I am trying to find a way to control the sending of distributed attack emails notifications only. I can't seem to find a way to do this. The reason is there are so many of these notifications, upwards of a thousand a day, for smtp and ftp.
Is there a way to manage specific lfd email notifications?
Hi an issue has started happening on my centos 6.4 x64 kvm vps only in the last 24 hours where all ports are being blocked so there is no access to the vps. The only access that works is via vnc in the Solusvm control panel. If i restart csf the problem clears for up to 20 mins sometimes but then it blocks ports again. checking the logs at the times of when the problem occurs im seeing this entry...
there are many times a certain page, particularly a login-page, seems to get hit hundreds (or even thousands) of times per minute. obviously this is some sort of hack attempt.
i seem to recall there was some way in CSF to space out multiple hits to the same page from the same IP number. or put another way, maybe a way to only allow one page from one particular IP every 20 seconds or...
CSF 6.47 or maybe a bit earlier version ( I've been on vacation for a several months :) ) seems to have made ALL my carefully researched CIDR block ranges and the few ISO country code blocks I use disappear!!!
I had a few hundred CIDR block ranges in CSF_DENY, and four ISO coutry code blocks established in CSF_config, and now they are totally gone.
When an IP is added to the temporary list CSF.TEMP, the firewall rules created are as follow:
Chain num pkts bytes target prot opt in out source destination
DENYIN 50 0 0 DROP all -- !lo * 123.123.123.123 0.0.0.0/0
sub _assert_ssl {
# Need IO::Socket::SSL 1.42 for SSL_create_ctx_callback
die(qq/IO::Socket::SSL 1.42 must be installed for https support\n/)
unless eval {require IO::Socket::SSL;...
Is there a way to create a block rule, or any way to set it up to auto block based on the port? For example if a customer fails SMTP auth 15 times, can it just block them on port 25? Or if they fail an HTTP authentication X times it blocks them on port 80 only?
Also how about rules just being created for deny, why do we need deny and denyout for every block on an IP created.
I'm using Centos 5.10 with latest CSF installed. Yesterday I did some changes from UI. I only changed SU/SSH login alerts set to root and it was working great for like 6 hours. Today when I saw my mail box I got around 50 mails with this
===
lfd failed @ Wed Mar 26 06:55:41 2014. A restart was attempted automagically.
===
Then I quickly checked few things, but I was getting these errors...
I have fresh installation of CentOS 6.4 and csf
the issue is that lfd dont' start automatically, I need to do
/etc/init.d/lfd start
and after work fine
this at any reboot
why ?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum