For a server I manage, I explicitly want to receive notification emails of successful ssh logins. I've enabled this, and allow-listed my own fixed IP address.
My customer can login to one account using ssh, but doesn't have a fixed ip. Is there a way to allow-list the public ssh key he's using?
An example of such notification would be:
Nov 28 13:05:51 srv sshd : Accepted publickey for...
Currently, I get a ton of emails like this:
lfd on : Suspicious File Alert
Time: Mon Nov 27 10:17:20 2023 +0100
File: /tmp/xxxxxxxx.o
Reason: Linux Binary
Owner: varnish:varnish (xxx:xxx)
Action: No action taken
These files are created by Varnish when it compiles the VCL for reloading.
However, I already whitelisted the varnish user from /etc/csf/csf.fignore like this:
user:varnish...
Hi,
I have already looked around this form , but did not come to a positive conclusion in the end.
I have been working for years with csf (and now also with cxs ). Now I am getting 'weird' messages on /opt/cpanel/ea php81/root/usr/sbin/php-fpm. Especially since multiple files are being opened/transferred.
I have investigated the ip's and they are from cloudflare and google (even 1 from...
Recently I disabled WP-CRON for wordpress and started using CPANEL with WGET to replace it. I've started getting emails lfd on XXXXX: Suspicious process running under user . I found some instructions on where to go to tell CSF to ignore these in the /etc/csf/csf.pignore edit, but I'm unclear exactly how to do this. Here is what the LFD emails are showing:
SYSTEM INFORMATION
OS type and version Rocky linux 8.8
Webmin version 2.101
Virtualmin version. 7.8.2
Config server Firewall(CSF) verison 14.20(generic)
I want to see alerts of outgoing emails from my server when they cross a certain limit and I have configured everything accordingly but alerts are not coming in my given email. Everything is working fine except Relay Tracking. We are using...
I've always used CC_ALLOW_FILTER to block non-US IPs, but I recently began using Cloudflare and now all connections come from a Cloudflare IP! My server load has skyrocketed, so I don't think that CSF is able to block non-US IPs anymore.
I blocked them in Apache configuration, but I think that runs after CSF, too, so I'm still getting the Apache connection for each request. And I'm talking about...
We are warding off a country denial of service attack on a WHM Exim server that has been ongoing for around 1 week. The attack takes the form of 1000s of servers sending email to non-existing recipients on the Exim server, quickly overwhelming the Exim's server's connection count limit ` smtp_accept_max `. The default for Exim is 20 connections. The default for cPanel is 100 connections. In our...
I've seen a lot of threads related to using Cloudflare, but no answers :-( Hopefully this thread will be the exception!
I've always used CSF's CC_ALLOW_FILTER to block non-US IPs. But I started using Cloudflare in September, and now that all incoming IPs appear to come from Cloudflare I don't think that this is working.
I tried enabling CF_ENABLE, but nothing changed so I think there must be...
After making all needed updates in my Ubuntu 20.04 server and restarting it through WHM I was not able to access the hosted sites(they are not propagating) and I was not able to check for Ubuntu updates through apt-get update.
The configuration of the csf v14.20 was unchanged and before the restart it was working perfectly.
My port settings are the following:
TCP_IN =...
On my VPS I use:
- WHM/cPanel v114.0.11
- CloudLinux v8.8.0
- Plug-in: ConfigServer Security & Firewall - csf v14.20
I am a beginner.
On my VPS I host several websites for others. Also, the VPS serves as a mail server.
Part 1:
I perform all management tasks for my VPS from 1 fixed IP address for example xxx.xxx.xxx.xxx.xxx. This IP address should never be blocked and all ports...
Sorry I am sure this has been asked but i can't seem to find it. I have a server with multiple ( 16 ) ip addresses. What i want to do is open specific ports on specific ip address of that server so for example:
ip: xxx.xxx.xxx.xxx i want to open port 6697 but don't want that port open on ip: yyy.yyy.yyy.yyy
tcp|in|d=6697|d=xx.xx.xx.xx from what i understand would be like if i wanted to open port...
I am trying to configure csf to allow tcp and udp in and out on ports 1514,1515,5601 and 9200. After I save these changes in the csf.conf file, verify the changes have actually been saved and restart csf, the changes take effect for a few minutes to an hour and then the csf.conf reverts to it's default version by itself. This happens both when I do it from the terminal and when I use the UI to do...
I would like to ask if there is a conflict in using ConfigServer Security & Firewall (CSF) even if we already have CloudFlare and Azure NSG. My understanding is that it will provide an additional security layer in WHM/CPanel, but our network admin has suggested not to install it due to a possible conflict. Any suggestions and recommendations are appreciated.
hi,
i have csf in centos7.9 with cpanel and when csf is enabled, host tracker cant ping ip server or any website,
when i disabled csf, everything is completely works fine,
so whats the problem?
in my all servers the problem is the same with csf.
* when csf is enabled, everyone can access their website or server but websites like host-tracker.com or check-host.net cant ping them with timeout error.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum