ConfigServer Community Forum

I am getting tons of emails with this alert.
I have opened port 9993 and works but I am getting theese errors

How I can exclude this service or allow all traffic?

What ports does ZeroTier use?#

It listens on three 3 UDP ports:

9993 - The default
A random, high numbered port derived from your ZeroTier address
A random, high numbered port for use with UPnP/NAT-PMP mappings

That means...

Dear friends,
I have a VPS Ubuntu, I changed the default port ssh from 22 to 2222. I want to know, after I changed the default port ssh, Does CSF block the access if they were failed to login?

Here my setting: LF_SSHD = 5 LF_SSHD_PERM = 1

Normally, CSF monitor SSHD service or port?

Thank you so much!

Hantam

Hello! maybe someone can help me, tried googling but found nothing, I have CSF working perfectly fine but every now and then I have to access my server thru the VNC client from Virtualizor, the problem is that when I open the terminal this is flooded by CSF output (which I already disabled from the logs) making it useless, and afaik this shouldn't be happening, anyone knows how to fix this?
Any...

Hi everyone,

We have several servers with CloudLinux 7, cPanel and LiteSpeed with these entries in csf.conf:
CPANEL_LOG = /usr/local/cpanel/logs/login_log
CPANEL_ACCESSLOG = /usr/local/cpanel/logs/access_log
On several other servers with the same configuration, however, these entries are not present. We do not define these entries with automation tools, and cPanel has no idea from where these...

Hi,

My server is sending these alerts non stop every 30 mins:

Exceeded: 587970 > 1800 (seconds)
Executable: /usr/lib/systemd/systemd-resolved

Exceeded: 419968 > 1800 (seconds)
Executable: /usr/sbin/mariadbd

Exceeded: 587991 > 1800 (seconds)
Executable: /usr/bin/rpcbind

However, I do have these lines in the csf.pignore file. Shouldn't they be ignored for exceeding the time limit?...

For some reason CSF firewall is blocking me and anyone else on Verizon mobile but yet if I go through a VPN I can get to CWP. But while on Verizon mobile I cannot reach any of my websites or my CWP panel but if I turn the firewall off I get in just fine. I have cleared all the blocked IPs I have added every one of my IP addresses to the allow always allow I should say and I still cannot get there...

Fellows,

We have multiple servers with cPanel using CSF/BFD Firewall and have noted that, comparing that with CWP7Pro, there is an important difference between the LFD email blocking reports which is affecting the troubleshooting.

Let me explain that better:

In cPanel we get this kind of LFD blocking emails:

Subject: lfd on server02.1ahost.com: blocked 185.28.39.67...

Hello,

I've just update a VM to debian 12 and LFD keeps saying that syslog in not running. I've checked syslog and the code is there. It seems it doesn't read log files at all. I don't receive login notifications or anything related to lfd reading log files.
I've activated the debug mode in csf.conf but it just says that it is parsing the different log files but always with 0 lines read.

I've...

Hello,

I was wondering if there's a way to configure CSF not to block IPs of failed login attempts to IMAP that aren't providing a username. I find that the majority if not all of this type of blocks happen to people with wrong settings configured (e.g: secure port with no encryption selected).

I addedd a single IPv4 row in my /etc/csf/csf.allow:

10.0.0.1

When I do iptables -S I can't find th ip 10.0.0.1. Anyone know the reason?

Note that all traffic from 10.0.0.1 is allowed!!!

Thank you

# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-N ALLOWIN
-N ALLOWOUT
-N DENYIN
-N DENYOUT
-N INVALID
-N INVDROP
-N LOCALINPUT
-N LOCALOUTPUT
-N LOGDROPIN
-N LOGDROPOUT
-A INPUT -s...

Before last week after a kernel upgrade I could do a speed test and get 40mbs ... Now something has changed and it's come to a crawl when i try moving files. Disabling CSF/LFD and/or using csf -f fixes it immediately. Yes.. yes.. the rules are all stock and I reinstalled. No joy.

Something like this test below should be about 17 seconds... But if I don't flush the firewall? It now chugs and...

Good morning, I manage a couple of whm servers on centos 7 with imunify360 and csf, within the last couple of days the servers have become really unstable. To the best of my ability it seems like I have isolated the cause to be is LFD causing the servers to run out of memory and the way was able to prove it is the following.

A couple of days ago I was receiving e-mails from one of my servers...

Hi,

when add blocklist on csf.blocklists ,
where will the ip stored ? ram or ?

will it slow down site and server performance when i add 1M ips ?

thanks

It looks like my CSF configuration is on a trajectory to permanently block the entire internet.

All of these blocks have been triggered because of LF_DISTATTACK.
All of the blocks so far are from SMTPAUTH failures.
In the past 4.5 days CSF/LFD has blocked 836 LF_DISTATTACKs and entered them into csf.deny.
99+% of the blocks are with a SetID=floyd or SetID=floyd@mydomain.com.

I realize that...

Hi community!

Simple question, Can I use scripts on Debian 11, iRedmail 1.6.3 thinking, iRedmail now works with NGINX and PostgreSQL / MariaDB to manage my mail server on iRedmail?

OS: AlmaLinux 8.6 / CloudLinux 8.6

Kernel: Linux cp10 4.18.0-372.19.1.lve.el8.x86_64 #1 SMP Tue Aug 9 15:56:43 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux

Linux Virtual Machine running on Proxmox with KVM

System is to date

As soon as I enable CSF, I cannot connect to any website on port 80 or 443

Looking at the firewall logs, it seems port 80 gets redirected to 19080 and port 443 gets redirected...

CSF is blocking all external email (gmail, hotmail, yahoo, etc). I have seen a few discussions on this topic here but nothing specifically fixes the problem.

CSF v14.18
WHM/cPanel 110.5

External emails work fine when CSF is off. I saw one thread that mentions something about WHM v110.5 and sshd and smtp settings but the solution is not specific enough to implement.

SMTP Restrictions is...

Have you tried to add your server IP into CSF.IGNORE?

I have enabled IPV6 in csf.conf - but a specific IPV6 address continually hitting my server - how to block it ?

I put it in the /etc/csf/csf.deny: but it is not stopping it

Please help;

Hello,
Can anyone explain how to set LFD to send only one summary e-mail report per day?

Thanks,
P.S.: Sometimes we receive thousands of such Login failure alerts per day.

Time: Tue May 2 11:01:20 2023 -0300
IP: 34.126.78.62 (SG/Singapore/62.78.126.34.bc.googleusercontent.com)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Permanent Block

Log entries:
May 2 10:50:23 xbeta sshd : Invalid...