ConfigServer Community Forum

Hi Guys,

Just tried using this new UI on Webmin, it work's great, however the email never arrives :(

Should there not be a cron or something setup for it, as it does not seem like it.

See screenshots:

1) Webmin:
2) SSH:

Any ideas?

Cheers,
Dara

We are new to CSF but have been on cPanel for a good amount of time now.

We are receiving a lot of notifications that we wouldn't expect and I'm not quite sure what to make of them and I was hoping someone might be able to explain a bit.

The Notifications are:

Time: Thu Sep 24 10:40:45 2015 -0500
Account: main
Resource: Process Time
Exceeded: 5446 > 1800 (seconds)
Executable:...

Hi,

I'm having trouble getting CSF firewall to work...

My understanding is that the default behaviour is block/deny all. However this doesn't seem to be happening.

In csf.allow I have:

my.ip.address.here

And then I want to Block all other access to port 22 / ssh

I would have expected this to work by default if the default is deny all but nope.

I added the following to csf.deny:...

I have blocked several countries in csf.conf file. Restarted CSF/LFD.

CC_DENY = CN,BR,CA,HK,TW,RO,RU,UA,MD,KZ,TH
IWhen I check the Nginx logfile it shows the following:

61.135.190.69 - - GET /s5.css HTTP/1.1 403 198 - Mozilla/4.0 (comptible; MSIE 8.0; Windows NT 6.0)
158.69.27.74 - - GET / HTTP/1.1 403 570 - Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko)...

Hello

i was trying to loging to my server via ssh but i cannot so i login to whm so i can disable firewall and have able access again to ssh

i search for error messages logs and i found this

Sep 23 13:41:51 3390cc-xeon kernel: Firewall: *TCP_IN Blocked* IN=bond0 OUT= MAC=00:25:90:e8:32:ce:cc:4e:24:67:c7:00:08:00 SRC=192.168.1.1 DST=10.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=8754 DF...

hi team,

Here is the regx i made but its not working. I have to block the ip and the logs line is

NOTICE chan_sip.c: Call from '' (37.8.5.217:12242) to extension '011972547851891' rejected because extension not found in context 'my_context'.

IP i have to block is 37.8.5.217

The regx i have written is

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /\ NOTICE\ chan_sip\.c\: Call from...

Does csf monitor postfix logs for SMTP port attackers, to be blocked ?

I need for postfix on my servers. See alot of repeated attackers, making for much of the traffic in a day

I have paid for server hardening (service was pretty fast. Hopefully the server stays ups).

The sys-admin recommended using LF_SPI = 0 because the iptables were kind of broken.

Can anyone help to explain the differences as to what additional protection you get for Dynamic firewalls instead of static ones?

From what I can tell, it's still rejecting users on failed logins, which is a lot more...

After install I got this problem. I reinstalled Debian and DA and still get this problem:

ConfigServer Security & Firewall - csf v8.05

Restarting csf...

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain...

Hi Guys,

We have a few VNs running on Citrix and I wan to use the console but when I do I get TCP_IN blocked. Reading up, I know the destination port and want to customize the above variable.

At the moment it is : PS_PORTS = 0:65535,ICMP

I want to exclude from scanning port 5900 through to 5999 inclusive on TCP.

Reading the conf, I think I would set :

PS_PORTS = 0:5899,6000:65535,ICMP,OPEN...

Hello,

I was just wondering how I can pass the actual contents of the LF_SCRIPT_ALERT to the bash script for LF_SCRIPT_ACTION, example my LF_SCRIPT_ACTION is set to

/etc/csf/csf.lf_script_perm_action

which contains

#!/bin/bash

# email subject
SUBJECT= $HOSTNAME - Possible Spam Script

# Email To
EMAIL= email

# Email text/message
# EMAILMESSAGE= /tmp/emailmessage.txt
EMAILMESSAGE= TEST...

I just can not get the custom regex rules to work for me. I look in the CSF ip deny section and no IP's are ever blocked due to the rules below. Any help is appreciated. I missed something, just don't know what.

OS: CENTOS 5.11 x86_64 xenhvm
WHM 11.48.4 (build 4)
CSF: v7.69

I have used the custom regex rules posted by Sergio in this thread:

I copied and pasted them into...

I'm intermediate with sytem-admin and have a new dedicated server with host gator. (Not a VPS)

I have a default installation of CSF, but many users are complaining that their website is down.

I am able to view the websites on my own computer (i'm probably white-listed), and using some 3rd party website-viewing services.

When i get the IP address from my clients, they are NOT in /csf/csf.deny...

Grepping is not helping me here, maybe I am searching badly.

I assume the hard coded internal list was chosen for a reason instead of the blocklist method where they are externalized by default?

I mad some changes to csf.blocklists and every few days it gets reverted back to its default. Where do I need to change either default or to stop it from being reverted.

I am getting these every minute:

Subject:

lfd on webserver.XXX.co.uk: Excessive resource usage: xxx (4879 (Parent PID:4857))

Time: Thu Sep 10 14:52:45 2015 +0100
Account: XXX
Resource: Virtual Memory Size
Exceeded: 690 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/XXX/public_html/index.php
PID: 4879 (Parent PID:4857)
Killed: No

I've done all of the methods listed here...

I have a handful of clients that keep getting blocked by the firewall on my server ( ConfigServer Security & Firewall - csf v7.68 ):

May 7 13:58:08 secure lfd : *Port Scan* detected from xxx.xxx.xxx.xxx (US/United States/...). 11 hits in the last 130 seconds - *Blocked in csf* for 3600 secs

The one thing that they all have in common is ` OS X Yosemite ` - as soon as they upgraded their OS,...

I ran an EasyApache re-compile of Apache and a CentOS Yum update and since I can't seem to get lfd to start...
I reinstalled CFS from scratch following the guidelines, but after lfd starts it stops straight away... I can see the following in the error logs...

root@host # tail -f /var/log/lfd.log
Aug 30 20:56:37 host lfd : Email Relay Tracking...
Aug 30 20:56:37 host lfd : System Statistics......

The ARF abuse emails are no longer including the Abusix abuse contact information as of yesterday in v8.04. This is occurring on all servers. Did something change? Command-line queries do work: host -t TXT 238.16.169.83.abuse-contacts.abusix.org

Thanks.

iptables: Setting chains to policy ACCEPT: mangle nat filte
iptables: Flushing firewall rules:
iptables: Unloading modules:
root@host # csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `POSTROUTING'
Flushing chain `OUTPUT'
open3: exec of /sbin/ifconfig failed at /usr/sbin/csf line 2783.

Getting this: open3: exec of...