in my /var/log/messages i found lots of entry's (about 20 requests a second):
Aug 18 11:17:14 Player named : client 81.27.102.20#64048: query (cache) './NS/IN' denied
Aug 18 11:17:14 Player named : client 81.27.102.20#32688: query (cache) './NS/IN' denied
Aug 18 11:17:14 Player named : client 81.27.102.20#27528: query (cache) './NS/IN' denied
Aug 18 11:17:14 Player named : client...
Hi:
I know there is a script that send an email when someone log in into WHM (as root) i would like to know if its too much dificult to make a script that send an email when a user login to cpanel (yes i know there will be a lot of emails, i only want to be notified of 1 or 2 accounts).
Can you please add a feature where was can add a list of IP's, which when that IP logs into the server, LFD won't send out an email saying root was logged in succesfully.
We have many servers running on CloudMin, which monitors the server every 5 minutes (uptime, disk / RAM / CPU / IO / etc usage) so every server generates an email saying root was logged into.
One of my favorite methods of getting into a firewall once something has gone wrong -- and the easiest method I've found for locking *everything* down yet allowing an administrator access from a dynamic location ... is port knocking .
I run knockd , a daemon that watches for a unique sequence of port requests. Any other port request in any sequence other than what I require, will fail. However,...
Chirpy, thanks for implementing X-ARF, though as it is not yet a standard, and is therefore more likely to be read by humans than machines for now, may I suggest the following minor changes to the default x-arf.txt ?
From: root
To: root
Auto-Submitted: auto-generated
X-ARF: YES
Content-Type: multipart/mixed;
boundary= csf-
MIME-Version: 1.0
Subject: abuse report about -
I understand the need to move away from colons (:) as a separator for denying and allowing rules due to upcoming IPv6. Just wondering why pipe (|) was chosen as the alternative? I believe this was introduced in version 5.04.
Reason being, to add a rule to the csf.deny file via the command line you can use the:
Latest version of CSF warns about ServerSignature and ServerTokens when settings are On and non-ProductOnly respectively. However for ModSecurity SecServerSignature setting ServerTokens directive must be full. Could CSF take this into account?
Hello Chirpy,
it will be great if we could have a Button to Remove an IP from any IPTABLE group, right now we only can remove IPs that are in the CSF.DENY file, but it could be the case that we have added an IP that is not there and we need to remove it.
I know that we can enter as root and delete it from there, but it will be easier if we have that option in CSF.
Hi,
Not sure if this is already part of csf .. logwatch is sending me daily reports about possible intruders trying to access popular scripts like phpmyadmin (/PHPMYADMIN/config/config.inc.php?p=phpinfo();, /dbadmin/config/config.inc.php?p=phpinfo();) from 193.170.124.252 or /admin/phpmyadmin/main.php, /phpMyAdmin-2.5.6/main.php etc... from 173.203.72.5. and /w00tw00t.at.ISC.SANS.DFind from...
i would like to see a option to remove a ip address in the allow list.
same whay as deny ... also in cluster env..
i have some ip addresses in the allow list (several servers).. client has other ip address and now i can easy add his new ip address, but to remove the previues ip address i have to go every CSF server by hand..
basicly al features to add a ip address also a feature to remove...
At the moment when PT_USERMEM or PT_USERTIME are exceeded you just get a message telling you which process has exceeded the limit.
Could more debugging info be included such as a trace of the process causing the memory limit to be broken?
For example, I've had a couple of users go past a 200MB limit with a particular Joomla/Virtumart install. Normally it runs in less than 15MB but very...
When can we expect IPv6 support in CSF?
All our servers are already IPv6 enabled and running CSF. Because CSF is not IPv6 aware we have created our own ip6tables script. But it's definitely not an ideal situation.... :(
I know there are a lot of other CSF users that are looking forward to IPv6 support in CSF.
Whe are using Nagios to monitor our server and services.
I like to see that CSF can be monitored also.
Think about
- status
- blocks
- ssh logins
- update's
- cluster status
- notifications of mail (lfd etc)
CSF cluster is something whe use with great pleasure..
I would like to see a extention of cluster feature's.
maybe a seperate page to do:
you can select one or more CSF settings witch you whant to sync on al CSF servers inside the cluster. To sync the total configuration is something you don't whant.
think about
- add / remove a node to the cluster
- add/ remove a TCP/Udp port
- change max....
I've search the forum and didn't see this posted. Also I'm new here.
If my suggestion is far-fetched I apologize in advance. Feedback are appreciated. :)
Problem
The new cluster options are great. I just miss one feature:
Be able to update the cluster ip list on all servers without compromising security.
Explanation
I like the ability to change the csf.conf from one server and push them out...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum