My server is Centos 5.6. I use Webmin to manage it. I have csf installed (can't remember if I installed it or what but it's version 6.37), but haven't been using it. I just use the Linux Firewall configuration tool in Webmin. However, my rules do not appear to be effective (working). In the csf configuration of Webmin, when I click on the View iptables Rules button, it appears that none of my...
So just recently my own IP was suddenly blocked by CSF which cause some confusion, I have no idea why this happened but well all done and fixed, not the problem I opened this thread for. So while I was still unaware of this being the cause for me not loading my websites (for me) I was using: just-ping . com website to check my server.
There has a HUGE packet lose rate.. pretty much all...
Hi,
This is my first post here so bear with me please.
For the past two days, I have been receiving 4 emails repetitively:
Mail 1:
Suspicious Process running under user exim
Account: exim
Uptime: 610633 seconds
Hello,
we enabled LF_SU_EMAIL_ALERT and we fill file csf.suignore with our usernames but we still receive notification about su actions for those usernames.
We thought csf.suignore should just let LF_SU_EMAIL_ALERT ignore those logins but on description of csf.suignore was written:
# The following is a list of usernames that are ignored during the LF_EXPLOIT
# SUPERUSER check
Lately I've been seeing a lot of botnet activity so I setup a few IFTTT recipes to fire off emails to abuse departments of major dedicated & cloud hosting providers whenever their IPs get blocked by CSF / LFD.
The rules are basically as follows: If new email from search from:root@ lfd blocked softlayer OR theplanet, then forward email to abuse@softlayer and append the message
Hi I've noticed that some SKY IP ranges are not being correctly identified by the CC checking. On one server we have GB ignored, but I keep seeing LFD blocking them.
Time: Thu Feb 27 22:30:36 2014 +0000
IP: 5.65.121.x (GB/United Kingdom/xxx.skybroadband.com)
Failures: x (smtpauth)
Interval: x
Blocked: Temporary Block
If the country is being correctly identified via the geoip lookup - why is...
In three installations of VPS with Centos 6, I have have configured csf to exchange information. All the cluster commands works perfect except the remove command.
My own ip got blocked. During the trial to identify, the C Block of my provider got blocked.
I was logged in Webmin in all servers. I have issued cluster remove ip address.
I think I am looking at a solution for this...kind of backward, but is there a way to tell CSF to only let IP addresses from USA log into WHM, CPanel, Email etc??
I really need to read up on CSF and understand it, but I am trying to calm a company down who is worried about the number of attempts they have had with people trying to log into their site.
I'm just using the new option for using wildcards in logs as followed:
HTACCESS_LOG = /var/log/httpd/error_log /var/log/httpd/domains/*.error.log
Now we have a regexp.custom.pm like this:
if (($config{LF_HTACCESS}) and ($lgfile eq $config{HTACCESS_LOG}) and ($line =~ /^\ \ \ My protection (.*) banned IP: (\S+)/)) {
return ( Mytrap triggered ,$1, bottrap ,1, 80,443 , 3600 );
}
Probably something simple that I missed here, but I'd love some insight.
I changed the default FTP port on my host, and notified my members of the change. For the sake of conversation, I'll say I changed it to 888. I'm running Pure-FTPD, and change the bind port in pure-ftpd.conf.
I can FTP right in because my client is in the allow file, but nobody else can. I added the new port to csf.conf...
i have noticed my log files are filling up with wp-login.php attacks. my wordpress site itself is secured with a 2 second login-delay along with two separate captchas (yes its overkill but it helps me sleep at night)
however, there are thousands and thousands of attacks, most taking place between 4 and 6am (eastern standard time).
I write this post because I have a problem I can not solve despite having made the changes proposed in many other posts on the forum.
My server is set up to work in pure-ftpd
Some users are blocked firewall of some not
The changes that I have made I have taken from this post:
viewtopic.php?f=6&t=4091&hilit=ftp+connection+tracking
Does anyone have the same problem or has found a way to...
Hello in my server i change the ssh port from 22 to 4176
i also open the tcp_in and tcp_out this port and delete the 22
I can login to the ssh. I also try from another ip to be blocked or alerted.
Nothing happened
In the allow ips this ip it is not stated there
also in deny
so what can i do to be informed or even alerted whenever someone tries to login in this port??
Hi.
I have many blocked IPs in csf with do not delete comment. But every day I got notifications from server about new brute force attacks via some of these IPs.
What's the problem ?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum