cPanel introduced a check for the Dovecot LMTP process that connects as root to 127.0.0.1 on the socket /var/run/dovecot/lmtp.
How exactly would you whitelist something like this in CSF? Have been searching for the last half hour, and am not seeing anything. Maybe I am just overlooking things, but am really confused at this point.
cPanel says ... To resolve this issue, either open...
Hello,
Since some time we are getting Suspicious process running under user mailnull notifications. I include the notification below. We restarted Exim, but without any luck.
The process itself is:
PID: 7992 (Parent PID:7922)
Account: mailnull
Should we kill this process or are there any other things we could do?
Hello ,
we're having multiple instances of csf installed, one of them ( server name: A30 ) reports a error:
lfd on A30: SYSLOG Check Failed
Error: Failed to detect code in SYSLOG_LOG
SYSLOG may not be running correctly on A30
Above mentioned file exists, csf can read/write to it.
Manual search for control string finds it:
# cat /var/log/syslog | grep hpi8op2eMzu93Rjbb6rdE4t
1...
Is there way where we can limit out going emails per email per hour . Say from Webmail / Pop3 email1@domain.com, email2@domain2.com can send max 200 emails for hour. If he sends more then 200 email that email user should be blocked .
*Exceeded LOCALRELAY limit* from aadmsces (101 in the last hour)
Aug 1 11:18:41 ly1 lfd : '/home/aadmsces/public_html/newsubsr' has been disabled
Is there a way to exclude certain domains from this , like all the domains should follow this limit except domain.com and domain1.com can go up to 1000 per hour or no limit.
I have csf running on a centos 6.5 box with webmin/virtualmin
server is running bind-9.8.2
when I run the server check test I get a warning that says:
You have a local DNS server running but do not appear to have any recursion restrictions set. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only
Hi, i have created a phpmail script that uses smtp auth, when the firewall is disabled the script works fine and the email arrives to the user, but when i enable the firewall the emails are blocked
This is what i found on the log file /var/log/messages
Jul 28 09:08:27 core kernel: Firewall: *TCP_OUT Blocked* IN= OUT=enp5s0 SRC=10.45.18.66 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=50199...
I have tried multiple times this week to unblock various ip's. When I enter an IP in the Quick Unblock field I get not found in csf.deny
Taking the same IP and doing a Search brings up the listing in csf.deny. Trying to unblock from the search result page also fails with the not found in csf.deny error.
so then I have to go in and manually locate the IP and delete.
I am unable to run csf -u successfully as I keep getting an error:
Unable to download: Protocol scheme 'https' is not supported (IO::Socket::SSL not installed)
- The 'box' does not have an SSL certificate.
- I followed other suggestions:
- installing libwww-perl and LWP-Protocol-https. It was already installed and up to date.
- csf -a 85.10.199.177
In one of the servers that we manage, we don't want to run any mail server. When we setup CSF and start it, lfd is stopping soon after it has been started. We removed SENDMAIL path line from csf.conf and restarted csf. Still lfd wouldn't run.
------------------------------------ lfd.log entries --------------------------
Jul 25 00:00:02 localhost lfd : Unable to send SENDMAIL alert via []:...
Hi, I recently installed CSF as per instructions and set testing mode to 0 and also for safety sake added my IP address to allowed and ignore (for LFD).
As soon as I ran restart using cfr -R I got booted from SSH session and my WHM, CPANEL, sites, DNS, Mail and everything went down. I could not access the IP of the server for any services form any location.
Hello, anyone please can help me with this... Do i have been attacked? I have this log, and you can see from a lot of diferent IPS and they are try to connecto to several Ports.. What Can I do To STOP this?
Thanks.. Carlos Costa
THE LOG
Jan 6 09:33:45 server pure-ftpd: (?@186.167.34.150?) New connection from 186.167.34.150
Jan 6 09:34:45 server pure-ftpd: (?@186.167.34.150?) Logout.
Jan 6...
Hi,
when CSF run a cron for check for updates and find an update it send to me an email notification but is not sent to the email address I set in the config for receive notification but is sent to root address who generate Deliver Status Notification. How I can set a different email address to be alerted of the update process?
Thanks.
Maybe I have to set a valid email address in X_ARF_TO = ?...
I have question about Blocking all ICMP except these Dynamic DNS
file (csf.dyndns) - all listed domains will be resolved and allowed through the firewall
If I add Dynamic DNS in these & disallow ICMP to 0 value in configuration will the ICMP be allowed in these Dynamic DNS or not
If no , then how to make it only on ICMP to these Dynamic DNS ?
I have this issue with CSF that I have added the cloudflare IPV4 ip's to the allow list and also csf.ignore but it still blocks cloudflare and I can't access websites while the csf is activated!
let say this (108.162.225.114) which blongs to cloudflare! the whole block is whitelisted in both allowed ips and ignore file!
I tried to lookup this ip in the blocked list 108.162.225.114, but...
I've had this problem for a while now, each time CSF auto updates, my NAT rules in /etc/csf/csfpre.sh are lost in the iptables chain. As the server in question is a VPN server, these rules are required for internet access, all VPN clients thus lose internet connectivity every time CSF updates itself.
The fix is relatively simple, restarting csf with csf -r will re-apply the rules, however...
Please help me to mitigate DDoS attack. I used own script which parse access.log and block IPs in default way - csf -d
The problem is CSF (latest cpanel version) can't block some IPs, every time I got error:
--
deny failed: is in already in the deny file /etc/csf/csf.deny 1 times
--
This IP seem to be blocked, but it still have full access to my server. However, most IPs are...
Ever since I installed CSF+LFD and Fail2ban I see these incoming udp (which gets blocked) lines on port 33445 every 10 seconds in my /var/log/messages. All these have the same source aswel.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum