ConfigServer Community Forum

We've been informed that this is an OVH server. We have had several reports in the last few days of customers and csf users with OVH servers unable to connect. One csf user reported that he discovered it was OVH's permanent mitigation feature. Since we are not familiar with this or how it is configured, I'm afraid we can't really help, and can only suggest that you follow up with OVH.

can anyone help me to configure the LFD step by step..

I cannot see how I can enter a range of IP's to Block i.e. 123.125.71.0/100

When I enter it in the QUICK DENY box it refuses to acknowledge the request, written as above?

Can anyone help please..

regards

Hi

I've a problem, to connect by phone to my email boxes.
I've CSF activated on several servers / VPS.

Fo some servers or VPS, I can connect to mail boxes with POP, but impossible for some others.

I just compare 2 VPS on the same server :
- 1st one : I can connect with POP
- 2nd one : I can't

I compare csf.conf, and report all rules from 1st to 2nd
I've always the same problem.

If I stop...

Help Me All time CSF Stop automatic i dont know why

Hi,

CSF/LFD updated automatically on my Debian 8.0 Jessie servers last night and now I am unable to start LFD and CSF is no longer working as well (iptables shows no rules anymore, tried csf -r ). The CSF/LFD Update was from 7.66 (which worked great!) to 7.67. Here is the error that I received when the update was running:

Restarting csf and lfd...
Flushing chain `INPUT'
Flushing chain...

I've discovered that some email notifications fail on Plesk servers:

e.g.
When running the command csf --logrun the email is never sent out. LFD reports that the email was sent successfully (with debug on) but I see this in the mail logs:

Apr 12 09:16:40 web1 plesk sendmail : handlers_stderr: SKIP
Apr 12 09:16:40 web1 plesk sendmail : _mh_fork(): Error occured during waiting the child process...

Hi,

Running Centos 7.1 on my VPS with firewalld disabled and iptables installed. CSF has been working without incident for 5 months until today when an update was available today which I installed.

When trying to restart csf/lfd it freezes at the line below. Although CSF states it is running it is not effective after several tests I did.

Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing...

Unsure when it exactly started but we have disabled the login failure email alerts as such:

LF_EMAIL_ALERT = 0

However, we since started receiving login failure alerts for various services (FTPD, SMTP, etc). Again, not sure when it started up again, though believe it was within the last month or so.

Any assistance is appreciated.

I am getting the following error, in CSF, under WHM:

Unable to connect to download configserver com, retry in 135 seconds. An Upgrade button will appear here if new version is detected

I have never had an issue, with CSF, until today. I checked my server and can ping download configserver com. There doesn't seem to be any issues with my server (no DNS or connectivity issues found). Could my IP...

We have a couple of servers being regularly attached by a single Russian IP address - I've added it to the block list but 24 hours later it's removed (presumably by the 100 IP limit?) - is there a way to permanently permanently block an IP address?

Cheers

Hi there,

In csf.conf, I have SMTP_BLOCK set to 1.

I have SMTP_PORTS set to 25,465.

Allowed users include the user that runs the PHP script.

Using WHMCS, I set up amazon SES for sending emails over port 587.

When I send an email, the first email goes through but after that, every other email times out. If I restart CSF, I can get 1 email through again, but then the rest time out.

Any...

Hi All,

I'm running into a strange issue where CSF is throttling or blocking Infinite WP (A wordpress plugin/theme manager).

IWP uses ajax requests to check on plugin status as well as updates them.

When I watch the access_log for apache, I see a lot of AJAX requests.

If I have CSF on, most of them time out, usually 2/22 get through.

However, if I turn off CSF, they all go through, and...

Hello

from 2 days ago all my websites on the server goes down , I've disabled CSF and its up again

when i enable CSF port 80 got closed when i disable it port 80 is open

I've checked TCP in out port 80 is included

what is the problem ?

I just wonder if there is a way to ensure that csf is enabled at server startup. I am asking this because I noticed today that when my server, due to a scheduled restart, was restarted, lfd did not start and it remained so until several hours later when I came to knwo about the problem after I checked my mails and had to restart csf manually.

I found this in /var/log/lfd.log

Mar 10 03:50:35...

Hello,

When I visit my website from my cellphone through my routers wifi I can access my site without a problem.

However, when I switch off the wifi on my phone and access my site from the phone I can not access, csf blocks me. After doing a lfd and csf restart I can access without a problem.

When I switch wifi back on I can continue to browse my site. I switch wifi off again and same problem...

HI,

what is distributed SMTP Logins on account ??

there is many entries in CSF firewall dely list like

31.128.187.117 # lfd: 31.128.187.117 (UA/Ukraine/214-187-117.shostka.uacity.net), 5 distributed SMTP Logins on account in the last 300 secs - Thu Nov 14 16:14:43 2013
77.121.93.203 # lfd: 77.121.93.203 (UA/Ukraine/77-121-93-203.dynamic.kits.zp.ua), 5 distributed SMTP Logins on account in...

I'm currently having a huge amount of port tracking hit on one server : Sample Hit message :

Sample of port hits:
Aug 12 08:12:49 web17 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth3 SRC=174.142.183.40 DST=69.46.36.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19088 DF PROTO=TCP SPT=50260 DPT=9050 WINDOW=14600 RES=0x00 SYN URGP=0 UID=568 GID=565 Aug 12 08:12:51 web17 kernel: Firewall: *TCP_OUT...

Hello,

I am getting the following email many times since a blocked hacking attempt by almost the same IP. What is the meaning of this message ? How to ride of the message ?

202.0.0.0/8 is blocked by CSF.

Sample of port hits:
Apr 16 20:08:03 server kernel: Firewall: *UDP_OUT Blocked* IN=
OUT=venet0 SRC=xxx.xx.xxx.xxx DST=202.137.3.120 LEN=73 TOS=0x00 PREC=0x00 TTL=64
ID=51303 PROTO=UDP...

Hello,

What is this all about? We receive this when our clients install a new San Andreas server

We receice this email:

Sample of port hits:
Sep 29 11:03:10 server1 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=94.176.*.* DST=83.103.133.168 LEN=117 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=7777 DPT=52209 LEN=97 UID=32043 GID=32044
Sep 29 11:03:12 server1 kernel: Firewall: *UDP_OUT...