ConfigServer Community Forum

Hi,

I wrote a small regex to help me identify ip addresses trying to access my system (hackers) and block them.

For some reason it's not working but the regex was tested and it returned matching results. I'm not sure what I'm missing please help.

Here's the regex I wrote:
# Added for Freeswitch
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^.*?\ sofia_reg.c:(.*?) SIP auth failure...

Dear guys, hi!

Is there a way to make LF_SELECT work with custom ports. For example, if I change IMAP port to some 34433, then it doesnt work, as on deny list you only have 143,193 and no custom port is appearing there?

I checked lfd.pl and found a set of default ports there:

if ($config{LF_SELECT} and !$config{LF_TRIGGER}) {
$ports{pop3d} = 110,995 ;
$ports{imapd} = 143,993 ;...

Hi group

This is our first post and welcome to everyone.

Since we recently installed ConfigServer Security & Firewall (csf v6.38), it transpires that some of the third-party enquiry forms we have had running for a number of years without problem have stopped working.

Just wondering if there might be some setting in CSF that we have missed or incorrectly configured that might be causing the...

I recently installed webmin in a BOA (Aegir) server.
Apparently csf is blocking port 10000 used by webmin.
How can I open this port for access?
I got temporary blocked when attempting to access.
Thank you.

Hello.
Is there any ways to limit packets per second from same ip address with csf?
All what i've found is PORTFLOOD - which could limit connections per time, and CONNLIMIT which can limit connections per port.
Our server is under some kind of packet flood(looks like it's a LOIC), so, we really want to know if this restrictions available with csf.
Thanks in advance.

opencart always used, but some time now, I've been having problems with locks ip in the server firewall.

I talked with the server administrator and he told me that the locks are happening due to several simultaneous connections to the database.

I am running simple routines in admin panel as product registration, or module configuration.

follows LOG blocking the ip:

Jan 29 08:14:52 web1...

Hi guys, i hope you can help me,

since update to 6.38 on dec 10 of 2013, im receiving a lot of email a few times each day, just like this:

-------------------------------------------------------------------------------------------

Time: Sat Jan 11 21:40:14 2014 -0430
Account: munin
Resource: Virtual Memory Size
Exceeded: 201 > 200 (MB)
Executable: /usr/local/cpanel/3rdparty/perl/514/bin/perl...

Cant find anything online to help with this issue...

One of my servers for some reason is not resolving Global DYNDNS Domains in LFD... I get this error for each domain:

Feb 2 13:01:19 flow1 lfd : Global DynDNS: Lookup for failed - Unable to resolve

Does anyone know why LFD would not be able to resolve hostnames? All my other servers resolve OK. All servers have all the same software versions.

we use

openvz centos 6

I have install CSF on a VPS with WHM and when i try to restart i get this:

You have an unresolved error when starting csf:
Error: ip6tables command failed, you appear to be missing a required ip6tables module, at line 622 in /usr/sbin/csf

You need to restart csf successfully to remove this warning, or delete /etc/csf/csf.error

dont know where is the error on the...

I frequently see authentication lfds that include an IP that looks like it might be on the local subnet for my server, followed by a second IP that is a remote IP, see for example below:

fixed_login authenticator failed for ( ) :1849

Is that 192.168 IP address something I might want to report to my vendor , perhaps an open relay or something like that? Thanks for a newbie question,

Charlie

I am using this setting can you tell me why I have to change things around now for syslog emails alerts to work is my firewall going to be ok as it is or do I need to make some changes please tell me.

Regards Vincent Juliano

I have used CSF for a very long time but just started using the RBLs. My issue is that the rules are not active and not blocking such traffic. I uncommented the ones I wish to use, is there another setting I am missing that enables the use of csf.blocklists ?

Any help is greatly appreciated!

# Spamhaus Don't Route Or Peer List (DROP)

SPAMDROP|86400|0| URL_REMOVED_SO_I_COULDPOST...

Hello,

I would like to post a problem that I have with csf. I have installed a new system with centos 6.5 and immediately after installation I install csf. But the problem is that when I enable csf and apply a rule for example disable the port 22 or 80 or change the ssh port to 22222 and disable the port in csf and restart the system, the port is still working. Any tips?

Thanks in advance.

I am receiving a lot of penetration attempts from a hugh list of proxies to the Dovecot service
like the following:

2014-01-31 11:43:49 dovecot_login authenticator failed for 68-188-72-60.static.stls_mo-charter_com (192.168.2.33) :3868: 535 Incorrect authentication data (set_id=jacqueline)

This happens all time, for the moment with only a single attacker, and as you can see there is an Internal...

Hi Experts,
I want to set for example this page : csfdemo/messenger.html
for when mod_sec wants to block a malicious user.
how can i set this?
is there anyway to set this page for csf?

Hi ,

I get this error frequently on my server

Jan 30 08:58:05 lfd : *Port Scan* detected from (Location). 11 hits in the last 182 seconds - *Blocked in csf* for 3600 secs

Can any one give a remedy for this issue??

updates in horde have produced a mess of emails on one server that i can't seem to stop . Only occurring on one server but 6 a hours so to many. I do find that the directory is all ready told to not report in the configuration csf.fignore file with
/tmp/\.horde/.* but it doesn't seem to be working
message im receiving is below can someone suggest how to suppress this message .
File:...

After new CSF ver. 6.41 CSF is not blocking FTP failed attempts, I have the following config:
RESTRICT_SYSLOG = 1
LF_FTPD = 4
LF_FTPD_PERM = 1

But now LFD report is showing the following attempts:

Jan 29 21:02:40 server pure-ftpd: (?@212.99.45.168) Authentication failed for user
Jan 29 21:02:48 server pure-ftpd: (?@212.99.45.168) Authentication failed for user
Jan 29 21:02:57 server...

Hello,

The screen (UI) after a CSF security check has changed since the last update. Is it normal?

I can't post a photobucket screenshot because I am not currently authorised to post url links. I don't understand why.

Regards

hi,

My csf stats have the xx country code as the most often blocked (aside from cn/china). I couldn't find any information on this country code online. 1) what is it (besides being user assigned ? 2) is it safe to block, or might I be blocking legit visitors too that use VPNs, proxies, some other reason they are being tagged as xx ?

According to this:
if you go to wikipedia's site then...