Hello. Since a few weeks ago, the automatic RBL check (once at hour in our server), outputs always this at email:
Checked 31.2xx.xxx.xxx (PUBLIC) on Sat May 19 17:00:01 2018
short.rbl.jp
TIMEOUT
virus.rbl.jp
TIMEOUT
OK
These 2 lists short.rbl.jp and virus.rbl.jp always output TIMEOUT. It's a common problem for all Configserver users?. Can I resolve this?. If not, can I disable these 2 list to...
Do anyone know that..is there way i can install software firewall on physical server ?
we have receive some attack 1-2 months, i know that suspend the vps will be solved, but we have 10 clients for different server, it is hard for us monitor every physical server, as we don't know when will the attack come.
but the attack come, we may very busy on another stuff, we can't solve that...
I am using cPHulk Brute Force Protection to blacklist some countries. This is working fine, but I still see IPs from blacklisted countries appearing in csf.deny. These are logged as Failed IMAP login, Failed SMTP AUTH & Failed FTP login.
Should cPHulk Brute Force Protection for blacklisted countries not stop these even getting to Configserver?
I see in my logs a small number of failed logins from an IP, which is blocked in CSF at 00:04am
xxxx.xxx.xxx.xxx # lfd: (smtpauth) Failed SMTP AUTH login from xxx.xxx.xxx.xx. (AU/Australia/New South Wales/Sydney/xxx.xxx.xxx.xx.static.exetel.com.au): 1 in the last 3600 secs - Mon May 14 00:04:44 2018
If I look in my exim reject log, I can see that the logins continued after this time.
How could...
I have a Xen host running CentOS 7. The NICs in use for the wan are p1p1 and xenbr0. I installed CSF but am not achieving any level of protection for the host. I've tried setting the NIC to both p1p1 and xenbr0 one at a time.
With the NIC set to p1p1, the guest OSes are still available.however the host os is completely unreachable. Switching the NIC to xenbr0, nothing is blocked.
Hi,
I have an ubuntu 12.04 kvm host/guest bridged network environment.
The host machine has a bridged interface br0 having ip A.
The guest vm machine uses the br0 interface having ip B.
CSF is working on both interfaces. FYI, for those wondering how to not break the bridge when using CSF on the host machine, create a /etc/csf/csfpost dot sh:
iptables -A FORWARD -i br0 -o br0 -j ACCEPT
Is there a way to reset the database that stores the hashes of the files (or directories) listed in the /etc/csf.dirwatch file?
We're working on our site again, and will be continuing to work on it. However, when we make changes, we'd like to inform csf / lfd about the changes so it doesn't send us an email every day stating that the directory contents changed.
I find CSF very difficult to understand, perhaps because it is so low-level in its configuration. I am getting an email message for every malicious intrusion to my web server, and each message is sent to an invalid address, in spite of editing file /etc/csf/csf.pignore ! I've searched the Web, and all I can find is advice to edit internal csf files, instead of using the WHM csf interface to fix...
I typoed my name and didn't notice and just TWO logins triggered where the count is specified to be 5 failures.
i..e these 5 lines were each counted, when in reality the first 3 actually belong to the same attempt
I shall need to be more generous with the numbers for this specific case:
Blocked: Permanent Block (IP match in csf.allow, block may not work)
Log entries:
Apr 15 10:35:31 city sshd...
Per title, if I specify a uid match, it seems to ignore the destination IP setting in csf.allow. To reproduce, add the following line to your csf.allow:
tcp|out|d=1234|d=1.2.3.4|u=1000
This should allow uid 1000 access to 1.2.3.4 on tcp port 1234, however after reloading the csf rules the actual rule in iptables is that it allows uid 1000 access to ANY destination ip on tcp 1234
I have a problem, my client is being blocked straight after this update CSF, I realized that this started to happen after the last update. How do I find out which e-mail account that is coming this syntax error because the CSF does not show me what email account.
I wonder if there is any syntax error solution, because as the customer is already authenticated to the server the CSF did not block...
Hello. A few days ago the main IP of our server was listed by Spamhause. The reason was:
This was detected by a TCP connection from 31.200.243.xxx on
port 48048 going to IP address 192.42.119.41 (the sinkhole
(sinkhole.html)) on port 80 .
The botnet command and control domain for this connection
was 04d92810.com .
This detection corresponds to a connection at Fri Apr 13 05:15:21
2018 UTC (this...
I tried to configure failed IMAP and POP3 login IP blocks in CSF config, by setting the following directives.
LF_IMAPD = 10
LF_IMAPD_PERM = 120
LF_POP3D = 10
LF_POP3D_PERM = 120
But it doesn't work and the IP is not getting blocked in CSF when checked using csf -g . I have verified that the IMAP/POP3 login attempts from the IP have exceeded the limit set(10), from the corresponding...
After unistalling and re-installing the firewall I get
Apr 04 11:43:06 server.curvagreek.com systemd : Starting ConfigServer Firewall & Security - lfd...
Apr 04 11:43:06 server.curvagreek.com lfd : Can't use an undefined value as a symbol reference at /usr/sbin/lfd line 7074, line 717.
Apr 04 11:43:06 server.curvagreek.com systemd : lfd.service: control process exited, code=exited status=25
Apr...
The following happens every day and I'm not sure why. Could someone explain the purpose of this? Is this intended, or is it an error?
How can I prevent it from happening, and is that recommended?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum