ConfigServer Community Forum

Hi There,

First of all i would to say thanks to CSF and it's entire team for making an outstanding firewall utility and that too for free!

I would like you to make Reset default settings for CSF & it's other tool, if anything goes wrong after making changes to csf firewall settings we can simply use Reset Default Settings

It would be good if you can implement this feature ASAP.

Vote Guys, if...

hello all -

Sergio was kind enough to introduce me to regex.custom.pm. i need to block access to the wordpress file wp-login.php .

here is what i am proposing to do:

1) file /etc/httpd/conf/httpd.conf

change:
CUSTOM2_LOG = /var/log/messages
to:
CUSTOM2_LOG = /var/log/virtualmin/marksdomain.com_access_log

2) file /usr/local/csf/bin/regex.custom.pm

add:

if (($lgfile eq...

Hello,

The URL in csf.blocklists is invalid:

#RBN|86400|0|
I went through the EmergingThreats website and found these links which may be of interest:

Detail: - lists a number of links to text files which contain ips.
- last update seems to be February 2012 so not sure how accurate this list would be over two years on. There's no date in the list itself so I don't know if the list is...

Hi

I am using Filezilla to upload files to my server, I start to upload them and it works fine, then I get blocked by the firewall meaning I can't access anything until the block times out.

Can you tell me how I adjust these settings so that it does not keep blocking me please?

Thanks
M

Good Day,

This is my first time using CSF as my firewall for my VPS, I have it working now because certain ports were closed when i enable CSF, but i would like to know as to what logfile should i look if i wanted to see CSF blocked ips or what log file should i tail to see it working? I have it installed on a debian system. Thanks!

hello all -

when i issue a command such as:
csf --deny 111.222.333.444 ;

do i also need to issue the command:
csf --restart ;

to make this IP number actually blocked?

i notice even though there is an IP ## in the csf.deny file, that IP can still reach our server.

hello all -

i have a crontab script that runs every two minutes scanning logfiles for brute-force wordpress login attempts. if i find more than 40 in a one minute period, my script issues the following command something like:

csf --deny 111.222.333.444 ;

this seems to do the same thing as the Quick Deny button.

is there a command line equivalent of the Quick Ignore button? i am thinking this...

My vps keeps down for the past 3 consecutive days and I had to reboot to bring the server back. After talking to my vps provider, they told me that there's nothing wrong on their end. So I did a little investigation on my end.

I have looked at my /var/log/messages, and found out that

Mar 30 05:00:09 servername lfd : SYSLOG check
...
Mar 31 05:00:08 servername lfd : SYSLOG check
after logging...

I have a very strange problem with CSF running on a VPS with cPanel.

This started to happen at a random moment.
When trying to access any site hosted on that VPS, the title of the page loads and so do some of the first bytes. Sometimes the header of the webpage is shown, sometimes not. The browser shows as the page is loading, but nothing more happens.

I checked the logs, but haven't seen...

I want to block any offender that generates that kind of message in syslog:

Mar 30 20:20:43 ns drupal: SOMESITEURL|1396203643|BOTCHA|110.82.153.175|SOMESITEURL/contact|SOMESITEURL/contact|0||contact-mail-page post blocked by BOTCHA: submission looks like from a spambot.
(SOMESITEURL = what is says, because this forum is absolutely paranoid, not allowing an URL to appear in posts)

I put this...

I'd like the option to ban a whole /24 or larger when a custom trigger or other event happens.

Bonus if there are individual settings for temp ban vs perm ban

(ie. a temp ban, just the single ip, temp moving to perm ban = whole /24, or maybe other way around)

I could have sworn csf/lfd already had something like this but maybe I am mistaken.

Am I correct in that there is no extra burden on...

The warning is less effective . Not sure what that means specifically?

Is the concern a server could be tricked into contacting an outbound ip?

I think that risk is fairly low if not completely unlikely in most cases?

The idea is if you are using nearly 1000 rules, converting to inbound only could reduce the memory/cpu resource use?

LF_BLOCKINONLY
By default csf will create both an inbound...

My server was hit with brute force pop3 logins from one IP continually for about 17 hours until I blocked it. The server maillog registered 41,161 entries for the IP for these hours.

I don't know why this was not blocked automatically by the server but this is the settings for blocking brute force pop3:

LF_TRIGGER = 0
LF_TRIGGER_PERM = 1
LF_SELECT = 0
LF_POP3D = 10
LF_POP3D_PERM = 1
POP3D_LOG...

I have noticed a brute force attack on my server

2014-03-27 01:34:02 courier_login authenticator failed for URLremoved (DATASERV-PC) :45213: 435 Unable to authenticate at present (set_id=admin): socket read timed out inside and{...} condition
2014-03-27 01:34:14 courier_login authenticator failed for URLremoved (DATASERV-PC) :22865: 435 Unable to authenticate at present (set_id=admin): socket...

Hi,

I recently installed CSF on my VPS and found out that the IP deny doesn't work.

I wanted to try and see if the IP deny works, so I blocked one my of the IP addresses. When I tried accessing the site from the the blocked IP address, I can still access the site.

Any ideas why?

I installed at 22:04 and by 22:57 I have 11 (now 13 by 23:02) restarts - and this is my second server, the first one is also constantly doing this. I thought it was an issue on the old (ancient) server, but this one is new today.

Then I thought it was a warning of brute force attacks, but I don't think it is, the program itself seems to be constantly crashing and restarting. 11 times in 53...

For some odd reason CSF is blocking Softether VPN from working.

Essentially I keep csf enabled but flush all the firewall rules. I then connect via VPN(L2TP) and connect successfully (ip is assigned) however the internet will not work. If i disable CSF the VPN works fine with internet passing through and everything. Again: When i have CSF enabled I am allowing all ports in and out (for testing...

Hi,

I have only been using csf for a week or so now and I keep getting emails every couple hours saying

Server:
Primary IP:
Service: lfd
Notification Type: failed
Notification: lfd failed @ Sat Mar 29 18:07:43 2014. A restart was attempted automagically.
Service Check Method:
Number of Restart Attempts: 1
Syslog Messages:
Mar 29 14:05:01 alpha lfd : SYSLOG check
Mar 29 14:00:00 alpha...

Hello ,

On VPS Centos 6 64 we have installed firewall, when a client was to import example something on Wordpress or upload on website something or even install script he gets timeout and erros. When the firewall gets disabled all working perfectly! Any advice?