Hi, i run centos7.1 with csf firewall + directadmin and try unblock one ipv6 address and not success
first i enable Requires ip6tables and then i did it:
$ csf -a 2001:0503:ff39:1000:0000:0000:0000:0074 test
Adding 2001:0503:ff39:1000:0000:0000:0000:0074 to csf.allow and iptables ACCEPT...
ACCEPT all opt in !lo out * 2001:503:ff39:1000::74 -> ::/0
ACCEPT all opt in * out !lo ::/0 ->...
With the updated version 6 of CSF I can no longer use Country Codes to block. I used to block CN,RU and I do not want anything to do with these countries at all. All I ever get is a constant barrage of attacks a day by the hundreds. Now I need to add the Middle East and North Korea. any time I use a country code in the CC_DENY = Box I get an error if FASTSTART = is set to (true) 1. I can load...
Recently been hit by a distributed attack from many geo location on SMTP, system, FTP etc.
I tried and liked CC_ALLOW_FILTER = and added my country there and it was great, but little later realize that this block everyone (great) on all ports (including port:80).
Wondering if there is any way to block all ports except 80 from everywhere except my country?
I've googled this a bit, but am not having any luck. Part of our perl libraries seems to be corrupted, and I have tried to --force to reinstall, but I am not sure which exact modules or command I should run to get this back up.
It is on a cpanel ( WHM 11.48.4 (build 4) ) /CentOS system, and when I try to reinstall csf, I get this:
Checking Perl modules...mode of `os.pl' retained as 0700...
I've noticed that one server is getting a hammering, looks like IPs are trying POP3, IMAP, SMTP, HTTP, HTTPS and SSH etc, resulting in 5+ lines of blocks in /etc/csf/csf.deny for just one IP.
At this rate and by the amount of attacks, any blockings are for 24 to 36 hours because the oldest line is deleted to make room for the current block at the end of the file. So some IPs could return in 48...
Hi,
I just installed CSF on a cPanel server (CentOS 5.11) - TESTING mode OFF.
One of my customer are complaining about problems with pop3 connection.
I gained access through Teamviewer on his machine and I verified that, from this specific ip, it is impossibile to connect to my server (I tried with telnet on port 25, 80, 110 and so on.. I always got connection timeout issue).
I stopped csf (csf...
I just noticed that some failed smtp login attempts logged into exim_mainlog were not blocked by lfd after the limit I configured (LF_SMTPAUTH is set to 10). It works most of the time, but I don't know if there is something different with these attempts, they don't get blocked and in two days, from the same IP, more than 850 failed logins were logged.
Hi,
what is the best way to permanently bypass some ip/networks?
Ip listed in /etc/csf/csf.allow will never be rotated (as in csf.ignore after reaching DENY_IP_LIMIT)?
Thank you
Hello, im receiving this alerts and i want to know if there is a way to avoid them,
I have a vps , i do not allow ssh root login on this server, so i use a wheel user instead,
Everytime i login with my wheel user, few minutes after login I start receiving a lot of these notifications depending on the time im logged in.
--------------------------
lfd on hostname: Excessive resource usage:...
Due to a lot of distributed SMTP auth attacks I used the advanced EXIM editor as outlined in the readme.txt file for CSF/LFD. Worked like a charm, thank you!
But now Google has decided if you wish to 'send mail as' another address than the Google account's own - you have to provide Google direct SMTP access to your server.
But Google's IPs for sending SMTP is variable and ever changing so I...
I have tested my csf firewall protected server using one Windows VPS and XOIC ddos attacker application. TCP protection seems fine but for UDP flood csf does nothing.. I have attacked my website server on 22 port which is not used or allowed by UDP_IN, but even so I see huge UDP and increasing. Is it possible to enable automatic block IPs for UDP flood ?
After setting up a cluster, will the servers automatically sync any lists they already have or do they only sync new entries?
Also, with regard to the config... same question. I have set a Master and an initial slave... and communication appears to be OK. What I'm asking is do I have to do anything to have the slave sync with the master's config or will this happen by itself.
How to block referral spam completely by help of csf?
I don't need google analytics filter advise, as I have tried it and it just block the stuff showing in GA and not actually preventing the request hitting the server and chewing my resources.
I need some solid way to prevent these sites at CSF level (if exists). Thanks.
sitevaluation . org
100dollars-seo . com
trafficmonetize . org...
Not sure if this can be fixed from CSF/LFD's side or not, however, my bosses (at a major hosting provider) consider this a CSF bug since users can be blocked even when using correct passwords. Assume cPanel centOS server here.
problem: If authdaemond is busy or down, logins (even with the correct password) to the mailserver will fail, and are logged like this:
I need to sync files from the main server to a remote server with the rsync command in a scheduled job which runs frequently, however I can't sync files successfully without whitelisting another server's IP with csf on both side. I'm concerned that adding the remote server's IP address to the whitelist of the main server, will cause the security issue, if the remote server is hacked, is...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum