ConfigServer Community Forum

csf -m reports that the runlevel of the server should be 3, for ubuntu and debian the default run level is 2, there is no difference between levels 2-5 so it throws a false positive, if debian/ubuntu is detected it should allow runlevels 2-5.

Hello!

First of all, thank you for the excellent firewall script.

I would love to have a feature, if you would be so kind as to consider this, where I can quickly block or allow a port. Right now, the only way I understand that you can block or allow ports is to edit the configuration file and then restart. I am dealing with a distributed smtp/pop/imap attack and it would be great to just block...

Thanks to chirpy and everyone else at Way to the Web who are involved with CSF.

I moved servers not too long ago and the host had installed their own custom-firewall on the server. I left it on for a few days, but it felt rather naked to not have CSF showing up in WHM. I am so glad that I made that decision!

The customizable settings, notification templates, etc. are a proven asset to the...

Hello,

I found that with csf v5.14 we never receive failed SMTP AUTH and SMTP AUTH relay alerts. (Our server use Exim)

I checked the file regex.pm and found the related regexes are outdated. Would you please update them?

For your reference, this is a patch we are using:
--- regex.pm.orig 2010-12-10 18:20:19.000000000 +0800
+++ regex.pm 2011-01-07 18:12:53.000000000 +0800
@@ -188,7 +188,7 @@...

Quick note about the configuration menu.

There's no need to have a table row for each line and one row to split paragraphs. When the nicer design is more lightweight and simpler to write, I don't see why not. Just an aesthetic suggestions for future versions. Those tables are getting a bit awkward.

Might take a few hours to convert the tags from table rows merged into paragraphs and adding...

Is it possible to export and import configuration in/to a file?

The Temp block page has an option to delete the entry, how about an option to make the TEMP a PERM block?

Hi

This option is great however I believe it should be tweaked slightly to enable it to be used more readily in a production environment

# If this option is enabled, the directory identified by LF_SCRIPT_ALERT will
# be chmod 0 and chattr +i to prevent it being accessed. Set the option to 1
# to enable.
#
# WARNING: This option could cause serious system problems if the identified
# directory...

Hi There

Another suggestion for trapping spam

In exim with extended logging enabled you can see if users are authenticated under the A= value in the log file.

This is very handy for tracking people who are spamming using their webmail clients or via a mail client

Typically in our experience we see this being a useful option to use to track users who;s accounts are being abused, the majority...

Hi,
so I have csf+lfd on cPanel server (CentOS)
so, when someone DoS attack server everything works fine, BUT
but attacker keeps connected for several seconds-minutes... and because I have high frequency of visits on server, always some users suffer because of DoS attack...
and sometimes because my CT_LIMIT is high (500#because of advanced clients, so they usually have too much connections to...

To more finely control what binaries can send traffic through CSF, I wanted to suggest this if it doesn't already exist.

Something like:

# User 'user1' executing /usr/local/bin/php has access to send tcp out on ports 80 & 443
upxe : user1 : /usr/local/bin/php : tcp:80,443:out
# Group 'wheel' executing /usr/bin/dig has access to send tcp&udp/53 out
gpxe : wheel : /usr/bin/dig : 53:out

Does...

We use a central LDAP server for authentication on our servers and we've been getting these errors for a while.

Dec 1 17:27:03 server cessing: nss_ldap: could not search LDAP server - Server is unavailable
Dec 1 17:29:03 server cessing: nss_ldap: could not get LDAP result - Can't contact LDAP server
Dec 1 17:29:03 server cessing: nss_ldap: could not get LDAP result - Can't contact LDAP server...

To sort the listing by time, so the email shows the changed files more obviously.

4091c4091
> my $cmdpid = open3($childin, $childout, $childout, $config{LS} --full-time -lAR $file );
---
< my $cmdpid = open3($childin, $childout, $childout, $config{LS} --full-time -lARt $file );

regards

dicko

Why doesnt CSF report the ip address of the machine which changes the root password?

That seems like something which would be very useful for intrusion tracking.

It could mean the difference between telling a member of staff they need to improve their communication or reinstalling a whole server.

Hello!

It's will be great if you will add the option to export and import CSF settings.

Thanks!

I think lfd's script alert would be a great tool if configured just a bit differently, to identify/disable the directory of the actual script, rather than 'public_html'. Either that or when lfd changes the permissions, change it so that the website is still viewable online, just not able to process script emails.

As it is now, when enabled and someone is abusing a script, 'public_html' is...

Scan For And IPTABLES DROP these @ssholes (parden my french)

root@redhat # cat /usr/local/apache/logs/access_log | grep x
190.125.200.223 - - \x80F\x01\x03\x01 404 -
96.54.115.198 - - \xd2\x93`|?\xc3 404 -
41.220.68.8 - - \x80F\x01\x03\x01 404 -
96.53.213.125 - - $0\xaa\x85\xd1;\x07 404 -
96.51.66.73 - - \xf7\x95L\xc3\x9a#\xf8\x1c\x17\xb4\xbaI\b\xbf \xb8\xbec3\xf0\b\xb2x\x91 400 2211...

I've had thousands of vsftpd login failures in the last few weeks. It would be great to be able to block the offending IPs.

Here's a few lines from /var/log/messages

May 1 12:43:17 vps vsftpd(pam_unix) : authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=72.232.10.66 user=mysql

May 11 00:39:10 vps vsftpd(pam_unix) : authentication failure; logname= uid=0 euid=0 tty= ruser=...

We have noticed when configserver.com is down it takes an extended amount of time to bring up any of the CSF tools that check for possible upgrades when you click on them (Firewall, Mail Queue, Mail Manager, etc.)

Is it possible for CSF tools to see that their server is down and set some type of flag that bypasses this check for x minutes?

This would allow the screens to come up quickly verse...

I haven't found/seen a way to do this yet. It would be nice for some annoying bots to be able to block an IP based on the User-Agent string found in the packet.

Can this be done currently? If not, would it be easy to implement into the code or quite complex?

I'm thinking that if available, it could have a port # option, a destination IP option (if you want to limit checking to certain IP...