access to add that line?
I would bet 90% of whm/cpanel installs do not use anything except local sockets so no sense in having a security hole by having mysql listen to tcp.
This is partially a duplicate of Release date in changelog + Version number in upgrade log. The version number was added to the update script, but it is still not in the changelog.
Would it be possible to get the release date included in the changelog as well? Something like this? (But better formatted. The BB software is making it really tough to get pretty looking text.)
Hello,
is it possible to ad een messenger feature so that on attack/block/abuse/etc... beside mail to send a messenger (msn, icq,)..
if possible ad this feature with a multi select option to choose what messages you whant to receive..
I searched for an answer to this question with no success.
I have another server running Fail2ban. When an IP is blocked, the alert email includes WHOIS information for that IP address (which usually includes the ABUSE contact). My email client parses that message and allows me to send a message to any address mentioned by just clicking on it.
This makes it very easy to forward abuse reports to...
Is this possible to receive an alert for a successful FTP login?
The alert should be issued only once per day and per IP.
Having this feature would allow to quickly detect cases where the FTP
credentials are stolen (trojan etc...).
Also could the SSH successful login alert be issued only once per day and per IP?
This would be more useful.
Hi Jonathan,
thanks a lot for the new option for the resellers.
I have a doubt, how we can tweak the email that we receive when an IP was unblocked by a reseller?
I like to read the info on how the IP was blocked that usually appears on CSF like this:
DENY 178.238.232.158 * inout 23h 47m 19s lfd - (mod_security) mod_security triggered by 178.238.232.158...
whe are using CSF on our Cpanel servers and whe are verry happy with it.
Whe have a lot of resellers on our systems.
It would be nice to give the resellers some privilages on CSF (lets see, remove a block for one of there clients).
also can you create a feature so that clients can unlock them selfs..
for instance user is locked, goes to a special website / url .. answers his personal...
the use of iptables-save and iptables-restore for large rules set in iptables...
iptables-save dump all rules set in a file that iptables use as-is
iptables-restore can only take the dump file and map it back i memory for iptables in one step witch is really good, for example, server reboot.
of course the dump file has to rewrite every time a rules chain in...
Hi Jonathan,
just to let you know that examples on how to set connlimit are missing, from the readme.txt file:
The protection can only be applied to the TCP protocol.
Syntax for the CONNLIMIT setting:
PORTFLOOD is a comma separated list of:
port;limit
Hi. I would like ifis possible to run a script every time when a successfully login in whm/cpanel is detected. Why this?
I am running a verification between ip's (registration, ftp, cpanel to detect fraud accounts). So to take like arg $1 the ip logged into cPanel and my script is checking country code for last ftp access,ip from registration, for that account and if country is different to...
is it possible to only sent the abuse message's to a other @mail address.
whe have a sepperate mailbox for al the CSF messages, but now al the CSF messages gets in to this mailbox incl. the abuse messages.
Whe whant the abuse messages directly to our Security Officer..
if not possible now, can je implement this i a newer version..
It would be great, if there would be an option like RT_ _REPORT where I can call a shell script to track the relays ( so I can make additional steps (like suspending the user, etc) based on my conditions ( like hitting the limit 3 times one day, etc )
I want to update CSF Configuration on all my server using LFD Clustering. It works fine but it update the IP Table too. When an IP blocked on master cluster, it will send it to slave. I don't want LFD Clustering handle IP block, does it possible?
Hello,
is it possible / can you add a feature so when a user is being blocked by CSF the will be forwarded to a specific domain on that server? so not the messenger feature but exclude one domain on that server / specific url so that our own site (hosting company) with a specific page about why the are blocked?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum