ConfigServer Community Forum

Hi,
am using VPS VZZO machine, I recently face very critical issue that csf firewall blocks all ports of the server globally automatically.

I install csf firewall by default setting but now after a day its block my all ports and now am unable to access server.
Kindly tell me how I can access my VPS without lossing data.
Even SSH each and every thing blocked.

Since 7.14 update, the config server script appears to be broken, has a bug or something is fubar'd. I've had to manually install all updates via command line since the GUI will not display an upgrade button. It constantly displays the following error:

Unable to connect to , retry in 167 seconds. An Upgrade button will appear here if new version is detected

So now i've done over a dozen...

Hi all

We keep getting this email every night from LFD/CSF which says:

Unable to obtain exim queue length within 30 seconds - Timed out

Yet, the email queue is normal, it can be accessed ok via Configserver's mail queue manager and the WHM Mail queue manager.

The load is reasonable (1.00-2.00)

Any idea why it keeps having issues with the queue?

Tried restarting both Exim and CSF, but still...

Hello,

I have setup modsecurity rules to give permission denied (403) on multiple brute force attempts; which works great, but now I want CSF to block their IP if they continue. So my thoughts were to configure LF_APACHE_403 to automatically block their IP. Unfortunately, it is not working.

An example of this:
192.95.29.115 - - POST /wp-login.php HTTP/1.1 403 1139 - -
192.95.29.115 - - POST...

Not sure what to look for here. Upon restarting CSF in shell, I am getting this error near the bottom of the output:

*ERROR* line:
Command:
Error:
You should check through the main output carefully

I've checked though the csf.conf file carefully, yet I can't quite spot what might be causing this.

Thanks for any assistance.

Hello,

I've set PT_USERMEM = 0 but I'm keep getting this kind of messages.

Time: Thu Dec 12 13:32:02 2013 +0200
Account: someuser
Resource: Virtual Memory Size
Exceeded: 206 > 200 (MB)
Executable: /usr/selector/php
Command Line: /usr/bin/php /home/someuser/public_html/index.php
PID: 1008625 (Parent PID:986235)
Killed: No
After that I've csf-r but I'm still getting this kind of messages. Isn't...

Hi, I have a lot of Wordpress sites.
One of those attracts a lot of comment spam, which I can deal with okay.
What happens though is that the commenters tie up resources - often I get a notice like the following

Resource: Virtual Memory Size
Exceeded: 300 > 300 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/thedomain/public_html/wp-comments-post.php
PID: 1193 (Parent PID:32606)...

greetings...

starting at midnight Oct 30, and on the hour... my server running CSF is unable to download the country code database. I have removed all firewall entries over the last 2 days without a change in the problem.

Oct 30 10:40:04 eis1 lfd : CCL Error: Unable to retrieve GeoLite Country database - Unable to download: 599 - Could not connect to 'geolite . maxmind . com:80':...

I've installed CSF on many servers, but today, I installed it on a new Cloud VPS at OVH.

Running csftest, I get OK on all points except xt_connlimit.

I see the link in WHM, and when I click it, I see the CSF logo and the heading text ConfigServer Security & Firewall - csf v7.56

But that's it -- blank beneath that.

Thinking that a bit abnormal, I uninstalled, restarted VPS, reinstalled CSF...

Hi.

I have a deployment using CENTOS, WEBMIN, POSTFIX and CSF firewall.

I use to manage CSF through the WEBMIN interface. Everything perfect, all the rules working fine.

Some time Ago, I started using the CSF feature: CC_ALLOW_FILTER, which looks like it is working fine too. However, I got a weird issue with POSTFIX mailing.

I used to limit the access to my server only to USA and Canada, so...

Hi,

Got this today and I was thinking it was worth investigating;

The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:

/bin/crontab: FAILED
/bin/passwd: FAILED

How would I go about to check how these files...

Hi all!

I am come from Hong Kong. After I install the csf, it show that many ip from China try to login to my sever by ssh. How can I block the ip from China to login to my SSH but they can visit my website?( but don't block Hong Kong, otherwise I cannot login :eek: )

122.225.109.208 # lfd: (sshd) Failed SSH login from 122.225.109.208 (CN/China/-): 5 in the last 3600 secs - Mon Oct 20 18:46:28...

Hi all,
I search some information from internet about how to prevent DDOS attack by CSF firewall and find out the CSF setting and Preventing DDOS aplification open resolver attack:

First, I would like to ask how can I prevent DDOS aplification open resolver attack? Becasue I think that my sever was used by other to attack. ( The hosting company told me and stopped my sever about 2 weeks >. 1,...

On one server I get this like always as I remember it;

root@server1 # csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `DSHIELD'
...

On another server, it's totally silent;

root@server2 # csf -r
root@server2 #

Same goes for if I restart csf from...

I vaguely remember not being able to enable TLS despite the UI_SSL_VERSION setting being added.

Do you know if there are perl libraries we use to allow TLS instead of SSLv3 which is now unsafe because of POODLE ?

Update: nevermind, I just realized I have SSLv3 in my browser disabled and I am connecting to the UI with TLS, so it does work

you'll just have to change the default setting now...

I've just installed CSF on CentOS 6.5. It says in the install.txt to enable klogd within /etc/init.d/syslog.

Unfortunately, that is not installed in my system. It seems that my system is using rsyslog, but when I searched that file I could not find and lines referencing klogd. From there I searched for klogd in /etc/init.d but it is not there either.

Do I need this enabled?

The cron jobs on all accounts other than root have stopped working on my VPS. The cpanel people say it is due to the change made to CSF back in February...

I understand that this change would prevent the log being written (if I am understanding it correctly) but would this change also prevent other users from executing their crons completely? In some cases it seems to be filtering certain...

Hi all,

I see that my csf blocks a lot of IP that are just trying to ping my server.
I understand that a lot of people ping before they attack.. but a lot ping just to check the latency.

Is it possible to block ICMP/8 in csf, but NOT block an IP address who is trying to ping ? (Basically, the server will not answer anything, but will not block the IP neither).

Thank you.

Using Litespeed 4.2.16. Excerpts of our /usr/local/apache/logs/error_log:

ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity: Access denied with code 403,
ModSecurity:...

Hi all, I've been running CSF for years and I don't think I've ever seen this one... tonight I got an email saying 0.0.0.1 was blocked permanently. Checked the lfd logs and see entries like:

(CT) IP 0.0.0.1 (-/-/-) found to have 80 connections - *Blocked in csf* for 1800 secs

This appears to have started on Oct 5 (it's the first entry in the gzipped LFD log). I didn't think 0.0.0.1 was a...