Hi
Trying to use the CT_LIMIT to block 2 different type of floods:
1) a simple DOS attack towards a client where someone keeps flooding them with calls to different images and pages in order to consume their bandwidth
This block has worked fine for quite some time and it blocks the way it should.
2) simple brutes on wp-login.php from one IP each time (they change IP, but do loads of attempts on...
I've set the following parameters:
LF_APACHE_403 = 60
LF_APACHE_403_PERM = 3600
LF_INTERVAL = 300.
The reason I needed to turn that on is because I'm being bombarded by attempts to access a blocked resource. The file /etc/httpd/logs/error_log is generating about 10 lines per second (about 1 or 2 from the same IP each second) with the following (truncated):
I'm seeing quite a few entries in my logs that look like the below, only changing the username. Looks like someone is trying to guess user/pass combinations. It appears like CSF isn't blocking these failed login attempts, any idea why? Im using the latest CSF version.
Dec 29 13:39:15 server3 authdaemond: Failed to getpwnam for user dell
Dec 29 14:00:16 server3 authdaemond: Failed to...
We are currently undergoing a brute-force attempt by various IP addresses(looks like a botnet to me). CSF has blocked all IPs whenever the no. of authentication failures due to wrong password exceeds 3. However, since recently, we are getting a different type of error, and despite of lots of attempts from the same IP, it is not getting blocked by CSF.
We've got a set up where we handle a number of rules through csfpost. Earlier today we noticed that the rules that are in that file were suddenly removed on one server. Just a minute ago, we noticed the same on another server. When I restart CSF the issues are resolved straight away and the content from csfpost is in the active ruleset.
I'm using CSF on router with 2 external and 1 internal nic
currently csf filtering all traffic to router but packets that FORWARDING to internal network (real addresses) do not filtering
how to do filtering for packets that going to internal network ?
Hello! I think this limit it's very high and will do the work for most of the users. Also, can help identify possible abuses, but what do you think? It's 60/hour enough? What do you have setup in your servers?
I woke up and had 3500+ emails in my inbox from lfd with entries like:
(this is from the lfd.log) but emails contain same content just different format:
Jan 11 12:16:26 www lfd : *Suspicious Process* PID:2859 PPID:4762 User:www-data Uptime:2466 secs EXE:/usr/lib/apache2/mpm-prefork/apache2 CMD:/usr/sbin/apache2 -k start
Jan 11 12:16:31 www lfd : *Suspicious Process* PID:5401 PPID:14391...
I need to run a rule and a redirect ip to port more active when the csf this rule does not work, I tried to release the port more still did not work
my rule: iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination MY_EXTERNAL_IP:80
iptables -t nat -A POSTROUTING -j MASQUERADE
if anyone has a suggestion and can help me thank you!
Since last night, I am getting loads of lfd alerts
Time: Sun Dec 22 08:01:31 2013 +0000
Account: dovecot
Resource: Process Time
Exceeded: 34326 > 2400 (seconds)
Executable: /usr/libexec/dovecot/dict
Command Line: dovecot/dict
PID: 24272 (Parent PID:7206)
Killed: No
is this another one we have to add to csf pignore where cpanel have buggered up dovecote again with their incessant fiddling or...
Under WHM>>Service Status, LFD is down and I keep on getting email notifications saying:
lfd failed @ Sat Dec 21 00:27:40 2013. A restart was attempted automagically.
I checked /var/log/lfd.log and i got this error message:
Dec 21 00:27:41 lfd : *Error* Invalid configuration line, at line 64
Dec 21 00:27:41 lfd : daemon stopped
I checked /etc/csf/csf/csf.conf, and line 64 is this:
#...
csf is not Blocking FTP when username matches,
when i make a failed login with just a random username then am blocked, but if the username matches but i put in a wrong password, im not getting blocked,
I was just wondering what the maximum number of interfaces is supported by CSF?
We have had a few strange occurrences where despite the overall rules (csf.conf) allowing certain ports, we had to add specific rules in csf.allow to permit access for ip addresses to the ports that were already permitted by TCP_IN and TCP_OUT.
This case I have observed on our server running CentOS 6.5...
I've uninstalled and re-installed csf on my Centos 6.5 64-bit Build, using Webmin for a control panel. Once I had done that, I've had to manually start the firewall for csf.
I've tried chkconfig for csf and iptables, flushing iptables and adjusting the boot order, but nothing has worked so far.
I'd like this resolved as soon as it can be, so I can have it connected to the web again...
I use CSF v6.02, and am trying to use csf.mignore to ignore mails from a particular user andrew . I have added the username andrew to csf.mignore as mentioned in the config server blog post (unable to post URL).
But, outgoing mails are still being reported from that account. Logs are as below:
==========
2013-03-21 09:00:01 1UIbLt-001Oi0-7M ;
close (IN);
chomp @mignore;
foreach my $line...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum