ConfigServer Community Forum

As the title, disabling Faststart killed my server.

Was getting this error: -

csf: FASTSTART loading Packet Filter (IPv4)
Error: FASTTART: (Packet Filter IPv4) [] . Try restarting csf with FASTSTART disabled, at line 3777

So done this, found on support geek: -

Edit csf config file located at /etc/csf/csf.conf and disable FASTSTART by editing FASTSTART = 1 to
FASTSTART = 0 .

Once the change...

Hello,
I am using MESSENGERV2. I have SSL enabled on domain but I not have any virtual host directives for domains or SSL certificates in csf.messenger.conf.
Only certificates in csf.messenger.conf is:
SSLCertificateKeyFile /var/lib/csf/ssl/keys/hostname.key
SSLCertificateFile /var/lib/csf/ssl/certs/hostname.crt
and
SSLCertificateFile...

Can not restart LFD anymore. The same problem on 2 servers:

root@server~# /etc/init.d/lfd restart
-su: /etc/init.d/lfd: No such file or directory

Tried:

root@server:~# lfd restart
root@server:~#

When I check /var/log/lfd.log file I see this line:

Jan 16 12:23:26 server lfd : *Error* attempt to start lfd when it is already running, at line 173

How do I restart LFD?

I'm hoping someone can help me with an issue with SSL from letsencrypt and CSF. Basically, I get an error as shown below whenever a site with SSL on my server is accessed.

(70007)The timeout specified has expired: AH01974: could not connect to OCSP responder 'ocsp.int-x3.letsencrypt.org'
AH01941: stapling_renew_response: responder error

I've ruled out issues with Apache and made sure the...

Hello,

I noticed that CSF now supports blocking at the CloudFlare level which is great, however I'm trying to use a custom log with a custom regex to trigger a block in CloudFlare and this doesn't seem to be working.

I've tried with it set as a permanent block and a temporary block but neither of these are triggering the API call to CloudFlare. I'm not using cPanel, just plain CentOS.

I have...

Hello,

I use CSF on my new CentOS 7 VPS server.

I have ran the firewall check and I see following warnings:

1. Check MySQL LOAD DATA disallows LOCAL
my.cnf file contains the following:
!includedir /etc/my.cnf.d

in that directory I have several files. in the file etc/my.cnf.d/server.cnf I have following

local-infile = 0

2. Check dovecot weak SSL/TLS Ciphers (ssl_cipher_list)
my...

Hello,

Excuse me if this is documented or been asked before.

Currently, when CSF block IPs, it is a blanket block (all ports). Is there a setting to block just the port that the bad guy/girl is attempting to brute force? I'm not keen on clients mistakingly entering, say, a wrong email password, get their IP blocked, and find out they are unable to access anything.

Thank you.

I use centos 5.10 32bit + cPanel 11.40.1 + WHMCS 5.3.3 on my VPS server. And my CSF is the newest v6.43. When I use Domain WHOIS Lookup in WHMCS admin panel, I get the warning message below: There was a problem connecting to the domain registry. Please check port 43 is open in your servers firewall. Error: 110 - Connection timed out

I try to use whois ip in ssh shell and get the message below:...

Hi,

Getting emails re: Excessive resource usage: tcpdump,

Any suggestions please?

Account: tcpdump
Resource: Process Time
Exceeded: 160445 > 3000 (seconds)
Executable: /usr/sbin/tcpdump
Command Line: tcpdump -vvv
PID: 695269 (Parent PID:110743)
Killed: No

Hi
I've tried many ModSec attacks (SQL injections) on my server to see if the IP will be blocked but noting blocked.
I saw apache log, it contains all the attempts from my IP.
csf.conf contains:

LF_MODSEC_PERM=1
LF_MODSEC=1

How to block the attacking IP?
Thanks in advance.

I've got a server with multiple public-facing IPs, and I'd like certain services to only be bound on certain IPs. Services like SSH and FTP can simply be configured to only bind to a single interface, but I've got a couple stubborn ones that insist on binding to them all.

What I'm basically looking for is something like CSF's TCP_IN option, but address-specific. For example, connections to...

hello - my csf page stopped loading in webmin, so i tried entering the following instead:

and now i see the following error:

Uncaught TypeError: Cannot read property '0' of null
at csf_init (csf.min.js:6)
at 162.216.114.36/:282

when i pretty-print csf.min.js, the console window displays an error at line 280:

, O = $('pre:contains( csf:...

Hello

I recently decided to set PORTFLOOD for my Dedicated server (with WHM). So I input bellow values :
80;tcp;20;5, 443;tcp;20;5

The problem is that in none SSL sites Flood controlling work nicely but in HTTPS site not working!

I want to mention :
For the test, I keep F5 key in Firefox (home page of site) and load average of CENTOS 7 wll increase immediately in https website but for other...

Hi,

I am using Cpanel on CENTOS 6.8 VMWare.
csf is set to auto update.

I could not find the upgrade logs for csf. But last week an issue began to happen.
My domian does not work with the www added when connecting from inside the same network as the VM / webserver.

When I test with csf disabled it works just fine.

I am assuming this was caused by an update?
I don't know how to fix it....

I get the below alert and I am used to getting these, but this one has been coming in 50 times a day for only one user/domain. How can i just remove this file or find out what is going on?

Time: Fri Nov 17 07:06:08 2017 -0500
File: /tmp/index.php
Reason: Script, file extension
Owner: usernamehere:usernamehere (1020:1022)
Action: No action taken

LFD continues to send Excessive resource usage emails as follows even tho i have set PT_USERTIME = 0

I can't understand where it is getting 1800 from, i rebooted the server and it still does it, also i tried to add
in csf.pignore...

exe:/usr/local/cpanel/3rdparty/perl/524/bin/perl

pcmd:cpanellogd - http logs for XXXXXX

and it does not ignore, i have even gone as far as to reinstall CSF, is...

This has been a bug for a long time so I figured I'd make an account and report it.

Whenever CSF (re)starts it's supposed to execute /etc/csf/csfpost.sh.
However, it does not execute this file after auto-updating.

CSF Version: Every version over the past ~year at least, currently running csf: v11.05 (DirectAdmin)
Running on CentOS 7 with DirectAdmin.
Csftest shows no problems.

On a...

We're getting hit hard by the infamous ( and probably nefarious ) majestic12.co.uk/bot .

I've added the various IP's it uses to Deny , but am wondering...:

Is there a way to block ALL requests coming from majestic12.co.uk/bot ?

Thanks in advance...

I'm getting recurring warnings from lfd dirwatch for this:

/tmp/libjansi-64-9053710114156324912.so

(Reason: Linux Binary )

This is apparently a legitimate library spawned by a user account running Minecraft Forge, so I'd like to suppress the warnings. I tried adding the following to csf.fignore:

/tmp/libjansi-.*\.so

Restarted and reloaded but I'm still getting the e-mails. Am I missing...

On one of our servers when running csf --rbl when I get the email it says:

RBL Check on web0.example.com: failures

Everyone of the IPs has all the RBLs listed in red with no other text. I've manually gone to each of the RBLs and checked the IP addresses and none of them are listed.

I'm thinking that the RBL check times out after a while and silently fails, then sends out the email with the...