ConfigServer Community Forum

Config server firewall for
-How is it established?
-interface help?
-advantages and disadvantages

Briefly will you tell me? :confused: :)

I've followed the advice in this post however I'm still getting reports like:

Time: Tue Oct 18 07:04:10 2016 +0100
Account: mailman
Resource: Process Time
Exceeded: 185573 > 1800 (seconds)
Executable: /usr/bin/python
Command Line: /usr/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
PID: 15854 (Parent PID:15837)
Killed: No

My pignore file contains all of...

Is it possible to block IPs from reaching any of the VEs inside an OpenVZ node?

We have CSF installed on the host node. Some of the VEs do not have CSF installed. We are wanting to block certain IPs from accessing those VEs. Blocking the IP on the hostnode doesn't seem to have any affect.

I suspect it's tied partly to the fact that:

/sbin/iptables -A INPUT -i venet0 -j ACCEPT
/sbin/iptables...

I have been running Plesk web hosting for years behind a firewall appliance. Before that we were rooted often enough. Now we've added cPanel and almost instantly 100/100 strong passwords are hacked. cPanel knows nothing :( We installed APF/BFD and they got right around it. We installed CSF and they got around it because we had not blocked SSH. We seem to think that they are getting in from...

Ever since the beginning of October, my CSF has been blocking my FTP connections, active, passive, etc.

It is the usual block, whereas I mean I can log in, but I cannot 'retrieve directory listing'.

I have tried plain FTP

I have the passive port range uncommented within the csf conf file, and it says 30000 50000 as it should.

TCP_IN has 21, etc all ready to go.

I thought I may have done...

Some time back our main server on stopped sending Server Check emails with the current CSF Status to me.

I used to get them once a week::Subject Server Check on

Our hosting support cannot get them resumed.
Setting the Generate and email this report to the email address (My Address) on the Check Server Security page makes no difference.
It runs csf v9.25.

There does not seem to be a Send...

Hi,

CSF version 9.25

tail -f /var/log/lfd.log

..
..
..
Oct 29 12:05:08 vps40 lfd : *Error* attempt to start lfd when it is already running, at line 161

csf -r will say lfd has started, /etc/init.d/lfd restart will also say 'ok'. But /etc/init.d/lfd status will say 'stopped'.

It is a VPS (KVM) with 2Gb memory, cat /etc/debian_version 7.11

On all my other vps's (which are cat...

Up until today I have been able to upload images or what have you in my wordpress blog with no troubles. Today after a recent update to csf I noticed that the only way I can upload is to disaable the firewall. Never had to do this before. What has changed in csf configuration that has caused this? Must be something you've done as I said no issues until today after update. Can't seem to find any...

I have 4 classifieds websites that are local in nature and I want to block access to all countries except one for all 4 websites. Is this possible with csf without affecting the rest of the server? Ideally, I would like to allow access from only a certain ip cidr ranges but not sure if that is possible with csf either. Any ideas or solutions greatly appreciated.

Dear All

I NEED HELP

I have 3 servers with install csf and config Exim SMTP AUTH Restriction
two servers works normal, bus one server file exim.smtpauth lost configuration when use command csf -r .

# ll exim.smtpauth
-rw-r--r-- 1 root root 9524 Oct xx xx:xx exim.smtpauth

# csf -r

# ll exim.smtpauth
-rw-r--r-- 1 root root 132 Oct xx xx:xx exim.smtpauth

I must do this all the time when using...

I'm running csf: v9.24

On the following:
Operating system CentOS Linux 7.2.1511
Webmin version 1.810
Virtualmin version 5.04
Theme version Authentic Theme 18.10

Now when I go to ConfigServer Security & Firewall section in Webmin. It starts to load the main CSF Plugin Page, but then instantly bumps be back to the main Webmin Dashboard.

Issue is only with this plugin,

However what's strange is...

How i am seeing following error all over my /var/log/lfd.log file

Unable to retrieve blocklist RBN - Unable to download: Not Found

Above error is repeating every 30mins. Can anyone help me figure whats the problem and how to stop seeing this error.

Thank you.

Hello, guys i am trying to allow access to only one IP on a specific port to my server. After Googling i find something.
In csf.allow i have put this
tcp|in|d=5080|s=x.x.x.x.x
after doing this. i have reloaded csf using csf -r
then used a proxy and asked my few friends everyone is able to access what is the reason behind this ?

Some time back, someone shared a script which could allow Remote MySQL IP's through.

Here's the script:

mysql mysql -e select Host,User from user where Host!='localhost' group by Host; | awk {'print tcp:in:d=3306:s= $1 \t# $2'} | sed s/\%//g | egrep {1,3}\. {1,3}\. {1,3}\. {1,3} | grep -v 127.0.0.1 | sort | uniq

Running the script in SSH gets a list of IP's, and if I allow an IP manually...

Hey guys,

Recently I had a major attempt on port 21 and I thought to change the FTP port for more security.

I use Pure FTP and I changed the port in the /etc/pure-ftpd.conf file from 21 to 10290 like this: Bind 10290
Also I allowed port 10290 in csf in both TCP_IN and TCP_OUT. Basically where port 21 was mentioned at the csf config, I changed it with port 10290 .

I tried to login using...

Hello,

Tested on 3 servers. centos6 and centos7
if someone got banned for portscanning , his IP doesn't sent to csf.deny file. and of course you can't unblock it's IP or find it in /etc/csf/csf.deny , it just shows in /var/log/lfd that this IP is blocked.

However there's no way to unblock it by anyway because it doesn't in /etc/csf/csf.deny, and csf -tr doesn't work too.....and you have to...

Just thought I would post this here as it may help someone in the future.

I could not get LFD to start on 2 VPS's that had minimal installs of Ubuntu.

In the end what worked for me was installing sendmail.

Hi,

I am new to csf and lfd. I am facing a problem for last few days.

My server is sending emails to me with title Excessive processess under a user .

The email contents are following (replaced actual username with )

Time: Fri May 27 08:25:09 2016 +0530
Account:
Process Count: 31 (Not killed)

Process Information:

User: PID:31536 PPID:31534 Run Time:22(secs) Memory:391256(kb)...

OK so I set up CSF on centos, with webmin.

After enabling it and trying to access SSH with a VPN ip, I still get the login screen (and can still login).
When I try to access webmin via port 10000 I am however denied.

So what is the issue here? Why is the webmin port correctly blocked, but the SSH port not?
I am using a custom SSH port, is that the issue?

Hello guys,

Sorry im newbie, im builting CSF on CentOS 6.7. Now i want to create a user and that user can use CSF for unblock IP on server or do something to unblock IP without root user.
Can someone suggest me something to do?
:confused: