May I suggest further documentation on the different debug levels? On that regard, the verbose level could be configured manually (ie. list of all possible items/categories of alerts with 0/1 option). This could help sysadmin to track/monitor/manage some issues more closely.
First I'd like to thank Chirpy and crew for all the great work they've done for us hosts. I've paid for their services, and have recommended it to my friends because of how professional they are, and of course how great their product is. Thanks :-)
Now onto my suggestion for csf...
It would be really nice to be able to use bluetack formated ip blocklists in CSF. From my understanding this...
Hi,
It is possible to change CSF in such a way that users from banned IP can see info page?
I mean lastly I had few clients complaining about server non working, but it turn out they IP was blocked because of their fault (wrong cpanel/ftp/pop3 password) :rolleyes: .
In this case customers are pointless and dont know what to do. I would like to give them some option/ info about it.
On the Messenger protion I know we can edit the messenger files. I was wonder if there was a way to dynamically put text into the messenger to say why it was bloked.
For example in the csf.deny we put
196.168.0.0/10 #Trying to inject hacking scripts
Could messenger pull the text past the # and in the code we could have something like:
I would like to get opinions and ideas about automatically sending an email to the network abuse (or other) email address of the owner of every IP number that attempts to hack into my system. I get a lot of SSH login failures, a fair number of rejected TCP SYN messages, and some port scanning activity. The hacking activity comes from all over the world. After looking up the network information on...
hi, I would like to know if it's possible to add the variable keys authentication in sshalert.txt,
since it is essential to know this information when there are more of an active key.
Please consider adding dovecot (IMAP & POP binaries) to the stock-default LFD process ignore list; this will help to limit the that is triggered by simple IMAP and POP usage.
I've noticed in small boxes that after a lite DOS was occured and the system memory have reached its top value, the lfd hangs, can't fork errors are issued, lfd is dead, and the temporarily blocked IP addresses remain blocked in iptables. I've also noticed that that blocks are not cleared nor un-orphaned when you start the csf again. That's cool because, under a DDoS attack, your iptables will be...
I think it would be possible but maybe somewhat a security risk...but can easily take all pre-cauctions when doing this.
I have a few reseller clients and some of their clients get banned, but they would have to contact me to remove from the deny list and add them to the allow list.
^Only long solution, The fast solution is a more security risk , Set->Reseller Account with root permissions,...
I got some lovely messages from LFD this morning telling me that the mail queue had X,000 emails in it (EEK)... problem was I was asleep and didn't see the emails till around 3 hours later (25,000 emails in the queue by now). I do have my server limited to 1000 emails per domain, but I have a feeling this is ignored if they hack in or use exim direct? Anyway back to the point - the warnings are...
Currently, after XXX entries in the deny file, csf automatically starts removing the oldest entries. Is there a way to have a list of permanent deny entries that never get auto removed? Is this the global deny list, or would this be a new feature?
Is there a way to track all WHM/cPanel/FTP logins and not just the failed ones? What we would love to see is the name of the country the person successfully logged in from in an email. Some of our clients are a bit careless when it comes to creating strong passwords.
We understand that many of the servers that support hackers are in the US but many of them are not. We do not have many...
Being able to monitor important folders and files for changes. IE : /etc , /etc/passwd, groups , shadow, config files, system binaries . Based on md5 checkings ?
I know we got the ct states option which is a big help but I figured I would offer this suggestion from experience.
I got to noticing on a server I didn't have ct_states on that it was counting last_ack, fin_wait, close_wait etc as connections. I know about the skip time wait option but usually there is just as much of the other connection states.
I'm using csf for over 1 year. It's the best firewall.
SCRIPT_ALERT feature is crucial for me, I have no idea why it is removed on generic installation. Well, for old versions I added by hand to csf.conf these lines
SCRIPT_LOG = /path/to/log
LF_SCRIPT_ALERT = 1
LF_SCRIPT_LIMIT = my limit number
LF_SCRIPT_PERM = 1
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum