ConfigServer Community Forum

I have tried looking though the forum only to read that the regex has been updated but the authentication failures are not being blocked after multiple tries. I have it set to block ftp after 3 attempts but it never blocks any users like the sshd login attempts do. Can anyone give me any advice to what I may have over looked or how to add a custom regex to catch the people trying to hack my...

Hi All,

I have a Cpanel/WHM server running CSF & LFD and we are getting pounded with spam coming in to our hosted email accounts, about every 5 mintues, 24/7. These are coming from outside of our server TO email addresses on our server.

I set the RT_RELAY_LIMIT to 2 messages and Permanent Block but the senders keep changing the source relay IP, below is a sample.

I can't figure out how to...

Hi,

I've got an haproxy server with csf listening at port 2222 forwarding some ssh to a remote server on port 22 (inside a private VPN, that's why the haproxy is forwarding ssh). I've got our office ip into csf.allow, and port 22 in TCP_OUT in csf.conf.

What i want is to not list port 2222 in TCP_IN but being able to connect from the whitelisted ip (our office). I though that's the expected...

Has anyone had problems with opening port 30000 to be used with Canada Post's shipping module?
I have the following in my csf.conf file but the port is not opened:

TCP_IN = 20,21,22,25,26,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,7630,30000
TCP_OUT = 20,21,22,25,26,37,43,53,80,110,113,143,443,587,873,2086,2087,2089,2703,3306,7630,19638,30000
TCP6_IN =...

Hey, guys!

I just installed csf on a new server. But I didn't find the option of csf UI at Third Party Services
Manage Third Party Services . So the csf UI is not available on reseller plugin list. So how can I do?
There was the option on cpanel but after I update cpanel to latest version it disappeared. Is the issue with cpanel or csf? I am also sure I have given the access to reseller at...

Hello,

I wanted to create a custom regex expression to scan exim_rejectlog and block address that match a RBL.
Currently on cPanel the rate limit feature is not enough for our needs.

I'm wondering if anyone has any experience with this.

Currently our logs look like this.

2013-11-06 00:10:22 H=(msa.hinet ) :4063 F= rejected RCPT : JunkMail rejected - (msa.hinet ) :4063 is in an RBL, see...

Hi,

I am looking for a way to add permanent blocks, with the do not delete comment, from the command line. How do I achieve this?

Thanks,
Steve

I use cfs on my cpanel server, I map a network drive for backups. It is a windows share. When mapping with cfs OFF everything works fine. When enabled it wont map. My question is A: is there a way to allow all ports and connections to internal ip?? Or B: how do I I allow this?

Thanks in advance,

Hi - this is my first post - but I have been an reader of this forum for a long time and learned a great deal.

I run a VPS with a number of low traffic, largely static Wordpress sites. It is Centos based and I use W3TC caching and a CDN to offload the server, which is very underutilized. I run Apache Forked with keep alive.

It is well configured - everything works smoothly - and CSF/LFD do a...

Hello,

I'm working on a setup that ideally would allow a single master to send blocks to all servers.

The setup i'm trying to achieve is this;

Slave(s) send all blocks to cluster master, and then the master sends it to the cluster slaves.
This way i can configure all slaves to SEND/RECEIVE from master IP and then the Master IP forwards all blocks to SLAVES.

As it stands right now, slaves send...

I just set up a Debian 7 server, and installed exim for outgoing mail.
I have SMTP_BLOCK enabled, but it's officially supposed to let exim through.
When I check the /var/log/messages file though, I see that outgoing port 25 is being blocked, even though it's open in the config file.
It seems like CSF isn't detecting and letting exim send outgoing mail.
I finally checked the user that exim was...

I'm looking to collect data about attackers , and I've been able to get started by parsing lfd.log into a database, but lfd.log only shows brutes ; it doesn't show all failed logins and port knocks. I'd like to be able to get all failures. I have found the list of logs at the bottom of the csf.conf file, but writing a parser for each log seems like something I might not have to do, since CSF is...

I am not great at doing regular expressions to suppress certain messages from appearing in my hourly logs. Since I upgraded the servers to CloudLinux, I am seeing a slew of these messages and would like to remove them from the log. According to Sarah, I need to add an ignore in the csg.logignore which will not stop CSF from blocking or handling these threats, but it will remove it from the hourly...

Any tips on how to get this working? I tried the code below and it still doesn't work. When I restart LFD, it doesn't list all of the files. I also tried setting htaccess to a single domain and then failing the htaccess multiple times and nothing is happening. Any ideas?

HTACCESS_LOG = /var/log/httpd/domainds/*.error.log

AH01618: user asd not found: /clients/reports/
AH01618: user asda...

Hi.

I have postfix+dovecot+openDKIM running fine in my CentOS (without ccpanel). All softwares are configured and running fine. OpenDKIM uses milter/filter in postfix and call an script (perl) using 'spawn' proccess to run this filter. Without LFD started, everything works fine. If I start LFD, this script stops working. I alread tried to add this script and 'spawn' executable to proccess ignore...

Hello,
I'm trying to use Check for IPs in RBLs , but getting:

New x.x.x.x (PUBLIC)

NOT CHECKED

information for every server's IP.
Any hint?
I tried to find out if anything should be configured for that, but no posts about similar problems nor information about configuration.

Hi,

I have 3 servers which I want to put into a csf cluster. I tested it with 2 servers but got errors.

This is how I install & configured csf cluster:
I just downloaded and installed csf using a tutorial

Then I added these changes to the default config:
Server 1 (192.168.1.1)

TESTING = 0
CLUSTER_SENDTO = 192.168.1.2
CLUSTER_RECVFROM = 192.168.1.2
CLUSTER_MASTER = 192.168.1.1...

wondering where csf store the blocked ip´s when you have temporary ban enabled? csf.deny i guess is for the permanent and i thought should be in csf.tempban but i do not see any ip on this one when i receive the blocked email alert.

Any idea?

Thanx!

G'day.

My webhost (Linode VPS) has recently become the target of DDoS attacks. I've put my site behind Cloudflare (free) but it doesn't seem to be helping at all.

So I've decided to give CSF a try. I'm running Centos 6.5 with standard LAMP setup for a few Wordpress sites. After installing CSF I setup the UI in the config file and restarted both CSF and LFD but I'm unable to gain access to the...