When the Watch System Logs page loads, the refresh function is automatically set to five seconds. I rarely find the auto-refresh helpful as I typically am scrolling up through the logs and lose my place when it refreshes.
I've been wanting a feature request for a switch to disable the auto-refresh either on the page or in the config. This could also include customization of the refresh...
We've been getting quite a few Syn Flood attacks lately. This is not a problem when were are present as we can manually enable SYNFLOOD. CSF is a life saver and lets us sleep at night, but the one thing that's missing is the ability to have SYNFLOOD automatically enable itself when it detects an unusually high number of SYN packets occurring. And then disable itself when things return to normal....
If Csf has already blocked in cluster an IP of C-Class, then it should not send one more request of an ip deny with -cd or even accept locally -d. I have a huge problem that there are doubles, one from 0/24 and then hundreds of IPs belonging to this chain.
Consequently, there are thousands of IPs in the csf.deny file.
I have csf on Centos 7.3. The C-Class blocking is activated after...
1. When listing rules for users in the table output, please add support for the following additional columns;
Domain Name (as cPanel/WHM addon domains may not be obviously named according to the linux account username).
CloudFlare Rule Scope: Is the rule specific to a single domain in CloudFlare, or is it across the entire user's CloudFlare...
Request: Please provide an option for CSF when blocking an IP locally in CSF, to also block the IP in CloudFlare under the server configured default account. I understand this would only work for a single cloudflare account, but it would be nice for those of us who do use it in this way.
Thus if someone is probing my server for vulnerabilities over SSH, POP, SMTP, etc... and get blocked, they...
Suggestion - block Exim attacks that are designed to degrade server performance:
Log files below of the issue (IP used is arbitrary). CENTOS 7 server.
Log directory:
/var/log/exim_mainlog
2019-02-13 18:51:46.727 no MAIL in SMTP connection from :53797 I= :25 D=10s
2019-02-13 18:51:57.453 no MAIL in SMTP connection from :57662 I= :25 D=10s
2019-02-13 18:52:08.176 no MAIL in SMTP connection from...
Just wanted to make two small suggestions for some of the cluster functionality:
1. When using cluster ignore or allow the entry added to the cluster members is missing the date and time at the end of the entry (like when the cluster deny is used). It would be nice if this was added.
2. The cluster ignore function allows you to add duplicate entries. It would be nice if it a check like the...
I have a suggested patch as I have a cluster of 3000 servers and putting 3000 IP addresses in the csf.conf file seems to be a really ugly solution.
My suggestion is to include the possibility of an include file as follows:
1.) If you have only a few servers in your cluster, configure the CLUSTER_SENDTO and CLUSTER_RECVFROM as normal.
2.) If you have many, start the config of CLUSTER_SENDTO...
Some time ago I briefly deactivated CSF because there was something not quite right on my server, and I was wondering if CSF might be the culprit (It wasn't). After testing was complete, I clicked reactivate , saw a message that said DONE! and went to continue with other tasks.
Today I found out that my firewall was down during all this time, putting my server at an unnecessary risk. Why?...
Usually LFD detects modified binaries that have been updated by yum / apt on the integrity check.
It would be quite useful if you send the last lines of the yum / apt log (last 24 hs) attached or appended to these e-mails to quickly check if those changes correlate with the modified files or not.
I noticed from LF_Xxx notification that when an IP is blocked by CSF, it will 99.99% appear in some kind of Blacklists (RBLs).
I know RBLs is an entirely different area of discussion here, but since when an IP source trying to Bruteforce and its IP got blocked by CSF also appear in Blacklists (RBLs), I wonder if there will be any future development to make use of the...
I just recently switched cPanel AutoSSL provider from Let's Encrypt to cPanel via Comodo .
The SSL cert requests stayed in queue for an excessive time, and I wound up logging a paid support request with cPanel.
It was discovered that the DCV was failing and thus blocking cert delivery due to either 1) because I had a number of the remote domain query from addresses blocked (Russia, China,...
I have been running CSF for a long time and recently upgraded from MariaDB 10.1 to 10.2. As part of the upgrade, I decided to clean up the my.cnf commands, including moving to underscores instead of dashes.
This morning, I received a warning during CSF's check stating:
Check MySQL LOAD DATA disallows LOCAL
You should disable LOAD DATA LOCAL commands in MySQL by adding the following to the...
Attempting to start LFD while in TESTING mode does not report the correct error *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf . Instead, /usr/sbin/lfd attempts to close and unlink the $pidfile /var/run/lfd.pid using an undefined file handle $PIDFILE at line 7186. This causes the error: Can't use an undefined value as a symbol reference at /usr/sbin/lfd line.7186 .
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum