ConfigServer Community Forum

Good day, been quite some time since I have had to post and so long, I know my username, but every email I tried, did not work...and no way to retrieve it.

This is just one thing I have problem-issue-question about?

1) new VPS WHM latest and CentOS 6x64 and I have created a single new account.

2) I had been getting hack attempts shown in WHM in other WHM reports, even though I added the...

I've read previously here where numiptent limits have been blamed for FASTSTART failures when blocklists are downloaded/added

*Error* FASTSTART: (Blocklist IPv4)

except my openvz contain has no limit on numiptent - what else can I check ?

numiptent 18036 18036 9223372036854775807 (third number is barrier/limit)

CT | HELD Bar% Lim%| MAXH Bar% Lim%| BAR | LIM | FAIL...

Hi,

I use a wordpress website with the plugin Visitor Maps. The plugin points out the visitors IPs and which webpage they accessed. It is also listing exploit scanners that are looking for certain files inside the website directories, for instance:

/wp-content/themes/(theme-name)/(subfoldername)/css/loading.gif
/wp-content/plugins/newsletters-lite/css/jquery-countdown.css

There is no...

I've been messing around with so many configs the past 24hours without success, i'm being attacked by SYN flood and the attacker still does damage, legitimate traffic doesn't get through.
The problem is only with initializing new connections, if someone succesfully connects to my server he doesn't suffer from any delays or so.
Here is my csf.conf:
-- deleted link --

Here are the few last lines...

Hello, I am running ubuntu server 14.04 LTS and have checked that:

ipset is supported in the kernel: Yes.

that the correct path is enbled to ipset: yes

I have enabled it in csf.conf with country lists such as, for testing: uk, ru, hk

However, when restart with csf -e and view the ensuing output, I see:

Try `iptables -h' or 'iptables --help' for more information.
csf: IPSET creating set cc_...

First off, Chirpy, I want to thank you for your products. I've been using them for years, including your server hardening services. I love you!

A clients PHP script is trying to access maps.googleapis.com, which currently resolves to
216.58.218.170 (of course this resolves to other IPs based on DNS round robin)

The IP is blocked due to too many temp blocks.

IP: 216.58.218.170 (US/United...

I am getting a lots of alerts like below

Executable:

/usr/bin/php

Command Line (often faked in exploits):

/usr/bin/php /home/username/public_html/wp-admin/admin-ajax.php

I do not want to get this kind of alerts therefore I have added following in my csf.pignore list

cmd:/usr/bin/php /home/*/public_html/wp-admin/admin-ajax.php

and restarted csf and lfd but still I am getting alerts....

Hello,

i want to ask for advice on which CSF setting i need to modiffy to decrease IP blocking on valid IPs on FTP port.

These are entries from /var/log/messages where VALID IP was found:

May 23 02:28:00 host1 pure-ftpd: (?@VALID_IP_HERE) New connection from VALID_IP_HERE
May 23 02:28:00 host1 pure-ftpd: (?@VALID_IP_HERE) jqyrglxg is now logged in
May 23 02:28:01 host1 kernel: Firewall:...

I doubt AIM notification is functioning in WHM (I didn't test this feature fully anyway) but ICQ notification is still working as on 30 Jun 2015.

This article shows you how ICQ notification can be turned on and tested if you are using cPanel/WHM with ConfigServer Security & Firewall installed.

First, let's prepare for testing. You need this later.

TESTING SETUP
==================
1) WHM >>...

I have a client who's IP address has been blacklisted. This in turn has stopped them from being able to access my server as I am using a number of the lfd blocklists. While my client works out, getting themselves de-listed I am trying to whitelist their IP address through configserver. I have added their IP address to both the quick allow and quick ignore tables and have confirmed that their IP...

Hi Jonathan,
my server since the last update is reporting errors like the following:

abrt_version: 2.0.8
cmdline: /usr/bin/host -W 5 42.114.204.26
executable: /usr/bin/host
kernel: 2.6.32-531.23.3.lve1.2.66.el6.x86_64
last_occurrence: 1439221045
pid: 323229
pwd: /etc/csf
time: ***
uid: ***
username: ***

Any idea why /usr/bin/host searching for that IP is giving the ABRT in CSF?

Sergio

I cannot get to the settings of dshield and spamhaus, I have revised the whole settings but these are gone I remember they were under global lists/dyndns/blcoklists but I have no option. I tried adding the médium level and also I get this:

Enable IP range blocking using the DShield Block List 0 86400 86400
Enable IP range blocking using the Spamhaus DROP List 0 86400 86400

Under current I get...

Hi,

I ran into 2 issues with CSF that may have been from a recent update. I have these 2 errors whenever I restart CSF;

*WARNING* Binary location for in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Binary location for in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will...

Hi i seem to be having an issue with CSF where by when its enabled everything is blocked on my cpanel server unless the IP has been whitelisted.

I am on CPanel Centos OS6.6 WHM 11.50.0 (build 29). Now before the CSF 8.02 was release and CSF 8.03 it has been working on my VPS server quite well.

I have done a complete uninstall and reinstall of CSF and the issue is still present even the VPS...

hello
i am using csf firewall on my server
when csf is enable , in webmaster tools when i try to fetch as google the google bot can open css or image
this is error :

and if i disable csf
i see complate fetch and problem fixed.
please note :
i have not any deny ip in my list

how to can fix it?

Does CSF support the x-forwarded-for header? Currently csf blocks our load balancers that are served from a dynamic pool of servers. Is there a way to enable support for this header or a change to the firwall configuration that would allow us to use csf on a load balancers with dynamic IPs?

Holah

I have a problem, i got a new OpenVZ VPS box and installed cPanel with CentOS 7 ..

When testing csf i get the following error .

Testing iptables...

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...FAILED - Required for csf to function
Testing ipt_limit/xt_limit...OK
Testing...

Hello, I am new to ConfigServer. My DirectAdmin reports many Wordpress login attacks (threshold > 50), but ConfigServer Firewall seems not to block these IP numbers. How to arrange that?
Thanks, Hans

Hi all,
I would please ask for help on this situation: in Exim queue of undelivered messages I find, often, a long list of frozen messages sent by LFD (for hack attempt to htpasswd) to recipients like this ones:

Script@
Hack@
Attempts.@
-t@

with this return path

Return-path:

The messages are frozen cause the previous mailbox are non existants on my server (this one hosting...

Hello,

Recently I've reinstalled my webserver and I am running into some problems with LFD service.
When I attempt to start the service, I get this following error:

-- Unit lfd.service has begun starting up.
lfd : csf and lfd have been disabled
systemd : PID file /var/run/lfd.pid not readable (yet?) after start.
systemd : Failed to start ConfigServer Firewall & Security - lfd.
-- Subject:...