I use cfs on my cpanel server, I map a network drive for backups. It is a windows share. When mapping with cfs OFF everything works fine. When enabled it wont map. My question is A: is there a way to allow all ports and connections to internal ip?? Or B: how do I I allow this?
Hi - this is my first post - but I have been an reader of this forum for a long time and learned a great deal.
I run a VPS with a number of low traffic, largely static Wordpress sites. It is Centos based and I use W3TC caching and a CDN to offload the server, which is very underutilized. I run Apache Forked with keep alive.
It is well configured - everything works smoothly - and CSF/LFD do a...
I'm working on a setup that ideally would allow a single master to send blocks to all servers.
The setup i'm trying to achieve is this;
Slave(s) send all blocks to cluster master, and then the master sends it to the cluster slaves.
This way i can configure all slaves to SEND/RECEIVE from master IP and then the Master IP forwards all blocks to SLAVES.
I just set up a Debian 7 server, and installed exim for outgoing mail.
I have SMTP_BLOCK enabled, but it's officially supposed to let exim through.
When I check the /var/log/messages file though, I see that outgoing port 25 is being blocked, even though it's open in the config file.
It seems like CSF isn't detecting and letting exim send outgoing mail.
I finally checked the user that exim was...
I'm looking to collect data about attackers , and I've been able to get started by parsing lfd.log into a database, but lfd.log only shows brutes ; it doesn't show all failed logins and port knocks. I'd like to be able to get all failures. I have found the list of logs at the bottom of the csf.conf file, but writing a parser for each log seems like something I might not have to do, since CSF is...
I am not great at doing regular expressions to suppress certain messages from appearing in my hourly logs. Since I upgraded the servers to CloudLinux, I am seeing a slew of these messages and would like to remove them from the log. According to Sarah, I need to add an ignore in the csg.logignore which will not stop CSF from blocking or handling these threats, but it will remove it from the hourly...
I recently upgraded my Invision Power Board forum to their latest 4.x version, and now have an issue with my Mod Security rules--specifically the use of emoticons in a post on my board now triggers Mod Security and 406 blocks users. I've done some research on this, and am hoping you can help me find a solution--if so could you please post it here?
Any tips on how to get this working? I tried the code below and it still doesn't work. When I restart LFD, it doesn't list all of the files. I also tried setting htaccess to a single domain and then failing the htaccess multiple times and nothing is happening. Any ideas?
I have postfix+dovecot+openDKIM running fine in my CentOS (without ccpanel). All softwares are configured and running fine. OpenDKIM uses milter/filter in postfix and call an script (perl) using 'spawn' proccess to run this filter. Without LFD started, everything works fine. If I start LFD, this script stops working. I alread tried to add this script and 'spawn' executable to proccess ignore...
Hello,
I'm trying to use Check for IPs in RBLs , but getting:
New x.x.x.x (PUBLIC)
NOT CHECKED
information for every server's IP.
Any hint?
I tried to find out if anything should be configured for that, but no posts about similar problems nor information about configuration.
wondering where csf store the blocked ip´s when you have temporary ban enabled? csf.deny i guess is for the permanent and i thought should be in csf.tempban but i do not see any ip on this one when i receive the blocked email alert.
My webhost (Linode VPS) has recently become the target of DDoS attacks. I've put my site behind Cloudflare (free) but it doesn't seem to be helping at all.
So I've decided to give CSF a try. I'm running Centos 6.5 with standard LAMP setup for a few Wordpress sites. After installing CSF I setup the UI in the config file and restarted both CSF and LFD but I'm unable to gain access to the...
Have a strange issue here. Recently a VPS we manage has had massively increased traffic (400%+) than usual. With CSF/LFD enabled, even though load on the box is low, connections are extremely slow and often timeout or take over 20 seconds to load. With CSF/LFD disabled, connections are much faster and don't timeout at all.
No recent configuration changes have been made, and we use the same...
Hi, I am on a GoDaddy VPS, and I am having the issues like such:
Testing ipt_recent...FAILED - Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit...FAILED - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...FAILED - Required for MESSENGER feature
Testing...
Retrieved and blocking blocklist XYZ IP address ranges
IPSET: loading set new_XYZ with 167 entries
IPSET: switching set new_XYZ to bl_XYZ
*Error* IPSET:
(btw on another server not using IPSET the blocklist was applied but that is probably obvious)
I ran into a potential bug with my new cloudlinux + Cpanel + CSF setup.
Recently I've setup a new Virtual Machine on a VMware platform with cloudlinux 7, after activation I proceeded to install WHM/Cpanel on this machine (without problem).
As per security conventions I then proceeded to install the configserver (CSF) plugin, which installed without error. I've followed the installation...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum