Tried to find something that allowed checking of IPs against AbuseIPDB and then if found then block, but couldn't find anything out there.
Hence writing this up.
We are using the csf RELAYHOSTS setting to prevent lfd from creating temporary firewall entries for customers who successfully check email. We are not on cPanel, so the setting isn't normally there, but it works perfectly once added. We have a separate daemon that maintains /etc/relayhosts with the IPs of recent successful connections.
The problem is that during a csf upgrade it seems to strip...
It seems my server is getting a lot of failed SASL auth attempts via the maillog lately. This doesn't seem to be part of CSF's default configuration, so a lot of bad attempts got through!
I added a custom rule for LFD to ban these bad SASL people, but I highly suggest you make it part of the default csf.conf
Here is the tutorial I followed to implement the custom rules on my own...
The directadmin installation suggests that CSF config should be managed by the directadmin and we have to set some bruteforce settings to 0 or disable them. By doing this, the CSF will trigger few warning messages.
From what I've known, CSF use a special installation config file for directadmin called csf.directadmin.conf and it contains a generic variable DIRECTADMIN=1
After working av week trying to make CSF Messenger work in a usable manner, we must conlude that at current time it is not usable for us. Here is a list over problems and bugs we experienced:
Our system: We are running DirectAdmin and CSF 14.01. We have both CentOS 7 and CentOS 8 servers (the below list apply to both). We are using ipset:
- On DirectAdmin is it needed to change default path in...
Sometimes you need to make sure some client with dynamic IP will never be blocked by lfd.
However if you put the FQDN of the dyndns used by the client in csf.dyndns then you also allow this client to bypass the firewall completely, which is not the desired behaviour.
I suggest creating a new file, something like csf.dyndnsignore, that will have the behaviour of csf.ignore, but for dynamic dns.
This is probably a complete waste of time since none of the recent suggestions have had staff replies, which I find disappointing and would put me off of purchasing or donating anything to CSF...
Anyway, I have just set WHM to email me with alerts, and decided to add Pushbullet for more severe alerts. I thought it wasn't working when I didn't get login alerts but realised this is from CSF. I...
Cipher list []. Due to weaknesses in the SSLv2 cipher you should /etc/dovecot.conf and set ssl_cipher_list to explicitly exclude it. For example:
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
This ssl_cipher_list parameter is set in /usr/local/directadmin/custombuild/custom/dovecot/conf/ssl.conf
And via build dovecot finally also in...
Since 99% of our CSF use is to block IPs it would sure be nice if CSF would remember what tab we have chosen. We always select the CSF tag to keep the Block IP field at the top, otherwise we have to scroll down to get to it. When we block an IP and return to the main page our tab selection is lost.
Possible root compromise: File /lib64/libkeyutils.so.1.9 exists and /lib/libkeyutils.so.1.9 exists.
For more information see:
This file is part of keyutils, part of the Linux kernel. If lfd is not checking the hash of the file matches a compromised version (it doesn't), then don't report it. This library has been around and been installed for years. Only when I updated to the 1.9 so version of...
We are using ConfigServer Security & Firewall (csf) on server and we load the STOPFORUMSPAM with csf.blocklists
Since one week we have slow/strange/random issue with resolving domains:
(XID 5mjkwh) The system failed to send an HTTP “GET” request to “ because of an error: Could not connect to 'verify.cpanel.net:443': Name or service not known at...
Today I was delighted to realize that one can enter ASNs in the firewall and the respective ranges will be looked up and added. I had been looking up and adding ranges manually which is quite time consuming. But I was disappointed when it didn't work:
Aug 28 15:43:28 server lfd : CC: Retrieving GeoLite2 CSV ASN database
Aug 28 15:43:29 server lfd : CC: Processing GeoLite2 CSV Country/ASN...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum