ConfigServer Community Forum

Dear everyone,

I use directadmin control panel on my server. And I get the message below in csf cpanel:

Unable to connect to retry in 300 seconds. An Upgrade button will appear here if new version is detected

Could you please give me some advice? Thank you.

Redacted

after v11.05 update webmin module no longer loads.

CSF and LFD seem to be running right, but the webmin module page never loads for configuration control.

running on Debian 9, Ubuntu 16.04, and Debian 8

All stopped opening webmin page after v11.05 update.

On a normal web server where ports 80,443 are normally open to normal web traffic, we want to block a particularly nuisance IP range (for example 46.229.160.0/20) but allow access from an individual IP within that range (for example 46.229.160.1). Is this possible? It doesn't seem to be during my testing.

CSF periodically blocks an external SMTP server. I have to restart CSF and it will work again for a while. Simply restarting CSF is sufficient, I do not need to modify any configs.

Details:

1. I have SMTP_BLOCK disabled.
2. I am using an external SMTP server
3. I've whitelisted the IPs of that server in csf.allow.
4. It's similar to the topic SMTP_ALLOWUSER doesn't work intermittently, must...

I have tried this multiple times and it keeps failing. I know that it was working a couple of years ago.

In WHM > Plugins > ConfigServer Security & Firewall
I have edited csf.resellers thusly:
# For example, to allow reseller someuser to unblock IP addresses and have an
# alert email sent to root, use:
#
#someuser:1:USE,UNBLOCK
username:1:USE,ALLOW,UNBLOCK
#
In WHM > Resellers > Edit Reseller...

Hello,

I'm using csf with cPanel and so as we offer free webhosting and paid we've setup 2 network nics eth0 and eth1

eth0 - Which is default and primary, is used for free clients and has been limited to 80-100MB/s internet speed,
eth1 - Isn't limited it is just for paid clients.

Due to abuses i was forced to do this so now while setting this up i had some problems with port...

Time: Wed Nov 1 16:06:40 2017 +0000
File: /tmp/.X11-unix
Reason: Suspicious directory
Owner: snappie:snappie (506:517)
Action: No action taken

I'm unable to whitelist this file in either in the pignore nor the signore file. Usually a line like this works in other cases:

/tmp/.X11-unix/*

I am getting excessive resource usage emails for a script that runs on PHP using cron. Most of the time there are no warnings (even with the USERMEM threshold set as low as 10MB) but at least once per day I get emails for half an hour or so almost every time the script runs - these usually show Virtual Memory 300-400MB but it can be as high as 1GB.

The pertinent details of one of the emails...

We are seeing quite a lot of these on multiple servers. I believe lfd is subsequently killed. Anyone else seeing this?

$ grep pid mismatch or missing, at line /var/log/lfd.log
Oct 13 14:35:02 XXXX lfd : *Error* pid mismatch or missing, at line 1005
Oct 13 14:46:12 XXXX lfd : *Error* pid mismatch or missing, at line 1005
Oct 13 14:47:55 XXXX lfd : *Error* pid mismatch or missing, at line 1005...

Hello
i'm receiveing this alert : suspicious file alert

File: /tmp/kXÐA»K Sk 0K 9Ð
Reason: Suspicious directory
Owner: : (1250:1262)
Action: No action taken

But when i check on /tmp , i dont find this directory .

root@ # ls kXÐA»K Sk 0K 9Ð
/bin/ls: cannot access kXÐA»K Sk 0K 9Ð: No such file or directory
root@ # cd kXÐA»K Sk 0K 9Ð
-bash: cd: kXÐA»K Sk 0K 9Ð: No such file or directory...

Hi there,

About a week ago I purchased a VPS with cpanel, under recommendation of the VPS company I installed CSF.

Since then I am receiving around 20-30 emails an hour telling me someone has failed to login to my cpanel.

Here is an example of the email:

Time: Wed Nov 1 14:15:11 2017 +0000
IP: 46.188.117.147 (RU/Russian Federation/broadband-46-188-117-147.2com.net)
Failures: 5 (sshd)...

Hi everyone,
I need some help if anyone can. I am running into an issue. I currently have a dedicated server that I have setup as an KVM Node. When I try to spin up an VPS, it works great. However, as soon as I install csf, the IP's become unpingable after rebooting. I have tested installing cpanel with and without csf, and I can confirm that it appears to be an csf issue. I cannot figure out why...

Dear all,

What could be the reason for below error? I try to install the script on XEN VPS running CentOS 6.5

root@shared01 # perl /usr/local/csf/bin/csftest . pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...FAILED - Required for csf to function
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing...

Hi, moved to a new server, using EA4.

Installed CSF and run security check gives this advice, which I don't understand. Can you advise?

PHP Binary PHP binary not found or not executable

Hi everybody,

in last couple of weeks - month We have experienced mass e-mail sent from our users that had hacked smtp's but We didn't got any notifications about them sending big amout of e-mails. We suspect that this might be cos of hackers bein more smart and not sending from one IP rather then from multiple IP's and there is no reaction from system to sent notification to us about it.
We do...

please help me, after re install server and install CSF, Mail Check, Apache Check, PHP Check, WHM Settings Check not detect :(

please, help me.

Problem of receiving mail and sending mail

on the server problem getting mail and sending mail.. The problem is solved when we disable CSF.
How to solve this problem?

Our Settings

SMTP Settings:
SMTP_BLOCK = Off
SMTP_ALLOWLOCAL = Off
SMTP_REDIRECT = Off
SMTP_PORTS =
SMTP_ALLOWUSER = cpanel
SMTP_ALLOWGROUP = mail,mailman
SMTPAUTH_RESTRICT = Off
------------------
IPv4 Port Settings:
TCP_IN =...

Hi, first of all, sorry for my English, because it is not my native language and hopes you will understand my needs.

I have the problem with traffic what comes from CloudFlare.
Problem is, the firewall is not blocking traffic from Cloudflare because I have Cloudflare IPs in firewall allow.
Time: Sun Oct 22 13:17:49 2017 +0200
IP: 162.158.90.225 (DE/Germany/-)
Failures: 3 (mod_security)...

The recently introduced check for the ModSecurity IP persistent storage size seems to have a bug.

I began getting alerts that /var/cpanel/secdatadir/ip.pag was 15GB in size, so I dutifully ran /scripts/shrink_modsec_ip_database -x to shrink the file to 37MB.

However I continue to get emails from LFD claiming that the file is over 15GB in size.

The relevant lines of csf.conf are:...