It would be great, if there would be an option like RT_ _REPORT where I can call a shell script to track the relays ( so I can make additional steps (like suspending the user, etc) based on my conditions ( like hitting the limit 3 times one day, etc )
I want to update CSF Configuration on all my server using LFD Clustering. It works fine but it update the IP Table too. When an IP blocked on master cluster, it will send it to slave. I don't want LFD Clustering handle IP block, does it possible?
Hello,
is it possible / can you add a feature so when a user is being blocked by CSF the will be forwarded to a specific domain on that server? so not the messenger feature but exclude one domain on that server / specific url so that our own site (hosting company) with a specific page about why the are blocked?
I would like to open 2077 and 2078 (which are oddly open by default in csf), but have found that authentication failures don't seem to be picked up by LFD...
Isn't this an open invitation to brute force attacks?
It would be nice to have pre start and post start hook scripts.
It shouldn't be hard to implement two extra variables in csf.conf to hold path to executable scripts which would run prior to starting and post csf startup.
They could be used to gather some statistical data, implement custom firewall rules outside csf's scope and so on...
Hello, I was wondering if instead of peak load alert, lfd would send alert on sustained high load for a period of time, lets say server load has been on high load during 10 minutes and provide record of first high load and current load.
That would allow avoid false positives due to peaks. and provide information to find the cause of it.
It's possible to make messenger only redirect do some port? For example, open messenger port in apache and when someone is blacklisted it will show the page that apache defines.
I have tried this, but the lfd crashes due to other service are using that port, it will be great if it's possible not to crash, only ignore port if other service are using it or an option to only redirect to that port,...
Would it be possible to add a link in the email report when an upgrade is preformed that links to changelog.txt ? I know I can find the changelog all on my own with a few clicks as well, but having it in that report would be fantastic to be able to just click it in my email.
I guess I am not able to post URL's but you get the drift.
Hello, I was wondering if there was any sort of daily reports in the works for CSF. I've been getting loads of emails from 4 boxes that I have CSF installed on. Instead of deleting each one after reading it, having all these alerts in a digest email each day would be great.
I was wondering if you could add some options to limit connections per IP per second to the CSF config screen.
Maybe even take a look at mod_limitipconn, which not really works. Currently it is not possible to configure CSF to block simultaneous requests to a single site e.g. google.com/site.html. Yes, I can use Connection track and enter port 80, but that's not very helpful and can be...
There's already a way to limit the number of process. I would recommend a way to limit the number of high process based on an interval.
For example:
A variable to determine when to monitor a process. Lets call it PT_High_Load
A variable to determine how often to check the PT_High_CPU processes. Lets call it PT_High_Time
A variable to determine if the user wants to kill the process or not
I was having some issues with LFD. Some digging revealed that it was doing reverse DNS lookups via gethostbyaddr() calls as part of log parsing, which because of some issues with my DNS, was causing LFD to hang long enough during parsing on a busy log file to miss lines and miss blocks. I hacked together a patch for csf.conf and lfd dot pl to add a setting to make rdns lookups toggle-able.
We have noticed that in our error log file, there will sometimes be one or two IP addresses that are
hammering the server looking for a particular page on a customers site that no longer exists.
In 2 days, we noticed 3 IP's that have hit the same page and received a 404 error
over 740 thousand times.
netstat -lnp output tcp/udp words for IPv4 listening sockets, but it says udp6/tcp6 for IPv6 sockets.
So, aut.*.pl scripts does not recognizes and does not says listening IPv6 sockets in testing mode.
Is it possible to either have LFD restart services which have been updated (which leave the old deleted processes running), or for LFD to call a customisable script with the details of the deleted process.
I have multiple servers, and (according to Cpanel) cpanel cannot cope with auto restarts of RPM based software. (The most common culprit is messagebus).
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum