ConfigServer Community Forum

Hi to everyone,
i am looking for an official reply or a secure response ;D

On my server i discovered that the default SSH port comport a lot of attack to guess password ... this made CSF alerting me with a periodic frequency.

Is safe to change SSH port?
CSF will still monitor for SSH failed access? Because if i change port all alert stop.

My doubt is... changing the SSH port made CSF do not...

Hi

I want to make a ssh connection from a VPS (centos 7 & CSF)
But it seems that csf is blocking the ssh port (not 22)

ssh user@xxx.xxx.xxx.xxx -p nnn -vvv
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving xxx.xxx.xxx.xxx port nnn
debug2: ssh_connect_direct:...

Hello,
i have two line code for iptables for allow just a range ip for able check my port, cause i have a backend ip (reverse proxy), and i dont want anyone able detect it (for secure against ddos and etc)

its below, but when i installed CSF, iptables disabled, so i want know how i can run this two command on CSF?

iptables -I INPUT -p tcp -m multiport --dports http,https -s 186.2.160.0/24 -j...

Hi,

Every so often, outgoing mail gets blocked on my cPanel server. All messages are bounced back with following error:

550-Please turn on SMTP Authentication in your mail client.
550-xxxxxx.com :53492 is not permitted to relay
550 through this server without authentication.

When I restart the CSF firewall, it works again, but the same issue could occur several hours later, sometimes, days or...

How can i disable email SSH login alert for user root from
please.
I have a program that automaticlly downloads files through ssh every 30 minutes & am getting emails each time.
Thanks

Hi

My Internet Provider has started using DHCP for all domestic users which means I have to keep changing my IP entry in csf.allow or pay a premium to get a fixed IP.
I try and and catch when the IP address change sos that I can whitelist it in csf but it not so easy keeping up and I find my IP is getting blocked by the firewall on a weekly basis now.

I'm not IP savvy, but from what I can see...

I get the following error in the lfd log.

Sep 28 12:57:30 kilo lfd : Main Process: Can't locate ConfigServer/cxsUI.pm in @INC (you may need to install the ConfigServer::cxsUI module) (@INC contains: /usr/local/csf/lib /usr/local/cpanel /etc/cxs /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.20.2 /usr/local/share/perl/5.20.2 /usr/lib/x86_64-linux-gnu/perl5/5.20 /usr/share/perl5...

Hi

Is there a way with CSF/LFD to define a few URLs on our server or page name like xmlrpc.php... And as soon as you call this page and you are not on the white list, we ban your IP for 24 hours for the whole server.

We KNOW that if you try to call xmlrpc.php on our server, that you are a hacker. We don't want your business and we want you out of our neighbourhood and we don't want you to use...

Hi, I enabled Messenger service, and it work OK, but I need help with reCapatcha option for unban, it is not clear how to setup this.

This feature requires the installation of the LWP::UserAgent perl module (see
option URLGET for more details)

How/what exactly I need to install on my cPanel/WHM server, what command use to install required module?

cPanel v 74.0.8
CentOS 7.5

Thank you for...

Hi,
in deny ips log i get Failed cPanel login from x.x.x.x (Country): 5 in the last 3600 secs but i want more details like this failed cpanel login is for which domain, account? so what is the right place to check this details?

Thanks.

I am hosting sites with inmotionhosting, and have used up 2 hours of paid support, and they cannot configure CSF to ban IP's that request over 100 404 pages.

I am getting attacked daily from thousands of IP's requesting a file called chrqd.php, here is an example

1-0 - 0/0/1 . 0.04 679 0 0.0 0.00 0.00 94.23.196.106 http/1.1 vps.inmotionhosting.com:80 GET...

Hi guys,

First time posting. Hope someone can help.

I have WHM + CSF installed on a CentOS server, and it's come to my attention we've had issues with some limited mail flow, and a few visitors trying to visit their websites.

Long story short, we came to the conclusion that Google DNS is having trouble resolving any domains on my server. One example is

When I run a dig command using any...

Hi, I've added 54.36.0.0/15 to the Deny file
I still get all kinds of hits to my pages from IPs in these ranges.
Is there some setting I'm missing?

root@vps # csf --grep 54.36.148.69

Table Chain num pkts bytes target prot opt in out source destination

filter DENYIN 167 0 0 DROP all -- !lo * 54.36.0.0/15 0.0.0.0/0

filter DENYOUT 164 0 0 REJECT all -- * !lo 0.0.0.0/0 54.36.0.0/15...

Hi,

Can I use CSF to block IPs involved in this sort of attacks -

141.101.81.104 - - GET /rss/catalog/notifystock/ HTTP/1.1 302 - - -
141.101.81.104 - - GET /rss/catalog/notifystock/ HTTP/1.1 302 - - -
141.101.81.62 - - GET /rss/catalog/notifystock/ HTTP/1.1 302 - - -
141.101.81.62 - - GET /rss/catalog/notifystock/ HTTP/1.1 302 - - -
141.101.81.62 - - GET /rss/catalog/notifystock/...

I am seeing this error message:

Unrecognized character \xF3; marked by <-- HERE after <-- HERE near column 1 at /usr/sbin/csf line 3727.

And CSF Firewall does not appear to be functioning.

I assume that the csf file has somehow become corrupted, but I don't know how to replace the file. I would like a way to fix this without losing my existing configuration settings.

My system indicates...

Hi Everyone,

We have a strange issue with CSF firewall on our hosting server at the moment.

We are attempting to block specific countries from visiting our client's websites to cut down on attacks.

We have installed CSF without issue and it is blocking countries, but whilst the CSF firewall is activated - one of our clients has an issue connecting to email via his outlook client on his local...

Hello,

I got like 20 ips on the csf.allow but one ip is beeing removed after a couple of hours.
I tried to add them on the same way i normally do but it just goes away in a couple of hours.

Is there somewhere reporting to see why this happends?

I have several WHM servers and I am trying to use the CC_ALLOW_FILTER but it is not working. ipset is installed and LF_IPSET is set to on and when I restart csf I see the error:

csf: IPSET creating set cc_us
RETURN all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 match-set cc_us src
csf: IPSET loading set cc_us with 66677 entries
IPSET:

Anyone know how to fix this?

I got a problem that csf suddenly blocked a mass of IP addresses after the csf auto upgraded.. Can tell me how to solve the problem?

Photo:

i have tried to set cc deny country port and cc deny pirt tcp in csf.
i want to block china from accessing my pop and smtp server for hacking it. But i want to allow email that is sent from china can arrive to my server because my customer has business with china company. How can do that? I put 22,25,110,465,993,995,143,587 in cc deny port tcp. Buat it makes email that is sent from china got...