ConfigServer Community Forum

Ok, so most of my machines are cpanel.
This one is just a plain centos box.

So i installed csf as usual, and restarted it...

*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

Ok, no problem, lets install it...

Package 4:perl-5.10.1-136.el6_6.1.x86_64 already installed and latest version
Package perl-IO-Socket-SSL-1.31-2.el6.noarch already installed and...

Can I include command separated port numbers in the csf.deny file?

For example I have the following:

tcp|in|d=80|s=89.248.160.0/21 scannerbots googlemapsexploit QUASINETWORKS SEYCHELLES - do not delete - Tue Apr 11 14:49:02 2017

And I want to block port 443 too

tcp|in|d=80,443|s=89.248.160.0/21 scannerbots googlemapsexploit QUASINETWORKS SEYCHELLES - do not delete - Tue Apr 11 14:49:02 2017...

Hi all,

Have I formatted these csf.pignore exceptions correctly? I still get emails. I have restarted csf+lfd, also.

cmd:php-fpm: pool siteone_com
pcmd:/opt/cpanel/ea-php56/root/usr/bin/php /home/siteone/public_html/bin/magento *

Original emails are as follows:

Time: Sat Feb 11 10:39:31 2017 +0800
Account: siteone
Resource: Virtual Memory Size
Exceeded: 565 > 256 (MB)
Executable:...

Hello,

I have configured this regex.custom.pm

# setup-config
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] \w*(?:GET|POST) \/wp-admin\/setup-config\.php.* /)) {
return ( setup-config attack ,$1, setup-config , 20 , 80,443 , 3600 );
}

As you can see, the trigger level is 20
and the temporary value is 3600

But the block is done on 10 triggers and 1800 seconds

Time: Sat...

I am running latest CSF on Centos 7.3 with latest CPanel release 66. CSF is configured as per profile protection_high.

The following instructions were done on my server's CLI.

whois my-hostname ---> works perfect
whois my-server-ip ----> time out error

but

whois 8.8.8.8 ---> works perfect :-?

After verifying that my provider did not block anything related to port 43 or whois, I deactivated...

Hello,

We're having the xtables lock issue:

Jul 11 02:05:27 lfd : *Error*: Unable to check csf due to xtables lock, enable WAITLOCK in csf.conf

I've checked other threads and it says this should have been solved in a previous version of CSF.
We're running version 10.14:

# csf -v
csf: v10.14 (cPanel)

I don't know if this is a bug or if something is really using iptables, but so far we...

We use SASLAUTHD for SMTP authentication with sendmail. saslauthd failures log to /var/log/messages, but don't include the IP:
---
08:12:41 XXXX saslauthd : do_auth : auth failure:
---

But this corresponds to the following entry in /var/log/maillog:
---
May 8 08:12:41 XXXX sendmail : q48CCUdi023216: a.b.c did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
---

Would it be safe to block...

Hello,
I am working on a new install of csf. I am getting traffic blocked even in test mode. This is on a VPS in hostgator centos 6.9
WHM 66
Aug 23 10:08:14 bam kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=fa:16:3e:89:99:17:00:1c:73:63:e5:9b:08:00 SRC=XXXXXX DST=XXXXX LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=15024 DF PROTO=TCP SPT=9441 DPT=80 WINDOW=55520 RES=0x00 SYN URGP=0

in...

Hi,

I'm struggling to get the recaptcha working on my server and was wondering if anyone could help?

I've disabled Domain Name Validation as mentioned in the docs and the key

Redacted

Hello CSF Team :),
At the time of this writing, I am using CSF v10.22

I have installed CSF on my cPanel servers and all of them are up to date with the current version.

Today I was testing and installing docker containers on one of my cPanel servers, and all was working well. The docker container was loading perfectly on http:// :45566

I then had to add one of my IP address to the whitelist...

Hello,

I have the following case here with my CSF. It is able to find a suspicious and excessive processes running on the server, but it does not kill/stop them. For example :

Time: Mon Aug 7 10:13:26 2017 +0300
Account: username
Process Count: 20 (Not killed)

Process Information:

User:username PID:3806 PPID:3343 Run Time:2469(secs) Memory:482564(kb) RSS:55036(kb)...

Hello

LF_MODSEC Stopped Working on All of My Servers with Apache 2.2

Can You Help Fix This ?

But Work Fine on Servers With Apache 2.4

I have 20 Linux servers hosted in the cloud. I installed CSF on all them, I want SSH to be accessible specifically on our office Internet IP so that it won't be accessible somewhere else. Is this possible? If it is, how do i set it on my CSF Conf.

Thanks

I am trying to get the following to work under one rule:
Jun 19 09:36:02 SERVER wp(SITE) : Authentication attempt for unknown user Admin from IP
Jun 20 19:03:38 SERVER wp(SITE) : XML-RPC authentication failure from IP
Jun 20 08:13:55 SERVER wp(SITE) : Authentication failure for admin from IP
Jun 21 14:49:46 SERVER wordpress(SITE) : XML-RPC authentication failure for admin from IP
Jun 21 14:49:48...

So there's basically three hack attempt strategies on my server I'd like to just stop.

SSH login - I know IPs get blacklisted after 5 failed attempts within x minutes, but I only SSH in from a handful of IPs. There's a chance some of these IPs will lose their DHCP reservation and change, but I have at least one static IP. So I assume best solution is to remove port 22 from the allowed ports and...

Hi

I'm using a modsec rule to detect and block joomla and wordpress bruteforce attack. This is working well, but I would like to block also the IP with CSF. Therefore I set LF_MODSEC=3, but it doesnt work. I'm using cpanel and in /usr/local/apache/logs/error_log it looks like this:

ModSecurity: Access denied with code 401 (phase 2). Operator GT matched 0 at IP:bf_block.
ModSecurity: Access...

We are facing the email issue under one domain and we are trying to trigger the mails via gmail.We are getting the below error as,

Mail delivery failed via SMTP server 'smtp.gmail.com'.
SMTPAuthenticationError: 535
Incorrect authentication data

(or)

Unable to access account

After restarting the server firewall mails are working fine.We have also checked each and every logs but we couldn't...

Dear all,

I am note sure if anyone have issue with MTU after the new version of CSF?
If i active csf by command csf -e, and if i use MTU website to check the IP MTU, it drops to 1496.
But if i instantly disable it by csf -x., It goes back to 1500.
This MTU problem affects my server connection.

I am able to solve this problem by disableing the packet filter on one of my cpanel server, but not...

First off, I am not sure where to post this questions so I do apologize if this is in the wrong forum.

I been using Gmail to receive my emails from all my websites for a few years now.
Couple days ago I noticed that I didn't receive any emails so I checked settings in Gmail and saw Connection Error. Mail from this account has not been retrieved since Apr 2 for all of my email accounts. I then...