Since 99% of our CSF use is to block IPs it would sure be nice if CSF would remember what tab we have chosen. We always select the CSF tag to keep the Block IP field at the top, otherwise we have to scroll down to get to it. When we block an IP and return to the main page our tab selection is lost.
Possible root compromise: File /lib64/libkeyutils.so.1.9 exists and /lib/libkeyutils.so.1.9 exists.
For more information see:
This file is part of keyutils, part of the Linux kernel. If lfd is not checking the hash of the file matches a compromised version (it doesn't), then don't report it. This library has been around and been installed for years. Only when I updated to the 1.9 so version of...
We are using ConfigServer Security & Firewall (csf) on server and we load the STOPFORUMSPAM with csf.blocklists
Since one week we have slow/strange/random issue with resolving domains:
(XID 5mjkwh) The system failed to send an HTTP “GET” request to “ because of an error: Could not connect to 'verify.cpanel.net:443': Name or service not known at...
Today I was delighted to realize that one can enter ASNs in the firewall and the respective ranges will be looked up and added. I had been looking up and adding ranges manually which is quite time consuming. But I was disappointed when it didn't work:
Aug 28 15:43:28 server lfd : CC: Retrieving GeoLite2 CSV ASN database
Aug 28 15:43:29 server lfd : CC: Processing GeoLite2 CSV Country/ASN...
When the Watch System Logs page loads, the refresh function is automatically set to five seconds. I rarely find the auto-refresh helpful as I typically am scrolling up through the logs and lose my place when it refreshes.
I've been wanting a feature request for a switch to disable the auto-refresh either on the page or in the config. This could also include customization of the refresh...
We've been getting quite a few Syn Flood attacks lately. This is not a problem when were are present as we can manually enable SYNFLOOD. CSF is a life saver and lets us sleep at night, but the one thing that's missing is the ability to have SYNFLOOD automatically enable itself when it detects an unusually high number of SYN packets occurring. And then disable itself when things return to normal....
If Csf has already blocked in cluster an IP of C-Class, then it should not send one more request of an ip deny with -cd or even accept locally -d. I have a huge problem that there are doubles, one from 0/24 and then hundreds of IPs belonging to this chain.
Consequently, there are thousands of IPs in the csf.deny file.
I have csf on Centos 7.3. The C-Class blocking is activated after...
1. When listing rules for users in the table output, please add support for the following additional columns;
Domain Name (as cPanel/WHM addon domains may not be obviously named according to the linux account username).
CloudFlare Rule Scope: Is the rule specific to a single domain in CloudFlare, or is it across the entire user's CloudFlare...
Request: Please provide an option for CSF when blocking an IP locally in CSF, to also block the IP in CloudFlare under the server configured default account. I understand this would only work for a single cloudflare account, but it would be nice for those of us who do use it in this way.
Thus if someone is probing my server for vulnerabilities over SSH, POP, SMTP, etc... and get blocked, they...
Suggestion - block Exim attacks that are designed to degrade server performance:
Log files below of the issue (IP used is arbitrary). CENTOS 7 server.
Log directory:
/var/log/exim_mainlog
2019-02-13 18:51:46.727 no MAIL in SMTP connection from :53797 I= :25 D=10s
2019-02-13 18:51:57.453 no MAIL in SMTP connection from :57662 I= :25 D=10s
2019-02-13 18:52:08.176 no MAIL in SMTP connection from...
Just wanted to make two small suggestions for some of the cluster functionality:
1. When using cluster ignore or allow the entry added to the cluster members is missing the date and time at the end of the entry (like when the cluster deny is used). It would be nice if this was added.
2. The cluster ignore function allows you to add duplicate entries. It would be nice if it a check like the...
I have a suggested patch as I have a cluster of 3000 servers and putting 3000 IP addresses in the csf.conf file seems to be a really ugly solution.
My suggestion is to include the possibility of an include file as follows:
1.) If you have only a few servers in your cluster, configure the CLUSTER_SENDTO and CLUSTER_RECVFROM as normal.
2.) If you have many, start the config of CLUSTER_SENDTO...
Some time ago I briefly deactivated CSF because there was something not quite right on my server, and I was wondering if CSF might be the culprit (It wasn't). After testing was complete, I clicked reactivate , saw a message that said DONE! and went to continue with other tasks.
Today I found out that my firewall was down during all this time, putting my server at an unnecessary risk. Why?...
Usually LFD detects modified binaries that have been updated by yum / apt on the integrity check.
It would be quite useful if you send the last lines of the yum / apt log (last 24 hs) attached or appended to these e-mails to quickly check if those changes correlate with the modified files or not.
I noticed from LF_Xxx notification that when an IP is blocked by CSF, it will 99.99% appear in some kind of Blacklists (RBLs).
I know RBLs is an entirely different area of discussion here, but since when an IP source trying to Bruteforce and its IP got blocked by CSF also appear in Blacklists (RBLs), I wonder if there will be any future development to make use of the...
I just recently switched cPanel AutoSSL provider from Let's Encrypt to cPanel via Comodo .
The SSL cert requests stayed in queue for an excessive time, and I wound up logging a paid support request with cPanel.
It was discovered that the DCV was failing and thus blocking cert delivery due to either 1) because I had a number of the remote domain query from addresses blocked (Russia, China,...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum