ConfigServer Community Forum

Hi there, I'm trying to get my server hardened by blocking requests to 404 requests, since I'm getting flooded by them on a DDOS attack.

I have the following log format example for my apache log in virtualmin

37.59.96.198 - - POST /xmlrpc.php HTTP/1.0 404 104 - Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0

I've tested in rubular and it works fine.

I have the following code in...

Is it possible to ignore smtpauth failures by username?

2014-08-13 19:12:44 dovecot_plain authenticator failed for ******************** ( ) :54496: 535 Incorrect authentication data (set_id=username1@examplecom)

I want to ignore the failed authentication if the username is username1@examplecom

I have used CSF in many cpanel envionments and it is great. I just installed in on a non-whm (webmin) environment.

I installed the module and have access to it via the admin interface.

My question is, how do I go about getting it to check the mail, apache, php and server services similar to the WHM install? Right now it only checks Firewall, Server and SSH.

This is on a Ubuntu 12.04 x64 LAMP...

I would like csf to add blocked IP's to an address list on a Mikrotik Cloud Router Switch or maybe Cloud Core Router, for blocking at the edge switch or router for my rack.

It's trivial to turn a CRS into a stealth firewall, just split off port 1 from the switchgroup and bridge it to the master port for the remaining ports. This would be the ideal place to filter traffic, as a hit on one server...

I'd like to edit the the following alert template in CSF to CC the contact email address listed in CPanel

/usr/local/csf/tpl/resalert.txt

I tried to add CC field as shown below but suspect this will just send to the default CPanel user on the domain cpaneluser @ serverhostname . com instead of their email address in CPanel > Contact Info.

==============================
From: root
To: root
CC:...

hello
I use my server mostly for joomla websites.
I use updated CSF.

I have a strange and annoying problem,
in administrator of joomla when clicking to move
from managing modules to components or all other options
the system is stuck in loading endlessly.

when i disable the ModSecurity the problem is gone
but i can not work without the ModSecurity of course.

please advice what could be the...

Hello,

i get post attack on one website:
174.124.254.155 - - POST / HTTP/1.1 302 204 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
130.0.155.49 - - POST / HTTP/1.0 302 204 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
122.179.163.63 - - POST / HTTP/1.1 302 204 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
95.7.18.120 - - POST / HTTP/1.1 302 204 -...

I have the following crom job to help get support email into my gmail account:

/usr/bin/php -q /home/doory/public_html/account/pipe/pop.php /dev/null 2>&1

In my ignore file, I have tried both of these (1 at a time with a restart of ldf each time):
cmd:/usr/bin/php -q /home/doory/public_html/account/pipe/pop.php /dev/null 2>&1
/usr/bin/php -q /home/doory/public_html/account/pipe/pop.php

I still...

Hi there,
We have a dedicated IP with SingleHop, and need help in order to: a) figure out if CSF can help in our case; and b) learn how to use it myself.
(SingleHop is asking for an additional $70 a month to help with managed hosting services such as using CSF.)

Here's the situation:
1) we have a wordpress install with Sucuri plugin which reports failed login attempts with the username 'admin'....

A couple of days ago I started seeing this in lfd.log:
Jul 8 11:00:56 svr lfd : Unable to retrieve blocklist TOR - Unable to download: 403 - Forbidden

I get the same response if I try and visit from my desktop. After a little digging, I found this - which asks for the ip of the server, and then provides a url to download the list. So I replaced:
TOR|86400|0|
with
TOR|86400|0|
in the blocklist...

First of all, I can not tell you how much I love CSF, so please do not take this the wrong way.

We have a large number of customers who get PCI scanned, and it always happens the same way:

1. Scanning company scans website without telling us, and they get blocked (yeah CSF)
2. They complain to the customer who complains to us.
3. Only solution is to add their IP address into csf.allow, thus...

Seems i did not know it but since the second day i had my VPS and setting it up the chinese have been hitting it hard, i finally started getting some emails and then it got shut down hard. So i am tossing the week down the drain and reinstalling it all again.

I had just heard about this yesterday and was in the process of installing when i went down. So what i need to know please is what are...

On my server, I have a domain with an IP dedicated, I want to do that when someone accesses cpanel, webmail, etc are wrong and csf blocking shared IP server, do not block access to the IP dedicated to perform from that IP petition unlock.

Regards.

Folks im adding ips to be blocked using the quick deny option. but im still getting notifications. Example.

3 failed login attempts to account test (smtp) -- Large number of attempts from this IP: 39.32.6.241
Origin Country: Pakistan (PK)

when I go to add the ip, it tells me its already added in the deny option.

Whats the issue?

Hi all,

I enabled SMTPAUTH_RESTRICT and followed the instructions as per the readme. All was working fine, and the amount of SMTP brute force attacks went to zero, and the countries I specified could relay. But then clients phoned and said they cannot email via webmail. I tested and it gives me the error:
Message not sent.
Bad sequence of commands
Server replied: 503 AUTH command used when not...

Hola, quisiera saber que quiere decir esto

Time: Sun Jul 13 08:39:30 2014 -0500
Account: securema
Resource: Virtual Memory Size
Exceeded: 201 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /newdisk/securema/public_html/oskalpanama/wp-content/themes/central/js/default_dynamic.php
PID: 27134 (Parent PID:25433)
Killed: No

Hi,

I can see that there is an option for Include /etc/csf/csf.alsoallow

Is there a similat alsodeny or alsoblock ?

I would like to set up a facility to automatically update a list of blocked IP address (from Wizcrafts).

Perhaps I am going about this the wrong way. Does anybody have any suggestions for a better approach? What is the easiest, most-automated way to add block lists to iptables?...

Hi,

115.240.6.83 # lfd: (mod_security) mod_security (id:950004) triggered by 115.240.6.83 (IN/India/Maharashtra/Mumbai/-): 5 in the last 300 secs - Mon Jul 7 16:25:26 2014

What is this block, why our client's IP is frequently blocked in CSF firewall for the above reason ??

And Finally what is the solution how to get rid of it, As client and we both are tired for this really.

Regards,

At the end of the email there is this code:

open3: exec of /usr/bin/openssl ciphers -v ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP failed at /usr/local/csf/bin/servercheck.pm line 1081

Hi,

It looks like my server may have been blocked from your server - the upgrade button displays the message

Unable to connect to com, retry in 247 seconds. An Upgrade button will appear here if new version is detected

I can access configserver. com with wget from this server either. Can you please let me know how to get myself unblocked?

Thanks